What are the risks of outsourcing IT within the public sector?
K M Dunwoody
Outsourcing IT is a business strategy of increasing popularity within the private and public sectors. This essay focuses on the public sector. There are a number of recognised benefits that can be achieved through outsourcing IT, however, as with all business strategies it has inherit risks. It is a selection of these risks that is discussed with particular focus on the public sector’s capability to manage them. Findings suggest that the public sector lacks the capability to effectively manage these risks.
Key words: Public sector, outsourcing IT, risk.
Public sector capability to manage IT outsourcing risks
Outsourcing is not a new concept but is one with particular popularity over the last 20 years (Domberger, 1998; Wright, 2004), however, more recently it is an area that is approached with increasing reservations by senior executives (Kleim, 1999). IT and associated services is a large area within modern business and consequently there are significant costs or savings to be had with outsourcing it (e.g. MoD awards $890m DII contract to Atlas consortium (ComputerWeekly, 2010). It is therefore important to get it right. There are clear benefits to outsourcing IT, however, as with any business activity it has inherit risks. In order to investigate this a number of boundaries need to be defined. I intend to consider outsourcing in relation to IT and its general benefits before focusing on the risks and whether the public sector has the capability to manage these risks effectively.
At its simplest, outsourcing is the contracting of an aspect of one’s business to a third party. In relation to IT this can be anything from outsourcing the whole IT function to certain specific services i.e. large-scale data storage. For the purposes of this essay it is taken to mean “a decision taken by an organization to contract-out or sell some or all of the organisation’s IT assets, people and/or activities to a third party vendor, who in return provides and manages the services for a certain time period and monetary fee (Loh and Venkatraman, 1992; Lacity and Hirschheim, 1993)” (Willcocks et al, 1999). There are definite benefits to outsourcing IT, otherwise it would not be done – so what are they? According to Lin et al (2007) these are to lower costs, access the required expertise/skills, increased efficiency/service level, greater focus on core functions and risk sharing.
“The public sector is the part of the economy providing basic goods and services that are not or cannot be provided by the private sector. It consists of national and local governments, their agencies, and their chartered bodies.” (BusinessDictionary, 2013). It is tempting to narrow the scope of the public sector to a specific area but I feel that it is more useful to consider the sector as a whole as there are common characteristics that pervade it, e.g. the manner of the decision-making process, accountability of decisions and organisational cultures (Lin et al, 2007).
Firstly it is important to define what risk is. “Risk is the occurrence of an event that has some consequences” (Kleim, 1999). It is suggested that the common risks of outsourcing IT are: vendor performance monitoring (Sullivan et al, 2005); becoming locked into a negative relationship/opportunistic behaviour by the vendor (Khalfan, 2004); loss of core competencies (Khalfan, 2004); contract horizon and technological discontinuity (Khalfan, 2004); vendor’s lack of experience (Khalfan, 2004; Earl, 1996); security of information (Khalfan, 2004); business continuity (Kleim, 1999).
I will consider these risks in turn and evaluate the public sector’s capability to...
References: Alaranta, M and Jarvenpaa, S.L. (2010), “Changing IT providers in public sector outsourcing: managing the loss of experimental knowledge”, 43rd Hawaii International Conference on System Sciences (HICSS), issue date: 5 – 8 Jan 2010.
BBC (2013) BBC News [Online]. Available at: http://www.bbc.co.uk/news/uk-politics-24130684/ (Accessed 22 September 2013).
British Standards Institute (2007) Business continuity management BS25999 (Part 1: code of practice, and part 2: specification). BSI [Online]. Available at: http://www.bsigroup.com/en-GB/bs25999-business-continuity/ (Accessed: 17 September 2013).
Business Dictionary (2013) Business Dictionary [Online].
Available at: http://www.businessdictionary.com/definition/public-sector.html (Accessed: 16 September 2013).
Barthélemy, J. (2003), "The Hard and Soft Sides of IT Outsourcing Management", European Management Journal, vol. 21, no. 5, pp. 539-548.
Computer Weekly (2013) Computer Weekly [Online]. Available at: http://www.computerweekly.com/news/1280091904/MoD-awards-890m-DII-contract-to-Atlas-consortium/ (Accessed 16 September 2013).
Cordella, A. and Willcocks, L. (2010), "Outsourcing, bureaucracy and public value: Reappraising the notion of the “contract state”, Government Information Quarterly, vol. 27, no. 1, pp. 82-88.
Deloitte (2012) Deloitte Insights [Online] http://deloitte.wsj.com/cio/2012/07/10/it-outsourcing-4-serious-risks-and-ways-to-mitigate-them/ (Accessed: 16 September 2013)
Great Britain. Cabinet Office (2013) Security policy framework v2.1 [Online]. Available at: http://www.cabinetoffice.gov.uk/resource-library/security-policy-framework (Accessed 18 September 2013).
Khalfan, A. M. (2004), "Information security considerations in IS/IT outsourcing projects: A descriptive case study of two sectors", International Journal of Information Management, vol. 24, no. 1, pp. 29-42.
Kliem, R. L. (1999), "Managing the Risks of Outsourcing Agreements", Information Systems Management, vol. 16, no. 3, pp. 91.
Lee, M. (1995), “IT outsourcing contracts: practical issues for management, working paper #95/05”, Information Systems Department, City University of Hong Kong.
Ministry of Defence (2011) Joint Services Publication 503 (JSP 503): MOD business continuity management. 5th edn. London: Ministry of Defence.
Ngwenyama, O. K. and Sullivan, W. E. (2006), "Secrets of a successful outsourcing contract: A risk analysis".
Peters, B.G (2001) The politics of bureaucracy. London: Routledge.
Sullivan, W. E. and Ngwenyama, O. K. (2005), "How are public sector organizations managing IS outsourcing risks? An analysis of outsourcing guidelines from three jurisdictions ", The Journal of Computer Information Systems, vol. 45, no. 3, pp. 73-87.
Willcocks, L. P., Lacity, M. C. and Kern, T. (1999), "Risk mitigation in IT outsourcing strategy revisited: Longitudinal case research at LISA", Journal of Strategic Information Systems, vol. 8, no. 3, pp. 285-314.
Wright, C. (2004), “Top three potential risks with outsourcing information systems”, Information Systems Control Journal, vol 5.
Please join StudyMode to read the full document