Twenty-first century market dynamics continue to dictate that companies of all sizes consider outsourcing vital operational services and IT processes. Unfortunately, many organizations are not paying enough attention to the multitude of new risks that inevitably surface with the outsourcing of increasingly complex business processes and data supply chains. Today's businesses must constantly engage in concentrated risk mitigation and liability management - especially as it relates to diligence in corporate governance practices and compliance with the laws of the land. Significant new regulatory requirements such as the Sarbanes-Oxley Act implore that companies closely scrutinize any business or data procurement processes that may affect corporate financial controls (and the accountability of those controls). As a result, enterprises need to make sure that their current and prospective outsourcing vendors strive to:

If an external vendor is managing operations that have a bearing on a company's financial controls or business quality methodologies such as ISO and GAP standards, lack of attention to a client's compliance requirements can quickly cause severe problems for both companies. (The reality is that outsourced IT and data services often touch upon the boundaries of their client's core books and records, from accounts receivable to billing and beyond.) Sourcing governance - confirming that outsourcing companies meet not only functional service commitments but also a plethora of desired regulatory and compliance standards - has become more visible and important to organizations. Executive audit committees (often overseen by or composed of board members) are finally beginning to understand their fiduciary responsibilities with respect to IT governance - specifically as it relates to outsourcing vendor management and outsourced service procurement. As part of the overall corporate governance policy, audit committees should identify, categorize and evaluate all outsourcing risks and promote governance best practices in order to manage these risks. Many corporations now mandate that outsourcing vendors meet minimum thresholds for financial stability, size, and internal control and compliance infrastructure - which could mean that they have implemented Common Maturity Model level 5 and Six Sigma standards. Such demands are usually made implicit on contractual agreements and should withstand all varieties of internal and external audits as well as the toughest tests of transparency.

Register or login for access to this item and much more

All Information Management content is archived after seven days.

Community members receive:
  • All recent and archived articles
  • Conference offers and updates
  • A full menu of enewsletter options
  • Web seminars, white papers, ebooks

Don't have an account? Register for Free Unlimited Access