Description
Outsourcing is the contracting out of an internal business process to a third-party organization. The term "outsourcing" became popular in the United States near the turn of the 21st century. Outsourcing sometimes involves transferring employees and assets from one firm to another, but not always.
A STUDY ON INFORMATION TECHNOLOGY OUTSOURCING AND ITS RISKS
SUPPLIER LOCK-IN, HIDDEN COSTS AND THE LOSS OF CONTROL OVER OUTSOURCED IT
ABSTRACT
Nowadays, information technology outsourcing (ITO) represents an established business practice in which a considerable number of companies are involved. Since the success of ITO is highly dependent on the exposure to ITO risks, studying the very risks is of great importance. The aim of this thesis consists in revealing the occurrence of specific ITO risks: supplier lock-in, hidden costs and the loss of control over outsourced IT. Further aims of this work are the revelation of measures which can be taken in order to face these risks and of the influences these risks have on backsourcing considerations. The first part of this thesis constitutes the theoretical framework which is based on the review of relevant literature. Within this part of the work, transaction cost theory and resource-based theory are presented and applied for the discussion of the specific ITO risks under consideration. Furthermore, a multidimensional approach is utilized in order to illustrate the various dimensions of ITO. By this means, the identification of situations in which the ITO risks under consideration appear is enabled. The empirical part of this exploratory research is based on a multiple case study. The data necessary for this qualitative research was gathered from telephone interviews conducted with both ITO clients and IT suppliers. The results of this study indicate that the ITO risks under consideration all pose considerable threats to ITO operations and that there are both internal and external measures ITO companies can take in order to face these risks. Furthermore, the risks under discussion influence backsourcing considerations.
ii
TABLE OF CONTENTS
1. INTRODUCTION .............................................................................................1
1.1. PROBLEM FORMULATION............................................................................................................ 1 1.2. DELIMITATION OF THE STUDY .................................................................................................... 3 1.3. PURPOSE OF THE STUDY.............................................................................................................. 4 1.4. DISPOSITION ............................................................................................................................... 4
2. THEORETICAL BACKGROUND .................................................................6
2.1. ITO THEORIES ............................................................................................................................ 6 2.1.1. TRANSACTION COST THEORY ............................................................................................. 7 2.1.2. RESOURCE THEORIES .......................................................................................................... 8 2.1.3. OVERVIEW OVER ITO THEORIES......................................................................................... 9 2.2. THE EVOLUTION OF ITO ........................................................................................................... 10 2.2.1. THE HISTORY OF ITO........................................................................................................ 10 2.2.2. ITO TODAY....................................................................................................................... 11 2.3. ITO DIMENSIONS ...................................................................................................................... 12 2.3.1. MULTIDIMENSIONALITY OF ITO ....................................................................................... 12 2.3.1.1. Location............................................................................................................ ........ 13 2.3.1.2. Financial dependency ............................................................................................... 14 2.3.1.3. Degree of external procurement ............................................................................... 15 2.3.1.4. Strategic aspects ....................................................................................................... 15 2.3.1.5. Chronological order.................................................................................................. 16 2.3.1.6. Number of suppliers ................................................................................................. 16 2.3.2. DELIMITATION OF RELEVANT ITO DIMENSIONS................................................................ 17 2.4. ITO - REASONS AND RISKS ...................................................................................................... 19 2.4.1. REASONS FOR ITO ............................................................................................................ 19 2.4.1.1. Strategic Reasons for ITO ........................................................................................ 19 2.4.1.2. Technological Reasons for ITO................................................................................ 20 2.4.1.3. Economic Reasons for ITO ...................................................................................... 21 2.4.1.4. Political Reasons for ITO ......................................................................................... 22 2.4.2. RISKS OF ITO .................................................................................................................... 22 2.4.2.1. Strategic Risks of ITO .............................................................................................. 23 2.4.2.2. Technological Risks of ITO ..................................................................................... 23 2.4.2.3. Economic Risks of ITO ............................................................................................ 24 2.4.2.4. Political Risks of ITO............................................................................................... 25 2.4.3. DELIMITATION OF RISKS ................................................................................................... 26 2.4.3.1. Supplier Lock-In....................................................................................................... 26 2.4.3.2. Hidden Costs ............................................................................................................ 28 2.4.3.3. Loss of Control over outsourced IT.......................................................................... 30 2.5. SUMMARY OF THE THEORETICAL BACKGROUND ...................................................................... 31 2.6. RESEARCH DELIMITATION ........................................................................................................ 31
3. METHODOLOGY ..........................................................................................34
3.1. RESEARCH PURPOSE ................................................................................................................. 34 3.2. RESEARCH METHOD ................................................................................................................. 35
iii
3.3. RESEARCH DESIGN ................................................................................................................... 35 3.3.1. DATA COLLECTION ........................................................................................................... 36 3.3.1.1. The Interviewer ........................................................................................................ 36 3.3.1.2. The Interviewees ...................................................................................................... 37 3.3.1.3. The Interview Guide................................................................................................. 38 3.3.2. STRENGTHS ....................................................................................................................... 40 3.3.3. WEAKNESSES .................................................................................................................... 40 3.4. DATA PRESENTATION AND DATA ANALYSIS ............................................................................ 41 3.5. QUALITY OF RESEARCH DESIGN ............................................................................................... 42 3.5.1. CONSTRUCT VALIDITY ...................................................................................................... 42 3.5.2. INTERNAL VALIDITY.......................................................................................................... 43 3.5.3. EXTERNAL VALIDITY......................................................................................................... 43 3.5.4. RELIABILITY...................................................................................................................... 44
