Post on 25-Jul-2015
https://br.linkedin.com/in/alfredosaad
Alfredo SaadIT Sourcing Consultant
CLOUD X TRADITIONAL OUTSOURCING: (DIS)SIMILARITIES IN RISK
MANAGEMENT
https://br.linkedin.com/in/alfredosaad
AgendaRisk Management in an Outsourcing Project
Outsourcing Decision Business Drivers
Sourcing Strategy – Topics to take into account
Risk CategoriesRisks which currently exist in a traditional Outsourcing
scenario and keep existing in a Cloud scenario, although with different characteristics
Risks which currently exist in a traditional Outsourcing scenario, but do not exist in the Cloud scenario
Risks which do not exist in a traditional Outsourcing scenario but have arisen in the Cloud scenario
https://br.linkedin.com/in/alfredosaad
Risk Management in an Outsourcing Project
The contracting of cloud services shows some similarities but also dissimilarities with the contracting of “traditional” IT services.
Among the similarities, we can highlight the relevance of managing the risks on each step of the process, namely: Identification and prioritization of applicable business
drivers Definition of organization’s sourcing strategy Provider(s) selection Contractual terms and conditions negotiation Services transition Contract governance
As we know, manage the risks in each of these steps avoid that their materialization impair the potential benefits associated to the business drivers which motivated the initial decision.
https://br.linkedin.com/in/alfredosaad
Outsourcing Decision Business Drivers
Cost pressure
Agile achievement or recovery of competitive advantage
Focus in core business activities
New markets penetration
Time to market speed up
https://br.linkedin.com/in/alfredosaad
Sourcing Strategy – Topics to take into account
Organization profile (revenue, profit, geographical distribution, etc)
Complexity of IT environment
Intended timeframe to achieve results
Definition and prioritization of business drivers
Organization’s culture and its propensity to face risks
Intensity level of competitiveness in the vertical segment where the organization operates
https://br.linkedin.com/in/alfredosaad
Risk Categories
Risks which currently exist in a traditional Outsourcing scenario and keep existing in a Cloud scenario, although with different characteristics
Risks which currently exist in a traditional Outsourcing scenario, but do not exist in the Cloud scenario
Risks which do not exist in a traditional Outsourcing scenario but have arisen in the Cloud scenario
https://br.linkedin.com/in/alfredosaad
Risk CategoriesRisks which currently exist in a traditional Outsourcing scenario and keep existing in a Cloud scenario, although with different characteristics (1 of 4)
Risks associated to: Identification and prioritization of the business drivers which
motivated the decision
Definition of the organization sourcing strategy
Provider(s) selection
Contract terms and conditions negotiation
Services transition
Contract governance
https://br.linkedin.com/in/alfredosaad
Risk CategoriesRisks which currently exist in a traditional Outsourcing scenario and keep existing in a Cloud scenario, although with different characteristics (2 of 4)
Risks associated to provider(s) selection Some critical areas of concern:
Due Diligence Flexibility, agility and scalability to support demand
fluctuations Business case Pricing mechanism and billing information for internal
chargeback Access control concerning additional services request Proofs of concept and pilot-tests Solution adequacy and robustness Skills availability
https://br.linkedin.com/in/alfredosaad
Risk CategoriesRisks which currently exist in a traditional Outsourcing scenario and keep existing in a Cloud scenario, although with different characteristicsc (3 of 4)
Risks associated to contract terms and conditions negotiation
Some critical areas of concern: Data security, privacy, confidentiality and integrity Industry regulations, audit tracking, compliance Responsibility, indemnification and guarantees limitation Politics, legislation, taxes and currency exchange Data backup and disaster recovery Service Level Agreements and penalties Third-parties usage limitation Technological refresh Intellectual property Contract cancellation and termination
https://br.linkedin.com/in/alfredosaad
Risk CategoriesRisks which currently exist in a traditional Outsourcing scenario and keep existing in a Cloud scenario, although with different characteristics (4 of 4)
Risks associated to services transition Some critical areas of concern:
Impact over customer business operations Assignment of key human and technical resources Transition plan (activities, schedule, resources,
responsibility)
Risks associated to contract governance Some critical areas of concern:
Conflicts resolution and escalation process Governance structure Relationship management
https://br.linkedin.com/in/alfredosaad
Risk CategoriesRisks which currently exist in a traditional Outsourcing scenario, but do not exist in the Cloud scenario (1 of 3)
Risks associated to:
Human resources transfer
Assets transfer
In-flight projects and on-going contracts transfer
https://br.linkedin.com/in/alfredosaad
Risks associated to human resources transfer Some critical areas of concern:
Communication plan
Critical resources
Transferred team demotivation and resistance
Transfer schedule
Risk CategoriesRisks which currently exist in a traditional Outsourcing scenario, but do not exist in the Cloud scenario (2 of 3)
https://br.linkedin.com/in/alfredosaad
Risks associated to assets transfer Some critical areas of concern:
Transfer schedule Transient resources availability
Risks associated to in-flight projects and on-going contracts transfer
Some critical areas of concern: Transfer schedule Renegotiation with third parties about on-going
contracts Negotiation with provider about in-flight projects
Risk CategoriesRisks which currently exist in a traditional Outsourcing scenario, but do not exist in the Cloud scenario (3 of 3)
https://br.linkedin.com/in/alfredosaad
Risk Categories Risks which do not exist in a traditional Outsourcing scenario but have arisen in the Cloud scenario (1 of 3)
Risks associated with the inherent (and yet not stabilized) characteristics of the cloud scenario
Secondary indirect risks coming from... ... the progressive adoption of the new innovative digital
technologies simultaneously to the cloud adoption
... the evolution of the organization’s business model and their IT areas simultaneously to the cloud adoption
https://br.linkedin.com/in/alfredosaad
Risks associated with the inherent (and yet not stabilized) characteristics of the cloud scenario
Frequent modifications on providers (new, merged or acquired ones), services portfolios, tools and pricing mechanisms lists
Cloud concepts and terminology standardization not sufficiently disseminated
Big number of providers coexisting within an organization, not always peacefully
Uncritical adhesion to one-click contracts Applications integration, interoperability, portability and
monitoring Difficulties to migrate between providers (vendor lock-in) Structuring of a cloud management platform
Risk Categories Risks which do not exist in a traditional Outsourcing scenario but have arisen in the Cloud scenario (2 of 3)
https://br.linkedin.com/in/alfredosaad
Categorias dos RiscosRiscos inexistentes no cenário Outsourcing tradicional e que passam a existir no cenário Cloud (3 of 3)
Secondary indirect risks coming from... ... the progressive adoption of the new innovative digital
technologies simultaneously to the cloud adoption Mobile devices, Social Networks, Big Data Analytics, Internet of
Things, BYOD, Wearables, etc.
... the evolution of the organization’s business model and their IT areas simultaneously to the cloud adoption Migration from the Make & Sell to the Sense & Respond
organization business model Migration from the traditional siloed to the bimodal IT model Changes in investment decision model New IT skills availability Impact over the business areas