Measurement of IT outsourcing risk and needed IT staffs in outsourced environment----The Usuage of “Outsourcing Leverage”Concept

Chuan-Hsi Chen

Department of Management Information Systems, National Chengchi University,

No.64, Sec. 2, Zhinan Rd., Wenshan District, Taipei City 11605, Taiwan ROC

Jeffery Y. P. Chi

Department of Management Information Systems, National Chengchi University,

No.64, Sec. 2, Zhinan Rd., Wenshan District, Taipei City 11605, Taiwan ROC

ABSTRACT

Abstract: Outsourcing is one of the strategies to pursuit better performance in IT governance, but too much outsourcing bring serious risk to a corporation. How and how much outsourcing should we take, to leverage the benefit and risk are tough issues in IT governance. This paper try to bring out a concept named: “Outsourcing Leverage” to give a portrait to these complex relation.

Outsourcing leverage provide meaningful information for decision maker to set up baseline of IT department headcounts, then, adjusted by the accepted security level and efficiency requirement of project development. Different business areas request for different security levels, hence, have different outsourcing leverage.

Mathematical and quantitative study of outsourcing leverage still not included in this paper, it can be topics for further research.

Keywords: Outsourcing, Outsourcing leverage, Outsourcing portfolio, IT governance, Information security.

1 INTRODUCTION

Outsourcing has been adapted as a strategy for running IT department, since Kodak outsourced its data centre’s operation to IBM in 1989. “The basic rule today is that: every IT activity that can be outsourced may be outsourced” (William R. King, 2007). Not only domestic outsourcing, offshore outsourcing, global outsourcing are the options of outsourcing strategies. The international Association of Outsourcing Professionals announced the 2006 Global Outsourcing 100 firms that had experienced a 15% growth in 2005 and with 1.03 million employees generated 68.9 billion in revenues (Benjamin B.M. Shao, Julie Smith David, 2007).

The major driving forces behind the outsourcing may catalyzed as 3 dimensions:

(1). Time benefit：

Take the advantage of flexible manpower supply from IT outsourcer, to shorten the duration of software development and to speed up the business strategies.

(2). Cost benefit：

Keep from breeding too much additional permanent stuff, enterprises reduce the development and maintenance cost of IT center. The assumption of this benefit is: outsourcing cost is cheaper than own your IT staffs (but, most of times, this is not the fact).

(3). Technical update benefit：

Developing leading-edge competence and taking the advantage of new skill employees from outsourcer. IT staffs are too busy to upgrade their skills.

Come with benefits from outsourcing, it may also bring drawbacks to a corporation, if lack of adequate control on this strategy. An event happens in Taiwan on very beginning of year 2009(Wei-zei Lo, 2009): Computer system of Immigration bureau at Chiang Kai-Shek airport was down for 36 hours, impacts of this event are:

8 citizens, who are prohibited to go abroad, had escaped. Director of IT department step down from his job for taking responsibility. The event happen at the time of old outsourcing vendor just closed its contract on Dec. 31, 2008, new vendor begun its obligation only 3 days. The reasons that cause the event happen may be vary, but most of all, lost controlling ability to system, deeply depends on outsourcer should be one of the major factors of making this fatal mistake. Hence, how and how much outsourcing should we take, to leverage the benefit and risk in IT governance? This paper use a concept named: “Outsourcing Leverage” to give a portrait to these complex relation among input resource, security risk and project developing efficiency.

2 current Situation of governmental IT outsourcing in R.O.C.

IT outsourcing is a dominant governance policy of government agencies in Taiwan R.O.C., in spite of increasing needs of business automation requirements, IT departments are not allow to hire extra in house staffs in most of the cases. Base on statistics material of “Survey of IT spending in Taiwan Area of Year 2007” (Executive Yan, 2009), 2 tables are prepared to show the critical situation as follows:

Definition of terms in tables:

• IT budget: IT spending that includes hardware, software, headcount, administrative expending, and outsourcing cost.
• IT stuff ratio: Number of IT staffs / Total employees equipped with PC.
• ** note: pure assemble line workers without PC usage are excluded.
• IT spending per PC: Yearly IT budget / number of PCs.
• Out sourcing portfolio: a set of combination of outsourcing strategies, vary from “total Outsourcing” to “zero outsourcing”, and something in between.