4. DATA PRESENTATION ...............................................................................45
4.1. GENERAL INFORMATION........................................................................................................... 45 4.1.1. COMPANY C1 .................................................................................................................... 45 4.1.2. COMPANY C2 .................................................................................................................... 46 4.1.3. COMPANY S1 .................................................................................................................... 47 4.1.4. COMPANY S2 .................................................................................................................... 47 4.2 SUPPLIER LOCK-IN..................................................................................................................... 48 4.2.1. COMPANY C1 .................................................................................................................... 48 4.2.2. COMPANY C2 .................................................................................................................... 49 4.2.3. COMPANY S1 .................................................................................................................... 50 4.2.4. COMPANY S2 .................................................................................................................... 50 4.3. HIDDEN COSTS.......................................................................................................................... 52 4.3.1. COMPANY C1 .................................................................................................................... 52 4.3.2. COMPANY C2 .................................................................................................................... 52 4.3.3. COMPANY S1 .................................................................................................................... 53 4.3.4. COMPANY S2 .................................................................................................................... 53 4.4. LOSS OF CONTROL OVER OUTSOURCED IT ................................................................................ 54 4.4.1. COMPANY C1 .................................................................................................................... 54 4.4.2. COMPANY C2 .................................................................................................................... 55 4.4.3. COMPANY S1 .................................................................................................................... 56 4.4.4. COMPANY S2 .................................................................................................................... 57 4.5. RECAPITULATING THOUGHTS AND BACKSOURCING POTENTIALS............................................. 58 4.5.1. COMPANY C1 .................................................................................................................... 58 4.5.2. COMPANY C2 .................................................................................................................... 59 4.5.3. COMPANY S1 .................................................................................................................... 59 4.5.4. COMPANY S2 .................................................................................................................... 60
5. DATA ANALYSIS...........................................................................................61
5.1. SUPPLIER LOCK-IN.................................................................................................................... 61 5.2. HIDDEN COSTS.......................................................................................................................... 65 5.3. LOSS OF CONTROL OVER OUTSOURCED IT ................................................................................ 69 5.4. RECAPITULATING THOUGHTS AND BACKSOURCING POTENTIALS............................................. 72 5.5. SUMMARY AND CONCLUSION ................................................................................................... 75
iv
6. THEORETICAL CONTRIBUTION.............................................................81
6.1. ACHIEVEMENT OF AIMS ............................................................................................................ 81 6.2. PROPOSALS FOR FUTURE RESEARCH......................................................................................... 81
REFERENCES ...................................................................................................... I APPENDICES..................................................................................................... VI
APPENDIX A1: GERMAN CORRESPONDENCE....................................................................................VI APPENDIX A2: ENGLISH CORRESPONDENCE...................................................................................VII APPENDIX B1: GERMAN INTERVIEW GUIDE - ITO CLIENTS......................................................... VIII APPENDIX B2: GERMAN INTERVIEW GUIDE - IT SUPPLIERS ..........................................................XII APPENDIX B3: ENGLISH INTERVIEW GUIDE - ITO CLIENTS ........................................................XVII APPENDIX B4: ENGLISH INTERVIEW GUIDE - IT SUPPLIERS......................................................... XXI
TABLE OF FIGURES
Figure 1: Overview of ITO theories; adapted from Dibbern, J.; Goles, T.; Hirschheim, R.; Jayatilaka, B. (2004) .....................................................................9 Figure 2: Multidimensionality of ITO; adapted from von Jouanne-Diedrich, H. (2004).....................................................................................................................13 Figure 3: Delimitation of considered ITO Dimensions; adapted from von JouanneDiedrich, H. (2004)................................................................................................19 Figure 4: ITO risks, dimensional characteristics and applied ITO theories; own elaboration .............................................................................................................32 Figure 5: ITO risks and influencing factors derived from applied ITO theories...33 Figure 6: Overview of Questions included in the Interview Guide.......................39 Figure 7: Supplier Lock-in: Internal measures ......................................................64 Figure 8: Supplier Lock-in: External measures .....................................................65 Figure 9: Hidden Costs: Internal measures............................................................68 Figure 10: Hidden Costs: External measures.........................................................69 Figure 11: Loss of Control over outsourced IT: Internal measures.......................72 Figure 12: Loss of Control over outsourced IT: External measures......................72 Figure 13: ITO Risks: Measures and their effects .................................................76 Figure 14: ITO Risks: Internal and external measures ..........................................79
v
TABLE OF ABBREVIATIONS
CEO CIO IS IT ITO RBT RDT TCT US US$ € Chief Executive Officer Chief Information Officer Information Systems Information Technology Information Technology Outsourcing Resource-Based Theory Resource-Dependency Theory Transaction Cost Theory United States of America US Dollar Euro
vi
1. INTRODUCTION
Over the past decades, information technology outsourcing (ITO) considerably altered the worldwide economic environment. ITO comprises two indispensable elements of today's business world: information technology (IT) 1 and outsourcing. Without doubt, technological achievements have revolutionized and will keep on changing both everyday life and working practices. Due to the process of globalization, the competitiveness of companies incessantly gains in importance. Outsourcing, which today represents an established business practice, is frequently perceived as a chance to improve the competitiveness and the success of companies. According to a study conducted by IT research and consulting organization Gartner2, the global ITO market amounted to US$ 180.5 billion, in 2003. 3 However, the "fact that firms are increasingly turning to external suppliers in order to meet their IT needs does not mean that outsourcing is a panacea or that it is without problems".4 Therefore, since the global ITO market has reached such a significant magnitude and companies involved in ITO are certainly interested in the successful realization of ITO operations, studying ITO and its risks is of great importance.
