I know, I know, you want content. Let’s talk about risks.
You need to identify potentional risks for your engagement. These could stem from a multiple set of factors. We have been talking of technology in our previous post. So, let’s start with that at the outset.
- Connectivity issues
- System performance issues
- Building a secure connection channel
- Data security
- Environment security
- Disaster recovery and Business Continuity
- Access set up
- Proper definition of the to-be applications
Next important thing to address is people, both at your end and at the outsourcing organization’s end.
- Loss of key personnel & succession planning
- Retention of knowledge
- Recruiting a new team
- Delay in getting right resources
- Change Management
- Insufficient start up training
- Non-availability of subject matter experts
- Non-retention of a few key functional resources to support and review work
- Ambiguity on new process for retained staff
The next important piece is communication and how is the engagement managed.
- Engagement Management
- Communication insufficiency
- Hidden components like, additional license costs
- Change in key assumptions for the engagement
- Project sponsors and stakeholders not fully engaged
- Insufficient planning
- Missing progress reviews
Then of course the function or the process.
- Process and Controls
- Improper definition of the to-be process
- Non-readiness of applications required for outsourcing
- Access controls not set up or delayed
- Missing process flows
- Training – in the process and for exceptions
- Communication paths and escalation matrices
- Controls or compliance impact
- Undefined / incorrectly defined service levels
Now, for each of these there has to be an impact analysis and a mitigation plan if one or more risks do materialize.