April 5, 2009

Trusting Your IT Outsourcer

Companies across the globe must analyze current outsourcing relationships and develop risk ‎mitigation strategies.

The allegations of accounting fraud at Satyam have raised serious concerns for CIOs of ‎companies with outsourced IT operations. Companies working with Satyam are anxious as to ‎whether or not it will survive, and its current customers need to determine how this will affect their ‎operations. The long-term issue is whether Satyam’s difficulties will lead to a loss of trust in the ‎Indian outsourcing community as a whole or remain focused around Satyam, says a new report ‎by Booz & Company.

“Customers will no doubt expect much higher standards of financial transparency and due ‎diligence after this; and every company needs to set up a systematic way to analyze current ‎outsourcing relationships and develop workable risk mitigation against short-term service ‎disruptions,” explained Ramez Shehadi, a partner at Booz & Company.‎

An Unprecedented Incident ‎

The Satyam Computer Services scandal sent shock waves through the global IT community, ‎making CIOs worldwide wonder if it was an isolated incident, or a watershed in the globalization ‎story of Indian business.‎

CIOs that have outsourced large portions of their IT portfolios will be seriously concerned about ‎risks of potential knowledge loss and service disruptions should major issues arise with their ‎outsourcing vendor. This scenario requires they answer tough questions from the CEO and board ‎members: on the management of their current Indian outsourcing arrangements, long-term ‎structural questions about using outsourcing firms and whether changes to their vendor ‎governance models are necessary.‎

Outsourcing Alternatives

“Companies with long-term relationships with Satyam have one primary concern: Satyam’s ‎survival,” commented Shehadi. It will not be in a position to invest significantly in client ‎engagements, staff development, or R&D; all critical elements for an IT services company; and it ‎must spend a great deal of time and resources working through its accounting issues and dealing ‎with extensive external regulatory investigations in both India and the U.S.‎

Despite most Indian IT and BPO companies stating they will not poach Satyam employees or ‎clients; several companies are trying to wean away Satyam clients. On the positive side, most of ‎the outsourcing work in India is done out of centers in Hyderabad, Bangalore, and Chennai—‎home to many Satyam competitors. Plans for the absorption of staff and clients are expected to ‎be drawn up by competitors within days, and shifting to take place within weeks. For CIOs, the ‎possibility of this upheaval has caused a concern regarding the operational resilience of these ‎new relationships.‎

“We recommend Satyam’s clients move quickly to assess the damage and put in place ‎contingency plans for service continuity,” said Shehadi. They must determine their exposure to, ‎and reliance on Satyam, with a comprehensive inventory of the projects Satyam was working on. ‎Next, they must identify the most mission-critical systems being developed or maintained by ‎Satyam and put together a plan for bringing those systems back in-house or migrating them to ‎another vendor. They should also review every contract covering work with Satyam, paying ‎attention to exit clauses governing the transfer of work and ownership of any intellectual property.‎

CIOs must assess which vendors might be able to take over from Satyam. They should also ‎review the governance and accounting oversight of all offshore suppliers, and catalog and ‎capture the intellectual property and domain expertise residing with Satyam. “Jobs or incentives ‎should be offered to Satyam staff as part of transferring that knowledge back,” said Shehadi. This ‎exercise, while challenging, will help mitigate against short-term service disruptions and give the ‎IT organization a greater understanding of its current outsourcers’ activities, which can be ‎leveraged in the future to negotiate more favorable contract terms.‎

The Erosion of Trust

Before the scandal broke, the sector had been feeling the impact of major recessions in ‎developed economies, with concerns around the likely stance of the Obama administration ‎toward offshoring. Companies have already been evaluating near-shore alternatives and offshore ‎destinations including Brazil and Poland due to Indian political and security concerns, ‎hyperinflation in Indian technical salaries, and soaring real estate prices; the Satyam issue may ‎expedite the move to alternatives.‎

Trust in outsourcing has been damaged. When overseas clients choose offshore providers, they ‎must be able to trust them with the sensitive data, proprietary systems, and complex processes ‎that are instrumental to their businesses. “Now, CIOs must demand much higher standards of ‎transparency and conduct even more due diligence, especially during the current economic ‎crisis,” commented Shehadi. Well-governed providers of outsourcing services with established ‎disclosure norms and robust accounting practices will be favored, while weaker, smaller players ‎will likely suffer.‎

Governance in Corporate India

The long-term question raised by Satyam’s downfall is whether foreign investors will grow ‎skeptical about corporate governance standards in India. Does it warrant an extensive overhaul ‎of corporate governance and regulatory frameworks for Indian outsourcing providers? No ‎regulatory regime is perfect in design or perfectly enforceable and instances of financial ‎malfeasance crop up regularly, in spite of tightening regulatory regimes. “Existing market and ‎legal mechanisms should be able to deal with isolated incidents and discipline the wrongdoers, ‎but it is dangerous to conclude that a fundamental breakdown in corporate governance has taken ‎place in India,” stated Shehadi.‎

If companies continue to pull back their spending and if the liquidity crunch continues, more ‎outsourcing companies could run into difficulties. Every company therefore needs to set up a ‎systematic way to analyze current relationships with all outsourcing vendors—and develop ‎workable risk mitigation strategies.‎