1.1. PROBLEM FORMULATION
In recent years, many authors have dealt with various facets of ITO, but this vast topic still allows a considerable amount of research. Authors such as Sparrow scrutinized factors influencing the success of ITO5 and Barthélemy addressed reasons for failure of ITO.6 Furthermore, authors like Lacity and Hirschheim dealt with practices and decisions of IT insourcing.7 The risks of ITO were scrutinized by authors such as Bahli and Rivard, but still there is rather little literature focussing on specific ITO risks.8
1
NB: As this is common practice in ITO literature, Information Technology (IT) and Information Systems (IS) will be used interchangeably in the fo llowing. 2 cp. http://www.gartner.com (accessed 4thApril 2008) 3 cp. Choong, A. (2004), "Capgemini sells S'pore, M'sia operations to Frontline", ZDNet Asia, http://www.zdnetasia.com/news/hardware/0,39042972,39199280,00.htm (accessed 4th April 2008) 4 Bahli, B. & Rivard, S. (2003), "The information technology outsourcing risk: a transaction cost and agency theory-based perspective", Journal of Information Technology, September 2003, Vol. 18, Issue 3, pp. 211221, p. 211 5 cp. Sparrow, E. (2003), "Successful IT Outsourcing: From Choosing a Provider to Managing the Project", (Practitioner series), London: Springer-Verlag 6 cp. Barthélemy, J. (2003), "The seven deadly sins of outsourcing", Academy of Management Executive, May 2003, Vol. 17, No. 2, pp. 87-98 7 cp. Lacity, M. C. & Hirschheim, R. (1995), "Beyond the Information Systems Outsourcing Bandwagon The Insourcing Response", Chichester: John Wiley & Sons Ltd 8 cp. Bahli, B. & Rivard, S. (2003)
Since ITO represents a major strategic decision, the successful realization of ITO is of great importance. Frequently, companies source out rather large parts of their IT, confiding the successful performance of the outsourced tasks to external partners. Certainly, this represents a precarious situation which implicates many risks. Since these risks have an impact on the successful realization of ITO, the necessity to deal with these risks is evident. For ITO companies, understanding and knowing how to face ITO risks represent major tasks to perform. This work will include the presentation of several ITO risks, but will focus on three specific ITO risks: supplier lock-in, hidden costs and the loss of control over outsourced IT. ITO risks such as supplier lock-in, hidden costs and the loss of control over outsourced IT represent potential constraints to the successful realization of ITO and hence, are topics worth studying. It is not only important to study the occurrence of ITO risks, but also to reveal which reasonable measures companies can take in order to face these risks. Certainly, the revelation of these measures is a prerequisite for the deterioration of negative outcomes ITO risks can have on ITO operations. Furthermore, revealing the influence ITO risks have on backsourcing considerations increases the level of awareness regarding the significance of specific ITO risks.
Since outsourcing basically represents a 'make or buy' decision, transaction cost theory will be explained and applied in order to discuss the ITO risks of supplier lock-in and hidden costs. Furthermore, since IT represents an indispensable resource which influences the success of companies, resource-based theory will be discussed and applied to the risk of loss of control over outsourced IT.
In order to reveal the occurrence of the ITO risks mentioned above, these risks will be discussed in accordance with aforementioned ITO theories. This discussion will result in the identification of factors which influence the ITO risks under consideration. The telephone interviews conducted for this study are based on these influencing factors and finally, enable to respond to the following research questions: 1. What is the occurrence of the risk of supplier lock-in in ITO companies? a) Which reasonable measures can ITO companies take in order to mitigate this risk? 2. What is the occurrence of the risk of hidden costs in ITO companies?
2
a) Which reasonable measures can ITO companies take in order to mitigate this risk? 3. What is the occurrence of the risk of loss of control over outsourced IT in ITO companies? a) Which reasonable measures can ITO companies take in order to mitigate this risk? In addition, one more research question derived from the three aforementioned research questions will be posed. Recently, the appearance of the term backsourcing, which refers to the termination of an existing outsourcing relation in order "to bring operations back in-house"1, has increased in ITO literature. In 2005, a study conducted by DiamondCluster International revealed that in the twelve months previous to the study, about 50 percent2 of the organizations under investigation "had abnormally terminated an outsourcing relationship".3 That is to say, ITO contracts primarily concluded were terminated before their regular expiration. The fact that this considerable number of ITO projects fail certainly confirms the relevance of backsourcing as a future ITO topic. However, ITO risks such as the three risks under consideration have an influence on the success of ITO operations and, in turn, the success of ITO operations certainly has an influence on backsourcing considerations. As a result, understanding the effect of ITO risks on potential backsourcing decision appears to be of great importance. Hence, in order to reveal the effects the ITO risks under consideration have on backsourcing considerations, the following research question has been formulated: 4. How do the risks under consideration considerations of ITO companies? influence backsourcing
1.2. DELIMITATION OF THE STUDY
The aim of this study is to respond to the four research questions mentioned above. Obviously, these research questions only address three specific ITO risks, so that many other risks entailed by ITO will not be included in the empirical part of this study.
1 2
Sparrow, E. (2003), p. 223 cp. Weakland, T. (2005), DiamondCluster International, Inc., "DiamondCluster 2005 Global IT Outsourcing Study", Spring 2005, http://www.diamondconsultants.com/PublicSite/ideas/perspectives/downloads/Diamond2005OutsourcingStu dy.pdf (accessed 8th April 2008), p. 6 3 ibid.
3
The risks under consideration are likely to appear within ITO companies of all sizes. Since recent ITO literature does predominantly not distinguish between small and medium-sized enterprises and large companies, there will be no such distinction within this work either. However, noticeable aspects regarding the size of ITO companies will be presented within the empirical part of this work. Since the aim of this work is an in-depth examination of specific ITO risks, logical conclusions which contribute to recent theory in the field of ITO shall be derived from the results of this study. However, the aim of this work is not to find statistical evidence for the results obtained, but to derive logical contributions to theory.
1.3. PURPOSE OF THE STUDY
The aim of this thesis is the exposure of relevant information on the prevailing perceptions of IT outsourcing companies regarding the risks of supplier lock-in, hidden costs and the loss of control over outsourced IT. Furthermore, the measures taken in order to face these risks shall be discussed and evaluated. The role these risks play in connection with backsourcing considerations shall be revealed, as well. As the ITO risks under discussion pose a threat to the successful realization of ITO operations, the analysis of their appearance in today's business world certainly is of great importance to practitioners and theorists alike. Thus, students as well as decision makers interested or involved in ITO situations are the addressees of this paper. The decision makers involved in ITO situations can either be ITO clients or IT suppliers interested in the perceptions regarding the risks under discussion. Furthermore, the findings of this paper shall contribute to managers' capability to scrutinize ITO operations they are in charge of in terms of ITO risks and backsourcing considerations.
