Twenty-first century market dynamics continue to dictate that companies of all sizes consider outsourcing vital operational services and IT processes. Unfortunately, many organizations are not paying enough attention to the multitude of new risks that inevitably surface with the outsourcing of increasingly complex business processes and data supply chains. Today's businesses must constantly engage in concentrated risk mitigation and liability management - especially as it relates to diligence in corporate governance practices and compliance with the laws of the land. Significant new regulatory requirements such as the Sarbanes-Oxley Act implore that companies closely scrutinize any business or data procurement processes that may affect corporate financial controls (and the accountability of those controls). As a result, enterprises need to make sure that their current and prospective outsourcing vendors strive to:

  • Satisfy all current regulatory and compliance requirements that may affect the relevant business spheres of a client and, specifically, the business areas that drive the processes and functions being outsourced; and
  • Have in place appropriate internal governance controls and policies. A service provider's stated commitment to quality management may imply solid corporate governance; however, specific credentials should be well documented and made available to prospective strategic partners.

If an external vendor is managing operations that have a bearing on a company's financial controls or business quality methodologies such as ISO and GAP standards, lack of attention to a client's compliance requirements can quickly cause severe problems for both companies. (The reality is that outsourced IT and data services often touch upon the boundaries of their client's core books and records, from accounts receivable to billing and beyond.)
Sourcing governance - confirming that outsourcing companies meet not only functional service commitments but also a plethora of desired regulatory and compliance standards - has become more visible and important to organizations. Executive audit committees (often overseen by or composed of board members) are finally beginning to understand their fiduciary responsibilities with respect to IT governance - specifically as it relates to outsourcing vendor management and outsourced service procurement. As part of the overall corporate governance policy, audit committees should identify, categorize and evaluate all outsourcing risks and promote governance best practices in order to manage these risks. Many corporations now mandate that outsourcing vendors meet minimum thresholds for financial stability, size, and internal control and compliance infrastructure - which could mean that they have implemented Common Maturity Model level 5 and Six Sigma standards. Such demands are usually made implicit on contractual agreements and should withstand all varieties of internal and external audits as well as the toughest tests of transparency.

The chances of running afoul of regulatory and compliance mandates due to the actions of an external service provider will drastically decrease when the outsourcer and outsourcee see one another as strategic partners who share symmetrical investments and similar risks. True strategic alignment means that both sides are willing to continuously refine and improve service level agreements on a task-by-task basis over the life of the partnership, engaging in constant dialog about how objectives in service delivery and costs are being met and measured against all strategic and tactical goals. Robust communication channels will cultivate a mutually beneficial and high-trust relationship where governance principles are shared both inside and outside the scope of service contracts. The value proposition for effective forums of information sharing and collective decision-making is obvious: improved service supply chains without concurrent increases in expenditures. This can only be accomplished by common understandings (logical and physical) of how to monitor, manage and measure not only deliverables and service levels, but also the degree of adherence to agreed-upon compliance and regulatory requirements as well as the ongoing identification and mitigation of all associated risks.

Just as outsourcing relationships rarely bear the fruit of immediate cost savings or overnight improvements in service delivery, primary objectives in corporate compliance and regulatory control may fall short of minimum standards until all components of a business outsourcing arrangement are mature and performing in tandem effectively. Furthermore, moving proprietary business knowledge and custodial operations outside corporate boundaries may result in an unacceptable loss of dominion as it relates to internal compliance mechanisms. The current vigorous regulatory environment coupled with rapidly changing technology and business landscapes demands that executives fully weigh the potential downsides and risks of each outsourcing service relationship before jumping to outsource critical business functions. Once decisions are made to engage and involve external vendors and service providers in critical enterprise business functions, a sturdy governance sourcing methodology will help guarantee that outsourcing relationships yield unremitting high value. It pays to ensure that your outsourcing vendors have satisfied the compliance stipulations for their particular industry or practice area so that they may more seamlessly support and meet the compliance and regulatory requirements of your business. 

Register or login for access to this item and much more

All Information Management content is archived after seven days.

Community members receive:
  • All recent and archived articles
  • Conference offers and updates
  • A full menu of enewsletter options
  • Web seminars, white papers, ebooks

Don't have an account? Register for Free Unlimited Access