Table 1: Statistics of IT Spending, Public Sector vs. Private Sector (1)

Table 2: Statistics of IT Spending, Public Sector vs. Private Sector (2)

In table 1, column1 to column4 (yearly budget, number of employees, number of PCs, IT staffs), are original data copy from the survey. Column 5 to column 7 is derived data from column 1-4, defined and calculated by author.

From table 1, we found that yearly spending per PCs of private sector is 46,196NT$ lower than public sector (49,647), while IT staffs owned by private sector(2.67%), is almost twice times higher than public sector (1.52%). In table 2, we compare the IT outsourcing spending between public and private. We find a surprising figure that outsourcing spending of private sector occupy only 9.57% of total yearly IT spending, while public sector has high ratio:34.73 of outsourcing spending, it comes 3.6 times higher than private sector in outsourcing spending. As we have known, private sector always emphasize the cost effect of each dollar’s investment, why private sectors insist to own more staffs in house than public sector? “Security Concern and the core competence” is the key reason (YANG Ying, HUO Guo. 2001).

3 lITERATURE REVIEW

3.1 Risk of Outsourcing

The failure of systems development projects has plagued the IT industry for years. In fact, the 2004 Standish group report indicates that only 28 percent of software development projects are successful, down from previous estimates of 34% (Debbie Tesch, et. al. 2007). The growth of outsourcing has resulted in numerous different outsourcing arrangements. The growing lexicon of outsourcing terminology has caused confusion for many managers and academicians alike, who tend to view outsourcing as a fixed, discrete event or a simple make-or-buy decision. In reality, outsourcing is an umbrella term that includes a range of sourcing options that are external to the firm (Nada R Sanders, et. al.).

Types of Outsourcing are varying, from total outsourcing to zero outsourcing (all make in house). Typical outsourcing types are:

• Total outsourcing: transfers most equipment, staff and responsibility for delivery of information service to a vendor.
• Selective outsourcing: identifies specific functions or service to outsource.
• zero outsourcing (all make in house)

80% of IT budget are used for outsourcing, an IT center can be define as total outsourcing (Lacity, Will cocks, and Feeny, 1996).

3.2 Principles of Outsourcing

To what extent should we take outsourcing strategies? There exist some principles (Robert Klepper & Wendell Jones, 1998):

(1). Keep the core competency, make it better and outsource the rest.

(2). Cost of controlling a vendor.

(3). The availability of appropriate vender.

(4). Never outsource all of the IT management

McFarlan & McKenny (Corporate Information Systems Management, 1992) also remind that: “The Change in balance of these pressures in favor of buy alternative has significantly impacted IT management practice, ... Care must be taken to ensure that adequate management procedures are in place so that an appropriate balance exists.”

How to leverage the security risk, developing efficiency and input human resource, when making the decision of “buy” or ”make”? Base on the principles listed above, this paper use a concept of “Outsourcing Leverage” (OL in short) to describes the relation, details will be discussed in next section.

3.3 Challenge of IT security protection in outsourcing Environment

Heavy outsourcing in a corporations or government agencies may change the role of IT staffs, from technical oriented position to acquisition-administrative oriented position (i.e. IT buyer), from system developer to contract controller.

This role changing may cause problems underlying:

• Lost control to application systems, deeply depend on outsourcing vendor.
• Lost kernel knowhow of business function (field background).
• IT staffs lost self-confidence and sense of achievements, cause high turn over (quit) rate.
• Escalation of security management risk.

Current literature still not found the practical model or formula to evaluate the relation between outsourcing policy and the security risk, nor found the baseline for IT departments to measure: how many IT staffs should it own (IT stuff ratio: IT stuff compare with total employees in corporate/government agency). How and how much outsourcing should we take, to leverage the benefit and risk in IT governance. These are crucial for CIO to make governance policy.

4. Research Method

Experts’ interview, and physical observation(at Information Management Department, Ministry of Justice, Taiwan) are used in this research.

4.1 Field experts interview and designed procedure

The awareness of IT outsourcing risk is one of key factors for a CIO to make IT governance policy, and for a project manager to equip his IT skills to handle project effectively. To understand the awareness of IT outsourcing risk among CIO/senior managers, field expert’s interview is very essential to this research. Field experts must have minimal 10 years of IT working experience can be candidate of our research. 18 experts include CIO of major ministries are interviewed. The name table of interviewed experts listed in table1.