1.4. DISPOSITION
This thesis consists of six chapters. These chapters contain the introduction, the theoretical background, the methodology, the data presentation, the data analysis and the theoretical contribution of this work. In the following, the content of these chapters will be outlined. The introduction of this thesis includes the general introduction to ITO and its risks and illustrates the relevance of this topic. Furthermore, the introduction
4
contains the presentation of the research questions under discussion as well as the delimitation and the purpose of this study. The second chapter of this work contains the theoretical background within which transaction cost theory and resource theories are presented. Thereafter, the past and the present of ITO are represented. Furthermore, the various dimensions of ITO are illustrated via the utilization of a multidimensional model. Thereupon, reasons for and risks of ITO are presented. Hereupon, three of these risks are presented in-depth. In the end, presented theories, dimensions and risks of ITO are combined illustrating the delimitation of the empirical study. The third chapter of this thesis is dedicated to the presentation of the applied research method and the research design. The presentation of the latter includes both the description of the data collection and the discussion of weaknesses and strengths of the utilized methods. Furthermore, an outline regarding the data presentation and the data analysis which are part of the subsequent chapter is presented. The fourth chapter of this work contains the presentation of empirical data. Within this chapter, the results obtained from the conduction of telephone interviews are represented. The fifth chapter of this thesis is dedicated to the data analysis. The analysis is arranged according to the research questions mentioned above and comprises the responses to the very research questions. Furthermore, the ITO risks and the measures taken in order to face these risks are combined and discussed. Additionally, both recapitulating thoughts and the influence these risks have on backsourcing considerations are presented. The sixth chapter of this work contains a presentation of the achievement of aims and suggestions for future research.
5
2. THEORETICAL BACKGROUND
Since this paper is limited in terms of scope and time, not all aspects which could be considered in the vast field of ITO and its risks can be discussed. Nonetheless, the following work will also include insights into facets which cannot be dealt with indepth, but which are of great relevance, because they represent a shared basis for discussion. Within the following theoretical framework, transaction cost theory and resource theories will be explained. Afterwards, an overview of recent ITO theories will be illustrated. The subsequent part will be dedicated to the evolution of ITO including decisive cornerstones such as Eastman Kodak's decision to outsource its IT operations to external suppliers.1 Afterwards, the work will include a brief presentation of the scope ITO has reached, today. Hereupon, the various dimensions of ITO will be illustrated via the utilization of a multidimensional model. By this means, a framework for the classification of ITO and situations in which specific risks appear will be given. Thereupon, prevalently mentioned reasons for and risks of ITO will be presented. The particular attention will be dedicated to three ITO risks: supplier lockin, hidden costs and the loss of control over outsourced IT. These ITO risks emerge during actual ITO operations, that is to say they emerge after ITO contracts have been concluded. The appearance of these three ITO risks will be linked to the various dimensions of ITO. Furthermore, in order to provide an adequate basis for their analysis within the empirical part of this work, these risks will be discussed in-depth. This discussion will be based on transaction cost theory and resource-based theory.
2.1. ITO THEORIES
Recent ITO literature comprises various ITO theories which all represent different perspectives on ITO operations. These theories are not mutually exclusive and thus, can even be combined in order to examine ITO operations from different angles.2 As already mentioned above, the scope of this work is limited and thus, the presentation of ITO theories will only concentrate on some of the most frequently discussed theories in ITO literature: transaction cost theory and resource theories.
1
cp. Dibbern, J.; Goles, T.; Hirschheim, R.; Jayatilaka, B. (2004), "Information Systems Outsourcing: A Survey and Analysis of the Literature", The DATA BASE for Advances in Information Systems, Fall 2004, Vol. 35, No. 4, pp. 6-102, p. 7 2 cp. Gottschalk, P. & Solli-Sæther, H. (2006), "Managing Successful IT Outsourcing Relationships", Hershey: IRM Press, p. 71
6
2.1.1. TRANSACTION COST THEORY Without doubt, transaction cost theory (TCT) is one of the most cited ideas in ITO literature. TCT is often named in conjunction with Oliver Williamson 1 and basically has its origins in Ronald Coase's "The Nature of the Firm"2 from 1937. Coase characterizes transaction costs as being the main "determinant of the boundaries of the firm".3 This assumption is based on the fact that market transactions always involve costs. In fact, TCT represents the typical 'make or buy' approach, which compares internal production costs with external transaction costs.4 According to Williamson, a particular characteristic of this theory is that it is based on two behavioural assumptions: bounded rationality and opportunism.5 The former refers to the impossibility of possessing and including all relevant information when making a 'make or buy' decision.6 In addition, the human capabilities do not enable the anticipation of all consequences which decisions might cause. 7 The second behavioural assumption, opportunism, alludes to the possibility of a vendor behaving opportunistically in order to attain a personal advantage. In other words, this assumption refers to the vendor who is "self- interest seeking with guile".8 Williamson states that the risk of opportunism represents a threat when there are only a small number of suppliers.9 In this case, he recommends the stipulation of adequate contracts in order to reduce potential opportunism.10 Willcocks and Lacity state that TCT "has become a major starting point for those studying IS outsourcing"11 and that it is a useful instrument enhancing the understanding of ITO. 12 It seems to be obvious that, since ITO basically represents a 'make or buy' decision, it is quite inevitable to consider TCT when discussing ITO. As a result, within this thesis the assumptions related to transaction cost theory will be considered, as well.
1 2
cp. Lacity, M. & Hirschheim, R. (1995), p. 24 Coase, R. (1937), "The Nature of the Firm", Economica, New Series, November 1937, Vol. 4, No. 16, pp. 386-405 3 Gottschalk, P. & Solli-Sæther, H. (2006), p. 71 4 cp. Jurison, J. (1998), "A Risk-Return Model for Information Technology Outsourcing Decisions", Published in "Strategic Sourcing of Information Systems: Perspectives and Practices", Editors: L. Willcocks & M. Lacity; Chichester: John Wiley & Sons Ltd, pp. 187-204, p. 191 5 cp. Williamson, O. (1975), "Markets and Hierarchies: Analysis and Antitrust Implications. A Study in the Economics of Internal Organization", New York: The Free Press, p. 254 6 cp. Lacity, M. & Hirschheim, R. (1995), p. 36 7 cp. Bahli, B. & Rivard, S. (2003), p. 213 8 Williamson, O. (1975), p. 26 9 cp. ibid., p. 27 10 cp. ibid. 11 Willcocks, L & Lacity, M. (1998), "The Sourcing and Outsourcing of IS: Shock of the New?", Published in "Strategic Sourcing of Information Systems: Perspectives and Practices", Editors: L. Willcocks & M. Lacity; Chichester: John Wiley & Sons Ltd, pp. 1-41, p. 9 12 cp. ibid.
