I know, I know, you want content. Let’s talk about risks.

You need to identify potentional risks for your engagement. These could stem from a multiple set of factors. We have been talking of technology in our previous post. So, let’s start with that at the outset.

  • Technology
    • Connectivity issues
    • System performance issues
    • Building a secure connection channel
    • Data security
    • Environment security
    • Disaster recovery and Business Continuity
    • Access set up
    • Proper definition of the to-be applications

Next important thing to address is people, both at your end and at the outsourcing organization’s end.

  • People
    • Loss of key personnel & succession planning
    • Retention of knowledge
    • Recruiting a new team
    • Delay in getting right resources
    • Change Management
    • Insufficient start up training
    • Non-availability of subject matter experts
    • Non-retention of a few key functional resources to support and review work
    • Ambiguity on new process for retained staff

The next important piece is communication and how is the engagement managed.

  • Engagement Management
    • Communication insufficiency
    • Hidden components like, additional license costs
    • Change in key assumptions for the engagement
    • Project sponsors and stakeholders not fully engaged
    • Insufficient planning
    • Missing progress reviews

Then of course the function or the process.

  • Process and Controls
    • Improper definition of the to-be process
    • Non-readiness of applications required for outsourcing
    • Access controls not set up or delayed
    • Missing process flows
    • Training – in the process and for exceptions
    • Communication paths and escalation matrices
    • Controls or compliance impact
    • Undefined / incorrectly defined service levels

Now, for each of these there has to be an impact analysis and a mitigation plan if one or more risks do materialize.