An open end interview questionnaire is used to collect opinions for predefined questions and collect open comments to the outsourcing risk. The procedures of interview are:

(1). Ask interviewee about the problems they suffered in IT outsourcing.

(2).Ask interviewee what did he/she think about the problems, and did he/she agree that IT department need to have a model or baseline to evaluate to what extent to outsource his project without seriously hurt the security. If answer is yes, then, show the draft model of “outsourcing leverage” and ask comment to this model.

Expertise’s opinions are complementary material of author’s observation for building up the model of “outsourcing leverage”.

Table 3： List of interviewed experts

No.	Organization/Agencies	Job Title of Interviewee	IT working Experience (years)	IT employees
1	Information Management department of Control Yuan, R.O.C.	Former Director	15	12
2	Information Center Ministry of Economic	Former Director	30	30
3	MIS department of Research Assessment and Development Committee	Director	25	34
4	MIS department of Central Bank, R.O.C.	Director	30	40
5	Information Center of Council of Agriculture	Director	36	11
6	Information center of Department of Health	Director	12	14
7	Electronic processing Information Center	Voice Director	28	80
8	Information Management department, the Judicial Yuan, R.O.C.	Director	23	27
9	MIS Section of High Court Prosecutor's Office Taiwan	Chief	28	5
10	MIS Section of Taipei district Court Prosecutor's Office	Chief	20	5
11	MIS Section of Kaohsiung district Court Prosecutor's Office Taiwan	Chief	16	4
12	MIS Section of Supreme Court Prosecutor's Office	Chief	18	2
13	1st Section of Information Management Department, Ministry of Justice	Chief	30	10
14	2nd Section of Information Management Department, Ministry of Justice	Chief	24	7
15	3rd Section of Information Management Department, Ministry of Justice	Chief	17	11
16	Information Management Department, Ministry of Justice	Senior Analyst	20	--
17	1st Section of Information Management Department, Ministry of Justice	Analyst	22	--
18	3rd Section of Information Management Department, Ministry of Justice	Analyst	14	--

4.2 Limitation of the research

Owing to following reasons, this research limits its research scope to public sectors:

(1).Limited by research resource, the interviewees of this paper will focus on government IT officers. Hence, the result of research will effective only in governmental department or agencies. Private sectors may use it just as a reference.

(2).Compare the degree of IT outsourcing between public and private sector in Taiwan, public sectors are strongly pushed by policy than private sectors do. The ratio of outsourcing budget out of total IT budget in private sectors is triple times to private sectors. Hence, the output of this research will be more meaningful to public sectors than private sectors.

5. OUTCOME OF RESEARCH

5.1 Statistical Result of interview questionnaires

This questionnaire use 7 point measurement scale. 1 means very disagree (not serious at all), 7 means very agree (very serious), and 4 means neutral.

The statistical result of 18 interviewees’ questionnaires show as Table 3.

Table 3: The statistical result of 18 interviews questionnaires

Survey Questions	Average	Stand deviation	Variance
Q: What the problems you suffered in IT outsourcing？
Q1. Lost Control of critical systems.	5.280	1.7083	2.918301
Q2. Job change from technician to contract controller, lost technical skills and confidence.	5.060	1.47418	2.173203
Q3. Escalate of security risk (hard to execute code review and ability to control systems)	5.667	1.28338	1.647059
Q4. Regarded as IT buyer, lost position value and self-achievement.	4.778	1.3956	1.947712

Table 4: The statistical result of 8 CIO level interviewees

Survey Questions	Average	Stand deviation	Variance
Q: What the problems you suffered in IT outsourcing？
Q1. Lost Control of critical systems.	3.250	1.982062	3.928571
Q2. Job change from technician to contract controller, lost technical skills and confidence.	3.250	1.908627	3.642857
Q3. Escalate of security risk (hard to execute code review and ability to control systems)	4.125	2.03101	4.125
Q4. Regarded as IT buyer, lost self-achievement and value in enterprise.	3.500	2.070197	4.285714

5.2 Finding of Experts Interview

From statistic figure of table 3 and table 4, we have tree findings:

(1). The average value of question 3(Escalate of security risk) in table 3 is 5.667, it reveals the message that the majority of interviewees agree that IT outsourcing bring high risk to enterprise, while the high variance of answers show the awareness of outsourcing risk is very different among senior IT managers of government IT departments.