7
2.1.2. RESOURCE THEORIES In contrast to TCT which reflects an economic approach, resource theories can be classified as being strategic management approaches.1 Resource theories can be subdivided into two categories: resource-based theory and resource-dependency theory.2 Resource-based theory (RBT) is based on the assumption that resources which fulfil specific criteria might lead to competitive advantages. According to RBT, such competitive advantages presume the existence of resource heterogeneity and resource immobility.3 The prerequisite of resource heterogeneity refers to the fact that competitive advantages are only possible if the resources possessed by competing companies are different, that is to say the resources must be heterogeneous.4 The other assumption, resource immobility, refers to the inability to get access to the resources of competitors.5 Based on these two assumptions, Barney identified four criteria which resources must fulfil in order to lead to a "sustainable competitive advantage".6 According to these criteria, resources must be valuable, rare, imperfectly imitable and not substitutable.7 After all, RBT suggests that a company which has resources characterized by these criteria will be able to gain competitive advantages.8 Resource-dependency theory (RDT) in contrast to RBT does not focus on analyzing the interior, but the exterior of companies, that is to say their environment. RDT assumes that each organization is dependent on external resources which are being controlled by others. These resources include "land, labor, capital, information or a specific product or service".9 Since resources which companies cannot provide internally have to be acquired externally10, RDT assumes that every organization's success depends on its ability to obtain resources from external partners. Since IT today represents an indispensable factor for each organization and outsourcing represents a form of external provision, resource theories seem to be reasonable theories to apply when discussing ITO. The relevance TCT and
1
cp. Grover, V.; Teng, J.; Cheon, M. (1998), "Towards a Theoretically-based Contingency Model of Information Systems Outsourcing", Published in "Strategic Sourcing of Information Systems: Perspectives and Practices", Editors: L. Willcocks & M. Lacity; Chichester: John Wiley & Sons Ltd, pp. 79-101, p. 84 2 cp. Dibbern, J.; Goles, T.; Hirschheim, R.; Jayatilaka, B. (2004), p. 19 3 cp. Barney, J. (1991), "Firm Resources and Sustained Competitive Advantage", Journal of Management, 1991, Vol. 17, No. 1, pp. 99-120, p. 105 4 cp. ibid., p. 104 5 cp. ibid., p. 105 6 ibid., p. 115 7 cp. ibid. 8 cp. Grover, V.; Teng, J.; Cheon, M. in Willcocks, L. & Lacity, M. (1998), p. 84-85 9 Kotter, J. (1979), "Managing External Dependence", The Academy of Management Review, 1979, Vol. 4, No. 1, pp. 87-92, p. 87 10 cp. Grover, V.; Teng, J.; Cheon, M. in Willcocks, L. & Lacity, M. (1998), p. 88
8
resource theories have in the field of ITO seems to be obvious and hence, keeping above mentioned theories in mind will hopefully contribute to the extension of perspectives with regard to the further reading process.
2.1.3. OVERVIEW OVER ITO THEORIES Since the aforementioned ITO theories only represent two of many frequent ITO theories, the following chart1 adapted from Dibbern et al. has been included in this work. This chart does not contain all existing ITO theories, but certainly provides the reader with an adequate overview over current ITO theories. The figure includes the level of analysis, the description of basic assumptions and the core focal points of the mentioned theories. The reason for illustrating this chart is to enable readers interested in ITO theories to deal with other than the mentioned ITO theories, as well. The chart facilitates dwelling on theories that arouse interest in the reader by presenting key authors associated with each mentioned theory. Certainly, the latter aspect represents a major benefit of this overview.
Figure 1: Overview o2f ITO theories; adapted from Dibbern, J.; Goles, T.; Hirschheim, R.; Jayatilaka, B. (2004)
1 2
cp. fig.1 cp. Dibbern, J.; Goles, T.; Hirschheim, R.; Jayatilaka, B. (2004), "Table 3. Overview of Theoretical
9
2.2. THE EVOLUTION OF ITO
In the following, in order to give an insight into the evolution of ITO, the history and the present of ITO will be presented briefly. Certainly, this presentation is indicative and auxiliary for comprehending where ITO is today and how it could develop in the future.
