IMGCAP(1)]Try typing the word “outsourcing” into Google and you’ll receive a list of over 122 million Web sites in the U.S. alone. Why is one word used so frequently in various publications?
The increase in globalization and emerging markets has led to a change in business methods. To compete in such a global landscape, companies have begun to develop global perspectives and strategies to remain competitive with foreign companies. One such strategy is business process outsourcing.
Companies that participate in BPO strive to achieve strategic advantages through more efficient business structures. For example, a company may decide to leverage less expensive resources provided overseas to lower the annual cost of specific business functions. However, BPO does not require a company to reassign business activities to an outside country. Companies participate in the concept of BPO for various reasons.
BPO encourages companies to re-evaluate the efficiency of their business processes and seek ways to lower their costs, optimize technology advantages and capacity requirements, along with other operational factors, to achieve business goals. The main consideration is not cost-effectiveness, but the need to remain competitive.
According to Frank Casale, CEO of The Outsourcing Institute, a Jericho, N.Y.-based professional association of more than 26,000 outsourcing executives, outsourcing has strategic value and has become a management tool in freeing companies to build upon their core competencies by leaving the non-core practices to specialized providers. As prominent businesses optimize their BPO practices, smaller businesses need to implement outsourcing initiatives as well, solely as a means of survival.
Whether onshore or offshore, BPO involves key risks that often prevent many organizations from pursuing the initiative. When an organization decides to outsource a business process—potentially involving layoffs—bringing the process back in-house if it doesn't pan out as envisioned can be an expensive proposition.
That doesn't even take into account the reputation risk involved or the public relations impact or the effect that such a reversal would have on the careers of executives involved in such decisions. Reducing these risks is essential to the success of an outsourcing effort.
As advantageous as BPO can be for a company, one should not overlook the potential risks and disadvantages that come with the rewards. There are other operational risks involved as well. For example, companies have specific expectations for their employees. If expectations are not communicated thoroughly, third-party service providers may fail to meet them and jeopardize the quality of a product or service.
Language barriers between the parent company and third party service providers can serve as another disadvantage. For instance, a global company may have employees and third party servicers trying to communicate in a common language that is not their native speech, causing a lack of understanding by both parties.
In addition, one must consider the risks associated with system security when outside parties are given access to information. Stephen Loynd, a program manager from Contact Center Services, states that the No. 1 risk of BPO is a failed engagement; however, one way to mitigate such a risk is to be very discerning when choosing a partner.
I can go on with further risks involved in a BPO initiative, but for simplicity’s sake the risks can be narrowed down to three categories:
• Strategic: This includes data privacy and confidentiality, intellectual property protection, long-term organizational impact, security, privacy, and cost. There is also a loss of institutional knowledge. What if the BPO effort doesn’t work? Can the organization execute the process in-house if needed or forced to do so?
• Operational: This includes the quality impact, speed of execution, impact on key stakeholders, and customers of the process. Will it work out over the long run? There are inefficiencies to consider, along with opportunity costs.
• Reputation: This should be self-explanatory.
Sure, contract terms and conditions as well as operational controls embedded in process design can help mitigate some of these risks, but to what extent? Managing each of these risks is an ongoing activity that must be monitored constantly and consistently.
Establishing metrics for continuous monitoring, reporting and oversight is a critical activity that must be well thought out prior to outsourcing the process. But what kind of a framework for monitoring and measuring these parameters is considered adequate and appropriate? How can a business best mitigate the risks involved?
Because the speed of implementation is often a key focus in a BPO initiative, it is not uncommon for enterprise risk management to take a temporary back seat during the execution stages. Given the inherent risks involved, what is the best way to ensure that risks are mitigated? Who does the organization rely upon to ensure a close eye is kept on risk implications?
Impact on Corporate Internal Audit Functions
That’s where internal audit enters the picture. As governance and risk management concerns become more relevant, it is important that internal audit gets involved to ensure that there are enough controls embedded in the process that can prevent, detect or correct the relevant risks in the operation.
Before companies implement BPO, proper edit checks and mitigating controls should be in place to ensure a safe and smooth transition. Internal audit’s expertise and focus on a well-controlled operational and accounting environment can add critical value to the overall process of implementing BPO initiatives. As a result, the leadership within the company turning to BPO may invite internal audit to partake in preliminary implementation discussions to leverage off of audit’s knowledge and expertise.
For example, BPO expert Sundar Ramachandran states that management should consider a business continuity management plan when outsourcing. A BCM plan involves taking the appropriate steps to identify, manage, and control processes that have been and still can be outsourced. Internal audit’s initial involvement in helping identify these types of internal control considerations that can aid the company in developing valuable outsourcing plans could mitigate risks and assist in the project’s success. However, internal audit must always maintain its integrity as an independent body and never jeopardize its role as such.
Internal auditors can assist in identifying weaknesses, bottlenecks, and control issues in the processes and suggest ways that risks can be mitigated. Moreover, from a consulting perspective, internal audit departments can add value to an organization by advising process owners on how to best develop and structure financial and non-financial reporting to facilitate robust governance and transparency for the key stakeholders involved.
Outsourcing of business processes has created unique management challenges, specifically as processes become more complex and several sub-processes get integrated within processes. It is extremely critical that internal controls be paid attention to and embedded during process design to prevent inefficiencies from occurring after the fact. While the key objectives of outsourcing initiatives must be met, internal audit’s involvement in the process transition should be robust enough to provide assurance to key stakeholders that the organization has not lost control or focus over the key risks involved in the process.
As companies develop a global mindset and implement outsourcing strategies, internal audit may be asked for initial advice. With independence and objectivity, internal audit can play a critical role in the success of business process outsourcing the implementations.
Sunil Sajnani, CPA, LIFA, is a Senior Enterprise Risk Management professional with over nine years of experience in corporate risk functions within the retail, private equity, financial services and banking sectors. He specializes in financial, operational and business process improvement, cost containment, risk management, and was part of the internal audit and advisory start-up initiatives of a Fortune 50 financial institution. Prior to that, he was a Senior Associate in PricewaterhouseCoopers’ Mergers and Acquisitions practice. Sunil has a Master in Accounting, a Bachelor in Financial Economics and graduated from the University of Michigan in Ann Arbor. He can be contacted at