(2). From the answer of question 1(Lost Control of critical systems) in table 4, the answer of different level interviewees vary from 1 to 7scale points, the variance up to 3.928, and from the answer of question 4(Regarded as IT buyer, lost self-achievement and value in enterprise.) in table 4, the variance of the CIO’s answer up to 4.28, we may conclude that CIO have very different view points about outsourcing strategies.

(3). Compare Table3 and table 4, we found Middle level managers and senior technicians (Interviewee from NO.9 to NO.18) have higher security risk concern than some of CIO level manager (table 4) in outsourcing strategies.

Comments from interviewees about outsourcing include: shortage of IT staffs; poor quality of venders; IT staffs lost skill ability to control vender effectively, lack of standard(IT stuff ratio, defined at Section 2) for IT departments to acquire reasonable staffs from personal department. These are major concerns of CIO. To what extent should CIO take his outsourcing strategies, to leverage the benefit and risk in IT governance is also a common interest to CIO.

6. The concept of “Outsourcing Leverage”

If we compare the operation of outsourcing in IT governance with the operation of corporate finance management, we will find similar characteristics in these two operations:

• Use less money to operate big investment, that bring high risk to corporate finance, this type of operation called: “high financial leverage” (MS Long, IB Malitz 1983).
• Similar situation, use only few stuff to control huge outsourcing project, cause high IT management risk and security leak, this paper name this concept as: “outsourcing leverage”.

6.1 Definition of “Outsourcing Leverage”

The comparison figure of in house staffs (that an enterprise used to manage the outsourcing project) comparing to employees of vender assigned to develop the project (i.e. OL= number of vender’s employees in project / number of staffs that manage the project).

6.2 Assumption

To simplify the model, in this paper we assume that IT staffs in corporate or government agencies have similar skill level and performance. Employees in outsourcing venders have similar capability and discipline.

6.3 Characteristic of Outsourcing Leverage

“Outsourcing Leverage” has similar features with “Financial Leverage”. Use fewer stuff to manage a big outsourcing project, may escalate the risk of IT security, this lead to higher outsourcing leverage, and vice versa. We use 2 figures to illustrate detail characteristics of outsourcing leverage.

Figure. 1: Characteristics of outsourcing leverage in single outsourced project

We use Fig. 1 to show the relation between security risk (brings by outsourcing) and the quantity of in house staffs that control outsourced the project. In Fig. 1, the left hand side of the black curve, showing the high risk of a project using only few in house stuff to manage. Increase number of staffs will decrease risk sharply, but it is not possible to eliminate the risk to zero, even add staffs more than needed. The left hand side of black curve shows this fact. The dotted green line at low position of Fig.1, showing the different characteristics of project will impact the risk level and needed staffs of a project. In general cases, common use projects like accounting, inventory management, have lower risk in project management.

Fig. 2: Characteristics of outsourcing leverage with multiple outsourcing projects

Fig. 2: Characteristics of outsourcing leverage with multiple outsourcing projects

In Fig. 2, we show the relation among security risk, efficiency of project development, the inference of human resource input, as well as the characteristics of outsourcing portfolio. Types of outsourcing portfolio vary from Total outsourcing to zero outsourcing and something in between.

Portfolio with more outsourcing and less in house development has higher efficiency but come with higher risk. Portfolio with more in house development has lower efficiency, yet come with lower risk. These characters show by black line at middle position of Fig.2. Every application project has inherent risk, even you outsource nothing. Increase staffs to manage projects can reduce the risk without hamper development efficiency, hence will change the slope of outsourcing portfolio line to be slower, this imply the portfolio of outsourcing strategies has lower outsourcing leverage. The green line in Fig. 2 shows this fact. Characteristics of project will shift the position of outsourcing portfolio line, large and complex project has higher position of portfolio line, and the blue line at higher position in Fig. 2 shows this feature. Vice versa, the red line at lower position in Fig.2 showing the feature of simple or common used application.

6.4 The usage of Outsourcing Leverage and future work

Different business area like government, health care, banking, etc., request for different security levels, hence have different OL. A referable OL figure may provide valuable information for government agency or private enterprise to set up its baseline of IT headcounts, and then adjusted by the accepted security risk and efficiency requirement of system development (maintenance).

Quantitative models of outsourcing leverage in agencies/enterprises are still absence in exiting IT governance environment, these can be works for future study.