2.2.1. THE HISTORY OF ITO ITO as a business practice did not emerge recently, but can be traced back to the 1960s.1 At that time, the utilization of information technology was characterized by heavy, high priced computers which, because of their sensitivity in regard to "temperature, humidity and dust"2, required a specific, monitored environment.3 Since smaller companies neither had the financial capabilities nor the expertise to run these systems, they were highly dependent on large IT suppliers. During this era, successful companies, such as Ross Perot's Electronic Data Systems4 which seized their chance to benefit from the lack of affordable computers, were established. Apparently, at that time, sourcing out IT operations certainly was no free choice for most of the outsourcing companies, but still this era can be considered as being the beginning of ITO.5 The two following decades - the 1970s and the 1980s - were characterized by significant technological progress such as the development of the Intel 4004 - the world's first microprocessor.6 As a result of such far-reaching achievements, the userfriendliness of IT products increased and prices for hardware as well as standard software decreased significantly, so that virtually every company could consider and afford running its own IT.7 In the beginning, this newly gained accessibility combined with the perception of IT as being "a source of competitive advantage"8, led to companies' effort to operate and control all IT themselves. At that time, firms' decisions to run IT on their own were additionally strengthened by a lack of available IT suppliers.9
Foundations", p. 18 cp. Lee, J.; Huynh, M.; Kwok, R.; Pi, S. (2003), "IT Outsourcing Evolution - Past, Present, and Future", Communications of the ACM, May 2003, Volume 46, Issue 5, pp. 84-89, p. 84 2 Sparrow, E. (2003), p. 2 3 cp. ibid. 4 cp. http://www.eds.com/about/history (accessed 3rd April 2008) 5 cp. Sparrow, E. (2003), p. 2 6 cp. http://www.intel.com/museum/archives/4004.htm (accessed 3rd April 2008) 7 cp. Sparrow, E. (2003), p. 2 8 ibid. 9 cp. ibid., p. 3
1
10
However, in 1989, Eastman Kodak sourced out its IT operations "to IBM, DEC and Businessland" thereby laying the foundation for the perception of ITO as a pivotal practice for IT management1 and, as a result, for the magnitude of today's ITO market. The implementation of this business practice in a large company like Eastman Kodak was - within other firms - apprehended as a legitimization for sourcing out IT.2 Eastman Kodak's US$ 1 billion deal3 was a watershed in ITO history and today, the fact that a large number of organizations such as Continental Airlines and Xerox4 followed the example set by Eastman Kodak, is known as the "Kodak effect".5
2.2.2. ITO TODAY Today, the ITO market has reached an immense scope. According to Lacity et al., in 1989, the global ITO market had reached a modest level of US$ 4 billion.6 In 1990, the scope of global ITO had already more than doubled, accounting for US$ 9 billion.7 Four years later, in 1994, the global ITO market "exceeded US$49.5 billion"8 and, in 1999, according to estimations referred to by Lacity and Willcocks, the market had grown to US$ 100 billion. 9 Willcocks et al., for instance, state that "IT outsourcing global revenues"10 in 2002 were as high as US$ 154 billion.11 Apparently, estimations about the global ITO market size and growth diverge due to different definitions of ITO and different resources. However, the proportions of the estimations regarding the scope of the ITO market remain comparable and impressive, as well. ZDNet Asia referring to a study conducted by IT research and consulting organization Gartner12, reported that the global ITO market had reached US$ 180.5 billion, in 2003.13 Within this general scope, the European market has taken up a considerable position. According to Deutsche Bank Research, the European ITO market had a volume of US$ 36.2 billion14, in 2002,
1 2
cp. Lee, J.; Huynh, M.; Kwok, R.; Pi, S. (2003), p. 86 cp. Dibbern, J.; Goles, T.; Hirschheim, R.; Jayatilaka, B. (2004), p. 7 3 cp. ibid., p. 8 4 cp. Lacity, M.; Willcocks, L.; Feeny, D. (1997), "The Value of Selective IT Sourcing", Published in "Managing IT as a Strategic Resource", Editors: L. Willcocks, D. Feeny, G. Islei; Maidenhead: McGraw-Hill Publishing Company, pp. 277-305, p. 277 5 Dibbern, J.; Goles, T.; Hirschheim, R.; Jayatilaka, B. (2004), p. 7 6 cp. Lacity, M.; Willcocks, L.; Feeny, D. (1997) in L. Willcocks, D. Feeny, G. Islei; p. 277 7 cp. Lacity, M. & Willcocks, L. (2001), "Global Information Technology Outsourcing: In Search of Business Advantage", Chichester: John Wiley & Sons Ltd, p. 2 8 Lacity, M. et al. in Willcocks, L. et al. (1997), p. 277 9 cp. Lacity, M. & Willcocks, L. (2001), p. 2 10 Willcocks, L.; Hindle, J.; Feeny, D.; Lacity, M. (2004), "IT and Business Process Outsourcing: The Knowledge Potential", Information Systems Management, June 2004, Volume 21, Issue 3, pp. 7-15, p. 7 11 cp. ibid. 12 cp. http://www.gartner.com (accessed 4th April 2008) 13 cp. Choong, A. (2004), "Capgemini sells S'pore, M'sia operations to Frontline", ZDNet Asia, http://www.zdnetasia.com/news/hardware/0,39042972,39199280,00.htm (accessed 4th April 2008) 14 NB: € 38.3 billion, converted at an annual, average exchange rate (2002) as found on http://www.oanda.com/convert/fxaverage (accessed 14th May 2008 )
11
and a volume of US$ 49.2 billion1, in 2003.2 Within the European market, the German market is by all means one of the most important ones. In 2003, the German ITO market had an estimated volume of US$ 12.0 billion. 3 In other words, in 2003 the German ITO market represented about 25% of the entire European ITO market. This well depicts the importance ITO has within the European Community and especially, the relevance this topic has for the German economy and German companies, as well. Similar to the Eastman Kodak case mentioned above, recently there has been a major case, which created attention among the ITO community. In 2002, the financial service provider J.P. Morgan Chase sourced out its IT activities to IBM in a deal which was worth US$ 5 billion and thus, arrested the attention of the ITO world.4 In July 2004, J.P. Morgan Chase merged with Bank One and, as a result of Bank One's philosophy consisting in not outsourcing IT operations, finally decided to bring its outsourced IT back in-house.5 It seems as if this significant event could be an impulse for other companies' reflection regarding their own ITO operations and thus, indicate a future backsourcing trend. Certainly, keeping in mind the dimensions of today's ITO market, the relevance of backsourcing is perspicuous and therefore, the importance of involving backsourcing in this and future research projects is, as well.
