Mitigating risk in outsourcing

Mitigating risk in outsourcing:

By Mark Brunelli, News Writer

CHICAGO -- The process of outsourcing data center functions to a third-party provider is fraught with commercial and legal peril, especially when it comes to negotiating and executing service contracts. But there are several steps that companies wishing to outsource can take to minimize risk and liability.

Brad L. Peterson, a partner with the Chicago law firm Mayer, Brown, Rowe & Maw LLP, said the disputes that pop up in the course of an outsourcing relationship usually stem from the fact that data center functions are notoriously hard to write up in contract-ease. The reason is because those functions are always changing and tough to predict for the long term.

There is a tremendous amount of industry-specific regulation around outsourcing.

'It's critical that the services be properly described, but unfortunately it's also extremely difficult,' Peterson told attendees of TechTarget's Data Center Decisions 2004 conference. 'It's impossible to say what technologies will be out there in five years, and whether your business will be larger or smaller.'

To minimize the problems associated with outsourcing, it's important to first identify the risks. While each outsourcing deal presents unique issues, the risks generally fall into four main areas:

Operational Risks: These include the financial and legal risks that arise when transitioning into an outsourcing relationship and allowing a service provider to transform services to reduce their cost. They also include the legal ramifications of exiting a contract when services are no longer needed.

Commercial Risks: Companies usually enter into outsourcing contracts to save money. This can create problems because when companies lock themselves into a service contract, they generally lock in a price. As time goes on, market levels change and the customer company could end up paying too much for the services they receive.

Business/Strategic Risks: Businesses are constantly identifying new strategic initiatives. If a third-party IT provider can't accommodate new goals, the customer company might want out of the contract.

Legal Risks: These include privacy issues, regulatory factors, outsourcing laws and legal liability. 'There is a tremendous amount of industry-specific regulation around outsourcing,' Peterson said.

Peterson told the crowd that the key to mitigating contract risks from the outset of an outsourcing relationship is due diligence in the pre-contracting model. He said companies need to properly assess how such an outsourcing contract can change the risk levels of their organization. This can be done by thoroughly researching possible suppliers and the services they provide, and then creating a risk model.

The risk model should take into account certain factors such as industry regulations. Interestingly, he said, companies that create such models sometimes find that it's not worth it to enter into outsourcing because the risk levels go up too high."