What are the risks of outsourcing IT within the public sector?
What are the risks of outsourcing IT within the public sector?
K M Dunwoody
ABSTRACT
Outsourcing IT is a business strategy of increasing popularity within the private and public sectors. This essay focuses on the public sector. There are a number of recognised benefits that can be achieved through outsourcing IT, however, as with all business strategies it has inherit risks. It is a selection of these risks that is discussed with particular focus on the public sector’s capability to manage them. Findings suggest that the public sector lacks the capability to effectively manage these risks.
Key words: Public sector, outsourcing IT, risk.
CONTENTS
Introduction 1
Risks 1
Public sector capability to manage IT outsourcing risks 2
Recommendations 5
Conclusion 5 References 6 INTRODUCTION
Outsourcing is not a new concept but is one with particular popularity over the last 20 years (Domberger, 1998; Wright, 2004), however, more recently it is an area that is approached with increasing reservations by senior executives (Kleim, 1999). IT and associated services is a large area within modern business and consequently there are significant costs or savings to be had with outsourcing it (e.g. MoD awards $890m DII contract to Atlas consortium (ComputerWeekly, 2010). It is therefore important to get it right. There are clear benefits to outsourcing IT, however, as with any business activity it has inherit risks. In order to investigate this a number of boundaries need to be defined. I intend to consider outsourcing in relation to IT and its general benefits before focusing on the risks and whether the public sector has the capability to manage these risks effectively.
At its simplest, outsourcing is the contracting of an aspect of one’s business to a third party. In relation to IT this can be anything from outsourcing the whole IT
K M Dunwoody
ABSTRACT
Outsourcing IT is a business strategy of increasing popularity within the private and public sectors. This essay focuses on the public sector. There are a number of recognised benefits that can be achieved through outsourcing IT, however, as with all business strategies it has inherit risks. It is a selection of these risks that is discussed with particular focus on the public sector’s capability to manage them. Findings suggest that the public sector lacks the capability to effectively manage these risks.
Key words: Public sector, outsourcing IT, risk.
CONTENTS
Introduction 1
Risks 1
Public sector capability to manage IT outsourcing risks 2
Recommendations 5
Conclusion 5 References 6 INTRODUCTION
Outsourcing is not a new concept but is one with particular popularity over the last 20 years (Domberger, 1998; Wright, 2004), however, more recently it is an area that is approached with increasing reservations by senior executives (Kleim, 1999). IT and associated services is a large area within modern business and consequently there are significant costs or savings to be had with outsourcing it (e.g. MoD awards $890m DII contract to Atlas consortium (ComputerWeekly, 2010). It is therefore important to get it right. There are clear benefits to outsourcing IT, however, as with any business activity it has inherit risks. In order to investigate this a number of boundaries need to be defined. I intend to consider outsourcing in relation to IT and its general benefits before focusing on the risks and whether the public sector has the capability to manage these risks effectively.
At its simplest, outsourcing is the contracting of an aspect of one’s business to a third party. In relation to IT this can be anything from outsourcing the whole IT
References: Alaranta, M and Jarvenpaa, S.L. (2010), “Changing IT providers in public sector outsourcing: managing the loss of experimental knowledge”, 43rd Hawaii International Conference on System Sciences (HICSS), issue date: 5 – 8 Jan 2010. BBC (2013) BBC News [Online]. Available at: http://www.bbc.co.uk/news/uk-politics-24130684/ (Accessed 22 September 2013). British Standards Institute (2007) Business continuity management BS25999 (Part 1: code of practice, and part 2: specification). BSI [Online]. Available at: http://www.bsigroup.com/en-GB/bs25999-business-continuity/ (Accessed: 17 September 2013). Business Dictionary (2013) Business Dictionary [Online]. Available at: http://www.businessdictionary.com/definition/public-sector.html (Accessed: 16 September 2013). Barthélemy, J. (2003), "The Hard and Soft Sides of IT Outsourcing Management", European Management Journal, vol. 21, no. 5, pp. 539-548. Computer Weekly (2013) Computer Weekly [Online]. Available at: http://www.computerweekly.com/news/1280091904/MoD-awards-890m-DII-contract-to-Atlas-consortium/ (Accessed 16 September 2013). Cordella, A. and Willcocks, L. (2010), "Outsourcing, bureaucracy and public value: Reappraising the notion of the “contract state”, Government Information Quarterly, vol. 27, no. 1, pp. 82-88. Deloitte (2012) Deloitte Insights [Online] http://deloitte.wsj.com/cio/2012/07/10/it-outsourcing-4-serious-risks-and-ways-to-mitigate-them/ (Accessed: 16 September 2013) Earl, M Great Britain. Cabinet Office (2013) Security policy framework v2.1 [Online]. Available at: http://www.cabinetoffice.gov.uk/resource-library/security-policy-framework (Accessed 18 September 2013). Khalfan, A. M. (2004), "Information security considerations in IS/IT outsourcing projects: A descriptive case study of two sectors", International Journal of Information Management, vol. 24, no. 1, pp. 29-42. Kliem, R. L. (1999), "Managing the Risks of Outsourcing Agreements", Information Systems Management, vol. 16, no. 3, pp. 91. Lee, M. (1995), “IT outsourcing contracts: practical issues for management, working paper #95/05”, Information Systems Department, City University of Hong Kong. Ministry of Defence (2011) Joint Services Publication 503 (JSP 503): MOD business continuity management. 5th edn. London: Ministry of Defence. Ngwenyama, O. K. and Sullivan, W. E. (2006), "Secrets of a successful outsourcing contract: A risk analysis". Peters, B.G (2001) The politics of bureaucracy. London: Routledge. Sullivan, W. E. and Ngwenyama, O. K. (2005), "How are public sector organizations managing IS outsourcing risks? An analysis of outsourcing guidelines from three jurisdictions ", The Journal of Computer Information Systems, vol. 45, no. 3, pp. 73-87. Willcocks, L. P., Lacity, M. C. and Kern, T. (1999), "Risk mitigation in IT outsourcing strategy revisited: Longitudinal case research at LISA", Journal of Strategic Information Systems, vol. 8, no. 3, pp. 285-314. Wright, C. (2004), “Top three potential risks with outsourcing information systems”, Information Systems Control Journal, vol 5.