Chuan-Hsi
Chen
Department
of Management Information Systems, National Chengchi University,
No.64,
Sec. 2, Zhinan Rd., Wenshan District, Taipei City 11605, Taiwan ROC
Jeffery
Y. P. Chi
Department
of Management Information Systems, National Chengchi University,
No.64,
Sec. 2, Zhinan Rd., Wenshan District, Taipei City 11605, Taiwan ROC
ABSTRACT
Abstract: Outsourcing
is one of the strategies to pursuit better performance in IT
governance, but too much outsourcing bring serious risk to a
corporation. How and how much outsourcing should we take, to leverage
the benefit and risk are tough issues in IT governance. This paper
try to bring out a concept named: “Outsourcing Leverage” to give
a portrait to these complex relation.
Outsourcing
leverage provide meaningful information for decision maker to set up
baseline of IT department headcounts, then, adjusted by the accepted
security level and efficiency requirement of project development.
Different business areas request for different security levels,
hence, have different outsourcing leverage.
Mathematical
and quantitative study of outsourcing leverage still not included in
this paper, it can be topics for further research.
Keywords:
Outsourcing, Outsourcing leverage, Outsourcing portfolio, IT
governance, Information security.
1 INTRODUCTION
Outsourcing
has been adapted as a strategy for running IT department, since Kodak
outsourced its data centre’s operation to IBM in 1989. “The basic
rule today is that: every IT activity that can be outsourced may be
outsourced” (William R. King, 2007). Not only domestic outsourcing,
offshore outsourcing, global outsourcing are the options of
outsourcing strategies. The international Association of Outsourcing
Professionals announced the 2006 Global Outsourcing 100 firms that
had experienced a 15% growth in 2005 and with 1.03 million employees
generated 68.9 billion in revenues (Benjamin B.M. Shao, Julie Smith
David, 2007).
The
major driving forces behind the outsourcing may catalyzed as 3
dimensions:
(1).
Time benefit:
Take the
advantage of flexible manpower supply from IT outsourcer, to shorten
the duration of software development and to speed up the business
strategies.
(2).
Cost benefit:
Keep from
breeding too much additional permanent stuff, enterprises reduce the
development and maintenance cost of IT center. The assumption of this
benefit is: outsourcing cost is cheaper than own your IT staffs (but,
most of times, this is not the fact).
(3).
Technical update benefit:
Developing
leading-edge competence and taking the advantage of new skill
employees from outsourcer. IT staffs are too busy to upgrade their
skills.
Come
with benefits from outsourcing, it may also bring drawbacks to a
corporation, if lack of adequate control on this strategy. An event
happens in Taiwan on very beginning of year 2009(Wei-zei Lo, 2009):
Computer system of Immigration bureau at Chiang Kai-Shek airport was
down for 36 hours, impacts of this event are:
8
citizens, who are prohibited to go abroad, had escaped. Director
of IT department step down from his job for taking responsibility.
The event happen at the time of old outsourcing vendor just closed
its contract on Dec. 31, 2008, new vendor begun its obligation only 3
days. The reasons that cause the event happen may be vary, but most
of all, lost controlling ability to system, deeply depends on
outsourcer should be one of the major factors of making this fatal
mistake. Hence, how and how much outsourcing should we take, to
leverage the benefit and risk in IT governance? This paper use a
concept named: “Outsourcing Leverage” to give a portrait to these
complex relation among input resource, security risk and project
developing efficiency.
2 current Situation of governmental IT outsourcing in R.O.C.
IT
outsourcing is a dominant governance policy of government agencies in
Taiwan R.O.C., in spite of increasing needs of business automation
requirements, IT departments are not allow to hire extra in house
staffs in most of the cases. Base on statistics material of “Survey
of IT spending in Taiwan Area of Year 2007” (Executive Yan, 2009),
2 tables are prepared to show the critical situation as follows:
Definition
of terms in tables:
-
IT budget: IT spending that includes hardware, software, headcount, administrative expending, and outsourcing cost.
