Aubert SS 1998

Summary

The authors define risk in the context of IT outsourcing contracts and describe a model which links specific undesirable outcomes of an outsourcing deal with the factors that can lead to those outcomes. They built their lists of outcomes and factors relevant to IT outsourcing by surveying the academic literature on those subjects.

They define risk in terms of risk exposure, which they model with the following equation (p. 686):

• RE = P(UO) * L(UO)

where RE is the risk exposure, P(UO) is the probability of an undesirable outcome, and L(UO) is the expected loss associated with that outcome. We can estimate the probability of occurrence by reflecting on past experiences with that outcome, or by identifying the factors which lead to those outcomes and assessing the extent to which those factors exist for a particular project (p. 686). The model the authors propose take this latter approach to estimating probability of occurrence.

By surveying relevant literature, the paper lists these undesirable outcomes as relevant to outsourcing deals:

• Hidden costs, which includes transaction costs (setup, relocation), management costs (human resources which must be dedicated to managing the deal from the client end), contracting costs (cost of searching for and finding an appropriate vendor and drawing up contracts), and unexpected costs (costs that the client assumed were in the contract, but were not) (pp. 686-687).

• Contractual difficulties caused by incompletely specified contracts, and encompassing the cost of changes, the cost of disputes over those changes and over definitions of contractual terms (p. 687)

• Lock-in, which refer to the (often very high) costs to a client of repatriating a service (p. 687).

• Service debasement: degrading service levels (p. 687).

• Rising service costs (p. 687).

• Loss of organizational competency as knowledge of building and running a service leaves the organization. If the service is closely related to a core competency, this can be a serious issue (p. 687).

The authors also identified these risk factors, which are drawn from agency theory and transaction theory:

• Opportunism of the principal and agent, which refers to moral hazard (it may be impossible for the principal to tell whether a problem is the fault of the agent or not), adverse selection (the agent may be overoptimistic in its abilities, but it may be difficult or impossible for the principal to detect that), and imperfect commitment (both principals and agents may renege on their commitments) (p. 688).

• Lack of experience or expertise of the agent (who may oversell itself) and principal (both in understanding the problem domain and in managing outsourcing contracts) (pp. 688-689).

• Lack of competition among agents makes lock-in likely (p. 688).

• Asset specificity, which means that that it may be difficult to move a service from one agent to another (p. 689).

• Measurement problems: it may be difficult for the principal to measure the adequacy of the solution provided by the agent (p. 689).

• Frequency of transactions with a particular agent. Setting up transactions is costly (p. 689).

• Technological indivisibility, which means that outsourced services may be interdependent with internal services (p. 689).

• Technological discontinuity, which means that the solution contracted for may be obsolete before delivery (p. 689).

• Outsourcing core competencies (p. 689).

The model proposed in the paper links the outcomes to the factors like so:

Critique

This is a wonderfully clear and well laid out article. Easily understandble, all factors and outcomes were well explained and well related.

It would be nice to see some validation of the model against some case studies.