2.3. ITO DIMENSIONS
2.3.1. MULTIDIMENSIONALITY OF ITO Nowadays, ITO literature offers many different ways of categorizing outsourcing operations. Defining to which specific ITO situations discussions of ITO and its risks refer is of great importance, because the various risks of ITO can be assigned to a variety of different situations. Therefore, in order to facilitate the clarification regarding the situations in which certain ITO risks could emerge, a model which
1
NB: € 43.5 billion, converted at an annual, average exchhange rate (2003) as found on http://www.oanda.com/convert/fxaverage (accessed 14t May 2008 ) cp. Deutsche Bank Research, Rollwagen, I. (2007), "Präsentation: Zukünftige Qualitätsanforderungen und Bildungslandschaften", Kongress „Offen für morgen"/Kongress „Bildung und Betreuung", Stuttgart, October 2007, http://www.dbresearch.de/PROD/DBR_INTERNET_DEPROD/PROD0000000000217016.pdf (accessed 8th April 2008) , p. 19 3 NB: € 10.6 billion, converted at an annual, average exchange rate (2003) as found on http://www.oanda.com/convert/fxaverage (accessed 14th May 2008 ); cp. Deutsche Bank Research, Allweyer, T.; Besthorn, T.; Schaaf, J. (2004), "IT-Outsourcing: Zwischen Hungerkur und Nouvelle Cuisine die gesamtwirtschaftliche Perspektive", economics, April 2004, No. 43, http://www.dbresearch.de/PROD/DBR_INTERNET_DE-PROD/PROD0000000000073793.pdf (accessed 8th April 2008), p. 7 4 cp. Tadelis, S. (2007), "The Innovative Organization: Creating Value Trough Outsourcing", California Management Review, Fall 2007, Vol. 50, No. 1, p. 265 5 cp. Ibid.
2
12
permits the definition of various dimensions of ITO seems to be reasonable. By means of the following model1 which was partially translated from German into English, Holger von Jouanne-Diedrich depicts the many dimensions of ITO quite well.2 Since in this model 'sourcing' is used interchangeably with the term 'outsourcing', this will apply to this work, as well.
Financial Dependency Location
Offshore-Outsourcing External Outsourcing Internal Outsourcing Nearshore-Outourcing
Degree of external Procurement
Total Outsourcing Selective Outsourcing Total Insourcing
ITO
Single-Sourcing Multi-Sourcing Insourcing Co-Sourcing Transitional Outsourcing
Number of Suppliers
Outsourcing Value-added Outsourcing Backsourcing
Strategic Aspects
Chronological Order
Figure 2: Multidimensionality of ITO; adapted from von Jouanne-Diedrich, H. (2004)3
In the following, the dimensions mapped in this illustration will be presented and thereupon, the scope for this research project will be delimited. The criteria will be defined according to relevant ITO literature.
2.3.1.1. Location This dimension refers to the geographical distance among the outsourcing clients and the suppliers. Offshore outsourcing, also known as "global outsourcing"4, refers to purchasing IT from suppliers which are located overseas.5 A prime example for this type of ITO is a company from the US sourcing out services such as software development to IT suppliers in India, which is known for being the leading country among all IT providing countries.6 Regarding ITO, approximately
1 2
cp. fig.2 cp. von Jouanne-Diedrich, H. (2004), "15 Jahre Outsourcing- Forschung: Systematisierung und Lessons Learned", Published in "Informationsmanagement: Konzepte und Strategien für die Praxis", Editors: R. Zarnekow, W. Brenner, H. Grohmann; Heidelberg: dpunkt.verlag GmbH, pp. 125-133, p. 127 3 cp. ibid. 4 Gottschalk, P. & Solli-Sæther, H. (2006), p. 136 5 cp. Willcocks, L & Lacity, M. in L. Willcocks & M. Lacity (1998), p. 4 6 cp. Gottschalk, P. & Solli-Sæther, H. (2006), pp. 137
13
"60-80 per cent of the global market"1 belongs to India. Firstly, this is due to the fact that India and several other offshore locations offer both an acceptable degree of political stability and lower labour costs than many other countries. Secondly, India and other offshore locations also have the expert knowledge and technological capabilities necessary to be perceived as being reliable IT suppliers. Nearshore outsourcing, on the other hand, refers to sourcing out IT to countries which are geographically close to the country in which the outsourcing companies are located. The advantages are often perceived as being similar to the ones gained from offshore outsourcing and complemented by the expectation of less communication costs and problems among ITO clients and IT suppliers.2 The latter assumption is mainly based on the fact that, due to the geographical proximity, the outsourcing companies hope to benefit from lower language barriers, less interpretative misunderstandings thanks to cultural closeness and a rather high level of personal accessibility.3 It seems as if these assumptions can be supported, because among countries within Europe there will certainly be less cultural differences than among European and Asian countries, for instance. An example for nearshoring would be a German company sourcing out to Poland.
2.3.1.2. Financial dependency This dimension addresses the financial dependency among the ITO clients and IT the suppliers. External outsourcing refers to contractual partnerships among separate entities.4 This means that the outsourced processes are confided to third party vendors providing the requested services.
Internal outsourcing refers to ITO partnerships including two separate companies which both are affiliated to the same corporate group.5 Obviously, such situations result in atypical supplier-client relationships, because both parties are influenced by common decision makers.
Spin-offs are a particular way of sourcing out IT operations. Spin-offs are new companies established out of former IT departments. The business purpose consists of providing both the founding companies and other, external companies with specific services, in this case IT provision. An example for the successful
1 2
Sparrow, E. (2003), p. 15 cp. Deutsche Bank Research, Meyer, T. (2006), "Offshoring an neuen Ufern: Nearshoring nach Mittel- und
Osteuropa", economics, July 2006, No. 58, http://whww.dbresearch.de/PROD/DBR_INTERNET_DEPROD/PROD0000000000200245.pdf (accessed 8t April 2008), p. 6 3 cp. ibid. 4 cp. von Jouanne-Diedrich, H. (2004), p. 128 5 cp. ibid.
14
realization of a spin-off is Lufthansa Systems which is a Deutsche Lufthansa spinoff.1 It seems to be obvious that the relation between ITO partners might differ depending on their financial dependency.
2.3.1.3. Degree of external procurement The degree of external procurement refers to the total amount of IT companies decide to source out. Total outsourcing implies that outsourcing companies place the responsibility for "at least 80% of their IS budgets"2 on external suppliers.
Selective outsourcing refers to sourcing out between 20 and 80% of the total IT to external partners.3 Since selective outsourcing implies that a considerable part of the IT tasks is not sourced out, this can be regarded as a more moderate approach than total outsourcing.