-
IT stuff ratio: Number of IT staffs / Total employees equipped with PC.
-
** note: pure assemble line workers without PC usage are excluded.
-
IT spending per PC: Yearly IT budget / number of PCs.
-
Out sourcing portfolio: a set of combination of outsourcing strategies, vary from “total Outsourcing” to “zero outsourcing”, and something in between.
Table 1:
Statistics of IT Spending, Public Sector vs. Private Sector
(1)
Table 2:
Statistics of IT Spending, Public Sector vs. Private Sector (2)
In
table 1, column1 to column4 (yearly budget, number of employees,
number of PCs, IT staffs), are original data copy from the survey.
Column 5 to column 7 is derived data from column 1-4, defined and
calculated by author.
From
table 1, we found that yearly spending per PCs of private sector is
46,196NT$ lower than public sector (49,647), while IT staffs owned by
private sector(2.67%), is almost twice times higher than public
sector (1.52%). In table 2, we compare the IT outsourcing spending
between public and private. We find a surprising figure that
outsourcing spending of private sector occupy only 9.57% of total
yearly IT spending, while public sector has high ratio:34.73 of
outsourcing spending, it comes 3.6 times higher than private sector
in outsourcing spending. As we have known, private sector always
emphasize the cost effect of each dollar’s investment, why private
sectors insist to own more staffs in house than public sector?
“Security Concern and the core competence” is the key reason
(YANG Ying, HUO Guo. 2001).
3 lITERATURE REVIEW
3.1
Risk of Outsourcing
The
failure of systems development projects has plagued the IT industry
for years. In fact, the 2004 Standish group report indicates that
only 28 percent of software development projects are successful, down
from previous estimates of 34% (Debbie
Tesch, et. al. 2007).
The growth of outsourcing has resulted in numerous
different outsourcing arrangements. The growing lexicon of
outsourcing terminology has caused confusion for many managers and
academicians alike, who tend to view outsourcing as a fixed, discrete
event or a simple make-or-buy decision. In reality, outsourcing is an
umbrella term that includes a range of sourcing options that are
external to the firm (Nada
R Sanders, et. al.).
Types
of Outsourcing are varying, from total outsourcing to zero
outsourcing (all make in house). Typical outsourcing types are:
-
Total outsourcing: transfers most equipment, staff and responsibility for delivery of information service to a vendor.
-
Selective outsourcing: identifies specific functions or service to outsource.
-
zero outsourcing (all make in house)
80%
of IT budget are used for outsourcing, an IT center can be define as
total outsourcing (Lacity, Will cocks, and Feeny, 1996).
3.2
Principles of Outsourcing
To
what extent should we take outsourcing strategies? There exist some
principles (Robert Klepper & Wendell Jones, 1998):
(1).
Keep the core competency, make it better and outsource the rest.
(2).
Cost of controlling a vendor.
(3).
The availability of appropriate vender.
(4).
Never outsource all of the IT management
McFarlan
& McKenny (Corporate Information Systems Management, 1992) also
remind that: “The Change in balance of these pressures in favor of
buy alternative has significantly impacted IT management practice,
... Care must be taken to ensure that adequate management procedures
are in place so that an appropriate balance exists.”
How
to leverage the security risk, developing efficiency and input human
resource, when making the decision of “buy” or ”make”? Base
on the principles listed above, this paper use a concept of
“Outsourcing Leverage” (OL in short) to describes the relation,
details will be discussed in next section.
3.3
Challenge of IT security protection in outsourcing Environment
Heavy
outsourcing in a corporations or government agencies may change the
role of IT staffs, from technical oriented position to
acquisition-administrative oriented position (i.e. IT buyer), from
system developer to contract controller.
This
role changing may cause problems underlying:
-
Lost control to application systems, deeply depend on outsourcing vendor.
-
Lost kernel knowhow of business function (field background).