7. Conclusions

The security protection still found vulnerable in most of government agencies, and too much outsourcing lead to the leaks of IT security. This fact has been ignored by most of executives of government agencies. The concept of outsourcing leverage, bring an easy comparison of IT security with financial risk, may help decision maker to understand the baseline of needed IT headcounts and pay attention to the risk of outsourcing. Mathematical and quantitative study of outsourcing leverage still not included in this paper, it can be topics for further research.

References

Benjamin B.M. Shao, Julie Smith David, 2007. “The impact of offshore outsourcing on IT worker in developed countries” Communication of the ACM, Vol.50, NO.2, p.89,

Colby Ranger, et, al, 2007.“Evaluating MapReduce for Multi-core and Multiprocessor Systems”,Computer Systems Laboratory, Stanford University

Executive Yan, 2008. “Statistics of IT Spending, Public Sector v.s Private Sector, Survey of IT spending in Taiwan Area of Year 2007”, Executive Yan, Sep.

Jeffrey Dean and Sanjay Ghemawat, 2004. “MapReduce: Simplified Data Processing on Large Clusters” Google INC.

Lacity, Will cocks, and Feeny, p13, spring 1996. “The Value of SelectiveIT Outsourcing”, Sloan Management Review.

McFarlan & McKenny, 1992. “Corporate Information Systems Management: Text and Case” P.48, IRWIN Sydney, 3rd Edition

Klepper & Jones, 1998. “Outsourcing Information Technology,System&Services”, p.79, Prentice Hall

William R. King, 2007. “The IS Organization of the Future: Impacts of Global Sourcing” Information Systems Management. Boston: Spring Vol. 24, Iss. 2; pg. 121, 7 pgs

Wei-zei Lo, 2009.China Times, A1, Jan.11,

REFERENCES

Albert Sargent,Jr. ”Outsourcing Relationship Literature: An Examination and Implication for Future Research” ACM SIGMIS-CPR, Apr.2006

Benjamin B. M. Shao, Julie Smith David. “The impact of offshore outsourcing on IT workers in developed countries” Communications of the ACM ,Volume 50, Number 2, Pages 89-94,2007

Bin Jiang ＆ Amer Qureshi〝Research on outsourcing results: current literature and future opportunities〞，Management Decision. London: Vol. 44, Iss. 1; p 44-p55, 2006

Debbie Tesch ＆ Timothy J Kloppenborg ＆ Mark N Frolick，〝IT Project Risk Factors: The Project Management Professional Perspective〞，The Journal of Computer Information Systems. Stillwater: Vol. 47, Iss. 4; p61-p69, Summer 2007.

Executive Yan, “Statistics of IT Spending, Public Sector v.s Private Sector”, Survey of IT spending in Taiwan Area of Year 2008, published in Sep. 2009.

Jerry Luftman ＆ Rajkumar M Kempaiah 〝The IS Organization of the Future: The IT Talent Challenge〞，Information Systems Management. Boston: Vol. 24, Iss. 2; p129-p138, Spring 2007.

Judy E Scott，〝Mobility, Business Process Management, Software Sourcing, and Maturity Model Trends: Propositions for the IS Organization of the Future〞，Information Systems Management. Boston: Vol. 24, Iss. 2; p139-p143, Spring 2007.

Mary Hayes Weier ＆ Chris Murphy，〝Can GM Change How You Think About Outsourcing?〞，InformationWeek. Manhasset: Iss. 1152; p 36-p37, Aug 27-Sep 3, 2007.

Mei-hua Wang, “The Impact of Outsourcing Information System Development on the Core Competence of Government Information Management Department － A case study of Taipei City Government” 1996

Nada R Sanders ＆ Art Locke ＆ Curtis B Moore ＆ Chad W Autry，〝A Multidimensional Framework for Understanding Outsourcing Arrangements〞，Journal of Supply Chain Management. Tempe: Vol. 43, Iss. 4; p3-p17, Fall 2007.

Ralph H. Sprague, Jr. Barbara C. McNurlin “Information Systems Management” Practicep.255, 1993）

YANG Ying, HUO Guo－qing “IT Outsourcing in Enterprises and Its Risk Analysis”

China Soft Science 2001-3

Wei-min Mar, “A Study of the Career Planning for the Government IT officials”, 1993〝IT Project Risk Factors: The Project Management Professional Perspective〞

William R King，〝The IS Organization of the Future: Im pacts of Global Sourcing〞，Information Systems Management. Boston: Vol. 24, Iss. 2; p121-p127, Spring 2007.