Businesses and their suppliers remain unclear as to where the responsibility for risk management and due diligence in outsourcing arrangements lies in the aftermath of the Global Financial Crisis, according to a new survey by international legal practice Norton Rose Group. The study, titled Outsourcing in a Brave New World, addresses outsourcing practices and trends and concludes that the net result of this confusion is that businesses are more exposed to risk than ever.
Other study highlights:
• Just 8% of suppliers thought that they themselves should manage political / jurisdiction risk, compared to 49% of customers who felt that suppliers should manage this risk;
• 78% of customers believe that managing the risk of data loss should be a joint effort, up from 13% in 2008;
• 61% of suppliers, and 66% of customers, believe that due diligence procedures have tightened in the last three years;
• 58% of suppliers have no dedicated risk manager and only 51% of suppliers keep a written risk record for projects;
• 65% of companies do not conduct detailed due diligence on the incoming key personnel provided by their supplier;
• 75% of customers in the technology and life sciences sector use cloud computing.
“While due diligence procedures appear to have tightened in the past three years, particularly as the regulatory landscape has changed, it is incumbent on the customer to devise a due diligence process that will properly test and evaluate potential suppliers,” said Mike Rebeiro, global group head of technology and innovation at Norton Rose Group. “The days when offshoring was considered an easy way of saving money are drawing to a close, and customers are recognizing the impact on their own business of squeezing their suppliers’ margins too tightly. Asking suppliers to take on a greater proportion of the risk will have a direct impact on costs, but customers also need to bear in mind that there are some risks that simply cannot be outsourced to a supplier.”
As for cloud computing as a means to reduce costs, suppliers felt the biggest risk was a security breach resulting in data losses, especially with the number of high profile incidents of hacking recently. Participants who used the cloud had adopted a variety of controls to manage these risks including visiting the data centre as part of their due diligence; permitting the cloud to be used for less sensitive data only and/or used encryption technology; and only using private clouds.
“According to the survey, financial institutions and the transport, energy and infrastructure sector are the least users of cloud computing compared to 75 percent of customers in the technology and life sciences sector,” said Gigi Cheah, partner at Norton Rose (Asia) LLP, and head of the technology practice in Asia. “A reason given by some financial institutions for their lack of cloud computing adoption was that they doubted whether they could put in place sufficient risk management controls.”
“Companies that outsource any element of their operations must be confident that due diligence has been undertaken by those who will be working closely with their organization and their clients,” Cheah concluded.
The report, entitled Outsourcing in a Brave New World, is the second outsourcing report released by Norton Rose Group and details the views of CIOs, General Counsel and Heads of Procurement from 74 businesses including technology and life sciences businesses, retail companies, financial institutions, transport, energy and infrastructure companies and the professional services sector, and suppliers themselves.