-
IT staffs lost self-confidence and sense of achievements, cause high turn over (quit) rate.
-
Escalation of security management risk.
Current
literature still not found the practical model or formula to evaluate
the relation between outsourcing policy and the security risk, nor
found the baseline for IT departments to measure: how many IT staffs
should it own (IT stuff ratio: IT stuff compare with total employees
in corporate/government agency). How and how much outsourcing should
we take, to leverage the benefit and risk in IT governance. These are
crucial for CIO to make governance policy.
4. Research Method
Experts’
interview, and physical observation(at Information Management
Department, Ministry of Justice, Taiwan) are used in this research.
4.1
Field experts interview and designed procedure
The awareness
of IT outsourcing risk is one of key factors for a CIO to make IT
governance policy, and for a project manager to equip his IT skills
to handle project effectively. To understand the awareness of IT
outsourcing risk among CIO/senior managers, field expert’s
interview is very essential to this research. Field experts must have
minimal 10 years of IT working experience can be candidate of our
research. 18 experts include CIO of major ministries are interviewed.
The name table of interviewed experts listed in table1.
An open end
interview questionnaire is used to collect opinions for predefined
questions and collect open comments to the outsourcing risk. The
procedures of interview are:
(1). Ask
interviewee about the problems they suffered in IT outsourcing.
(2).Ask
interviewee what did he/she think about the problems, and did he/she
agree that IT department need to have a model or baseline to evaluate
to what extent to outsource his project without seriously hurt the
security. If answer is yes, then, show the draft model of
“outsourcing leverage” and ask comment to this model.
Expertise’s
opinions are complementary material of author’s observation for
building up the model of “outsourcing leverage”.
Table 3:
List
of interviewed experts
No.
|
Organization/Agencies
|
Job
Title of
Interviewee
|
IT
working Experience
(years)
|
IT
employees
|
1
|
Information
Management department of Control Yuan, R.O.C.
|
Former
Director
|
15
|
12
|
2
|
Information
Center Ministry of Economic
|
Former
Director
|
30
|
30
|
3
|
MIS
department of Research Assessment and Development Committee
|
Director
|
25
|
34
|
4
|
MIS
department of Central Bank, R.O.C.
|
Director
|
30
|
40
|
5
|
Information
Center of Council of Agriculture
|
Director
|
36
|
11
|
6
|
Information
center of Department of Health
|
Director
|
12
|
14
|
7
|
Electronic
processing Information Center
|
Voice
Director
|
28
|
80
|
8
|
Information
Management department, the Judicial Yuan, R.O.C.
|
Director
|
23
|
27
|
9
|
MIS
Section of High Court Prosecutor's Office Taiwan
|
Chief
|
28
|
5
|
10
|
MIS
Section of Taipei district Court Prosecutor's Office
|
Chief
|
20
|
5
|
11
|
MIS
Section of Kaohsiung district Court Prosecutor's Office Taiwan
|
Chief
|
16
|
4
|
12
|
MIS
Section of Supreme Court Prosecutor's Office
|
Chief
|
18
|
2
|
13
|
1st
Section of Information Management Department, Ministry of Justice
|
Chief
|
30
|
10
|
14
|
2nd
Section of Information Management Department, Ministry of Justice
|
Chief
|
24
|
7
|
15
|
3rd
Section of Information Management Department, Ministry of Justice
|
Chief
|
17
|
11
|
16
|
Information
Management Department, Ministry of Justice
|
Senior
Analyst
|
20
|
--
|
17
|
1st
Section of Information Management Department, Ministry of Justice
|
Analyst
|
22
|
--
|
18
|
3rd
Section of Information Management Department, Ministry of Justice
|
Analyst
|
14
|
--
|
4.2
Limitation of the research
Owing to
following reasons, this research limits its research scope to public
sectors:
(1).Limited by
research resource, the interviewees of this paper will focus on
government IT officers. Hence, the result of research will effective
only in governmental department or agencies. Private sectors may use
it just as a reference.
(2).Compare
the degree of IT outsourcing between public and private sector in
Taiwan, public sectors are strongly pushed by policy than private
sectors do. The ratio of outsourcing budget out of total IT budget in
private sectors is triple times to private sectors. Hence, the output
of this research will be more meaningful to public sectors than
private sectors.
5. OUTCOME OF RESEARCH
5.1
Statistical Result of interview questionnaires
This
questionnaire use 7 point measurement scale. 1 means very disagree
(not serious at all), 7 means very agree (very serious), and 4 means
neutral.
The
statistical result of 18 interviewees’ questionnaires show as Table
3.
Table 3:
The statistical result of 18 interviews questionnaires
Survey
Questions
|
Average
|
Stand
deviation
|
Variance
|
Q:
What the problems you suffered in IT outsourcing?
|
|||
Q1.
Lost Control of critical systems.
|
5.280
|
1.7083
|
2.918301
|
Q2.
Job change from technician to contract controller, lost technical
skills and confidence.
|
5.060
|
1.47418
|
2.173203
|
Q3.
Escalate of security risk (hard to execute code review and
ability to control systems)
|
5.667
|
1.28338
|
1.647059
|
Q4. Regarded
as IT buyer, lost position value and self-achievement.
|
4.778
|
1.3956
|
1.947712
|
Table 4:
The statistical result of 8 CIO level interviewees
Survey
Questions
|
Average
|
Stand
deviation
|
Variance
|
Q:
What the problems you suffered in IT outsourcing?
|
|||
Q1.
Lost Control of critical systems.
|
3.250
|
1.982062
|
3.928571
|
Q2.
Job change from technician to contract controller, lost technical
skills and confidence.
|
3.250
|
1.908627
|
3.642857
|
Q3.
Escalate of security risk (hard to execute code review and
ability to control systems)
|
4.125
|
2.03101
|
4.125
|
Q4. Regarded
as IT buyer, lost self-achievement and value in enterprise.
|
3.500
|
2.070197
|
4.285714
|
5.2
Finding of Experts Interview
From
statistic figure of table 3 and table 4, we have tree findings:
(1). The
average value of question 3(Escalate of security risk)
in table 3 is 5.667, it reveals the message that the majority of
interviewees agree that IT outsourcing bring high risk to enterprise,
while the high variance of answers show the awareness of outsourcing
risk is very different among senior IT managers of government IT
departments.
(2). From the
answer of question 1(Lost Control of critical systems) in table 4,
the answer of different level interviewees vary from 1 to 7scale
points, the variance up to 3.928, and from the answer of question
4(Regarded as IT buyer, lost self-achievement and value in
enterprise.) in table
4, the variance of the CIO’s answer up to 4.28, we may conclude
that CIO have very different view points about outsourcing
strategies.
(3). Compare
Table3 and table 4, we found Middle level managers and senior
technicians (Interviewee from NO.9 to NO.18) have higher security
risk concern than some of CIO level manager (table 4) in outsourcing
strategies.
Comments from
interviewees about outsourcing include: shortage of IT staffs; poor
quality of venders; IT staffs lost skill ability to control vender
effectively, lack of standard(IT stuff ratio, defined at Section 2)
for IT departments to acquire reasonable staffs from personal
department. These are major concerns of CIO. To what extent should
CIO take his outsourcing strategies, to leverage the benefit and risk
in IT governance is also a common interest to CIO.
6. The concept of “Outsourcing Leverage”
If
we compare the operation of outsourcing in IT governance with the
operation of corporate finance management, we will find similar
characteristics in these two operations:
-
Use less money to operate big investment, that bring high risk to corporate finance, this type of operation called: “high financial leverage” (MS Long, IB Malitz 1983).
-
Similar situation, use only few stuff to control huge outsourcing project, cause high IT management risk and security leak, this paper name this concept as: “outsourcing leverage”.
6.1
Definition of “Outsourcing Leverage”
The
comparison figure of in house staffs (that an enterprise used to
manage the outsourcing project) comparing to employees of vender
assigned to develop the project (i.e. OL= number of vender’s
employees in project / number of staffs that manage the project).
6.2
Assumption
To
simplify the model, in this paper we assume that IT staffs in
corporate or government agencies have similar skill level and
performance. Employees in outsourcing venders have similar capability
and discipline.
6.3
Characteristic of Outsourcing Leverage
“Outsourcing
Leverage” has similar features with “Financial Leverage”. Use
fewer stuff to manage a big outsourcing project, may escalate the
risk of IT security, this lead to higher outsourcing leverage, and
vice versa. We use 2 figures to illustrate detail characteristics of
outsourcing leverage.
Figure. 1:
Characteristics of outsourcing leverage in single outsourced project
We
use Fig. 1 to show the relation between security risk (brings by
outsourcing) and the quantity of in house staffs that control
outsourced the project. In Fig. 1, the left hand side of the black
curve, showing the high risk of a project using only few in house
stuff to manage. Increase number of staffs will decrease risk
sharply, but it is not possible to eliminate the risk to zero, even
add staffs more than needed. The left hand side of black curve shows
this fact. The dotted green line at low position of Fig.1, showing
the different characteristics of project will impact the risk level
and needed staffs of a project. In general cases, common use projects
like accounting, inventory management, have lower risk in project
management.
Fig. 2:
Characteristics of outsourcing leverage with multiple outsourcing
projects
Fig. 2:
Characteristics of outsourcing leverage with multiple outsourcing
projects
In
Fig. 2, we show the relation among security risk, efficiency of
project development, the inference of human resource input, as well
as the characteristics of outsourcing portfolio. Types of outsourcing
portfolio vary from Total outsourcing to zero outsourcing and
something in between.
Portfolio
with more outsourcing and less in house development has higher
efficiency but come with higher risk. Portfolio with more in house
development has lower efficiency, yet come with lower risk. These
characters show by black line at middle position of Fig.2. Every
application project has inherent risk, even you outsource nothing.
Increase staffs to manage projects can reduce the risk without hamper
development efficiency, hence will change the slope of outsourcing
portfolio line to be slower, this imply the portfolio of outsourcing
strategies has lower outsourcing leverage. The green line in Fig. 2
shows this fact. Characteristics of project will shift the position
of outsourcing portfolio line, large and complex project has higher
position of portfolio line, and the blue line at higher position in
Fig. 2 shows this feature. Vice versa, the red line at lower position
in Fig.2 showing the feature of simple or common used application.
6.4
The usage of Outsourcing Leverage and future work
Different
business area like government, health care, banking, etc., request
for different security levels, hence have different OL. A referable
OL figure may provide valuable information for government agency or
private enterprise to set up its baseline of IT headcounts, and then
adjusted by the accepted security risk and efficiency requirement of
system development (maintenance).
Quantitative
models of outsourcing leverage in agencies/enterprises are still
absence in exiting IT governance environment, these can be works for
future study.
7.
Conclusions
The
security protection still found vulnerable in most of government
agencies, and too much outsourcing lead to the leaks of IT security.
This fact has been ignored by most of executives of government
agencies. The concept of outsourcing leverage, bring an easy
comparison of IT security with financial risk, may help decision
maker to understand the baseline of needed IT headcounts and pay
attention to the risk of outsourcing. Mathematical and quantitative
study of outsourcing leverage still not included in this paper, it
can be topics for further research.
References
Benjamin
B.M. Shao, Julie Smith David, 2007. “The impact of offshore
outsourcing on IT worker in developed countries” Communication
of the ACM, Vol.50, NO.2, p.89,
Colby
Ranger, et, al, 2007.“Evaluating MapReduce for Multi-core and
Multiprocessor Systems”,Computer Systems Laboratory, Stanford
University
Executive
Yan, 2008. “Statistics of IT Spending, Public Sector v.s Private
Sector, Survey of IT spending in Taiwan Area of Year 2007”,
Executive Yan, Sep.
Jeffrey
Dean and Sanjay Ghemawat, 2004. “MapReduce: Simplified
Data Processing on Large Clusters” Google
INC.
Lacity,
Will cocks, and Feeny, p13, spring 1996. “The Value of SelectiveIT
Outsourcing”, Sloan Management Review.
McFarlan
& McKenny, 1992. “Corporate Information Systems Management:
Text and Case” P.48, IRWIN Sydney, 3rd Edition
Klepper
& Jones, 1998. “Outsourcing Information
Technology,System&Services”, p.79, Prentice Hall
William
R. King, 2007. “The IS Organization of the Future: Impacts of
Global Sourcing” Information
Systems Management. Boston: Spring
Vol. 24, Iss. 2; pg. 121, 7 pgs
Wei-zei
Lo, 2009.China Times, A1, Jan.11,
REFERENCES
Albert
Sargent,Jr. ”Outsourcing
Relationship Literature: An Examination and Implication for Future
Research” ACM
SIGMIS-CPR, Apr.2006
Benjamin
B. M. Shao, Julie Smith David. “The
impact of offshore outsourcing on IT workers in developed countries”
Communications of the ACM ,Volume 50, Number 2, Pages 89-94,2007
Bin
Jiang &
Amer
Qureshi〝Research
on outsourcing results: current literature and future
opportunities〞,Management
Decision. London: Vol. 44, Iss. 1; p 44-p55, 2006
Debbie
Tesch &
Timothy
J Kloppenborg &
Mark
N Frolick,〝IT
Project Risk Factors: The Project Management Professional
Perspective〞,The
Journal of Computer Information Systems. Stillwater: Vol. 47, Iss. 4;
p61-p69, Summer 2007.
Executive
Yan, “Statistics of
IT Spending, Public Sector v.s Private Sector”,
Survey of IT spending in Taiwan Area of Year 2008, published in Sep.
2009.
Jerry
Luftman &
Rajkumar
M Kempaiah 〝The
IS Organization of the Future: The IT Talent Challenge〞,Information
Systems Management. Boston: Vol. 24, Iss. 2; p129-p138, Spring 2007.
Judy
E Scott,〝Mobility,
Business Process Management, Software Sourcing, and Maturity Model
Trends: Propositions for the IS Organization of the
Future〞,Information
Systems Management. Boston: Vol. 24, Iss. 2; p139-p143, Spring 2007.
Mary
Hayes Weier &
Chris
Murphy,〝Can
GM Change How You Think About Outsourcing?〞,InformationWeek.
Manhasset: Iss. 1152; p 36-p37, Aug 27-Sep 3, 2007.
Mei-hua
Wang, “The Impact of Outsourcing Information System Development on
the Core Competence of Government Information Management Department -
A
case study of Taipei City Government” 1996
Nada
R Sanders &
Art
Locke &
Curtis
B Moore &
Chad
W Autry,〝A
Multidimensional Framework for Understanding Outsourcing
Arrangements〞,Journal
of Supply Chain Management. Tempe: Vol. 43, Iss. 4; p3-p17, Fall
2007.
Ralph H.
Sprague, Jr. Barbara C. McNurlin “Information Systems Management”
Practicep.255, 1993)
YANG
Ying, HUO Guo-qing
“IT Outsourcing in
Enterprises and Its Risk Analysis”
China Soft
Science 2001-3
Wei-min
Mar, “A Study of the
Career Planning for the Government IT officials”,
1993〝IT
Project Risk Factors: The Project Management Professional
Perspective〞
William
R King,〝The
IS Organization of the Future: Im pacts of Global
Sourcing〞,Information
Systems Management. Boston: Vol. 24, Iss. 2; p121-p127, Spring 2007.
沒有留言:
張貼留言