Total insourcing refers to situations in which companies decide to keep the main part of their IT in-house. More precisely, this means that "over 80% of the IS budget"4 are spent on internal IT supply.
2.3.1.4. Strategic aspects This dimension refers to the aim which originates the realization of ITO operations. Value-added outsourcing implies that ITO relationships represent more than mere client-supplier dependency, but instead are partnerships based on the competencies of the partners that are involved. The reason for this kind of collaboration is selling IT solutions to external customers.5 Furthermore, value- added outsourcing includes sharing profits and risks among the business partners.6
Transitional outsourcing stands for organizations' decisions to source out parts of their IT in order to free resources for the development and/or implementation of new technology. This kind of outsourcing is basically caused by the dynamics characterizing the IT market and the frequently resulting necessity to contemporaneously run different systems.7
1
NB: Today, Lufthansa Systems is one of world's largest IT service suppliers known in the aviation industries. For further information cp. http://www.lhsystems.com/resource/document/pdf/news/company_profile_en.pdf, (accessed 5th April 2008), p. 1 2 Lacity, M. & Hirschheim, R. (1995), p. 4 3 cp. von Jouanne-Diedrich, H. (2004), p. 128 4 Lacity, M. & Hirschheim, R. (1995), p. 4 5 cp. Lacity, M. & Willcocks, L. (2001), p. 19 6 cp. ibid. 7 cp. ibid., p. 10
15
Co-sourcing contracts are based on performance in terms of the ITO clients' organizational objectives. This means that the IT supplying companies are not simply paid for providing pre-fixed services, but according "to the effective alignment of IT assets and expenditures with business objectives".1 It seems to be evident, that this kind of outsourcing requires a sound collaboration among the contracting partners.
2.3.1.5. Chronological order Insourcing can be referred to as the analysis of outsourcing possibilities compared to internal IT provision and a resulting decision to keep IT in-house. 2 Of course, this decision implies the assumption that the quality of internal IT supply is at least equal to the quality external IT provision would generate.3 Insourcing, of course, refers to a situation in which companies decide to provide IT operations internally. Outsourcing is the next step companies can take in order to perform IT related tasks. One of the most frequent definitions of ITO is determined by Loh and Venkatraman who "define IT outsourcing as the significant contribution by external vendors of the physical and/or human resources associated with the entire or specific components of the IT infrastructure in the user organization". 4 Obviously, outsourcing implies that ITO companies rely on the IT suppliers' correct performance of outsourced tasks. Backsourcing is a term used to describe the case in which organizations decide to terminate established outsourcing partnerships in order to reintegrate outsourced IT. This means that companies involved in ITO decide to bring outsourced IT back in-house.5 Obviously, backsourcing represents the end of ITO relationships.
2.3.1.6. Number of suppliers Single-sourcing consists of the practice of committing all outsourced activities to just one vendor. Obviously, this means that the ITO relationship is characterized by a high level of dependency.
1 2
Lacity, M. & Willcocks, L. (2001), p. 28 cp. Hirschheim, R. & Lacity, M. (2000), "The Myths and Realities of Information Technology Insourcing", Communication of the ACM, February 2000, Vol. 43, No. 2, p. 100 3 cp. ibid. 4 Loh, L. & Venkatraman, N. (1992), "Diffusion of Information Technology Outsourcing: Influence Sources and the Kodak Effect", Information Systems Research, December 1992, Vol. 3, Issue 4, pp. 334-358, p. 336 5 cp. Sparrow, E. (2003), p. 223
16
Multi-sourcing, however, is characterized by outsourcing organizations' choices to rely on more than one supplier. Reasons for choosing a multi-sourcing strategy are the fear of being highly dependent on only one supplier and the high degree of specialization required in regard to different IT processes which are being sourced o ut .1
2.3.2. DELIMITATION OF RELEVANT ITO DIMENSIONS In the following, in order to create an adequate basis that ensures common understanding of the risks which will be under investigation, it will be outlined which dimensions will be considered in the further discussion and which will not, and why. The location of the supplier plays no significant role within the broader aim of this paper. Even though the geographical position of outsourcing suppliers certainly has a significant impact on the costs and, therefore, on many outsourcing decisions, the aim of this paper is not primarily connected with this analysis of location in connection with ITO and its risks. Thus, this dimension will not be considered in the following. The financial dependency among the ITO partners certainly has a significant influence on the relationship between them. Companies which belong to the same corporate group represent ITO relationships which are characterized by interdependency and this certainly has an influence on the perception of ITO risks. This work focuses on ITO risks which emerge when IT is entrusted to partners that cannot be influenced by means of a common administration, for instance. Therefore, the further discussion asks for a focus on external, that is to say unconnected, entities. Hence, all topics discussed below will apply to ITO operations involving ITO companies and external, unconnected IT suppliers. Concerning the degree of external procurement, outsourcing and selective outsourcing represent situations that will be considered in the following. The ITO risks which will be discussed below result from rather significant levels of external IT provision and therefore, in the following, the term outsourcing will comprise selective outsourcing, as well. Correspondingly, in the following, outsourcing will refer to an amount of outsourced IT characterized by a value of at least 20% in regard to the overall IT expenses.
1
cp. Sparrow, E. (2003), p. 159
17
Strategic choices underlying the creation of ITO relationships are not of particular interest for the further discussion, because they refer to the phase before IT is actually sourced out. Since the discussion of ITO risks will be focussed on ITO risks which appear during actual ITO operations, already existing ITO relationships will be assumed. The dimension regarding the chronological order will partly be taken into account in the further discussion. As ITO risks emerge when IT is being sourced out, outsourcing will be assumed as the starting point for the further discussion. Later on, backsourcing will also be taken into account in order to see whether it is a potential alternative for organizations threatened by the specific ITO risks under consideration. The number of suppliers - as long as they are external suppliers - is not of major interest for the following discussion. However, as one of the ITO risks discussed below - supplier lock-in - will ask for either single or few supplier situations the case of single-sourcing has to be considered. Since this particular setting is only needed in regard to the discussion of one ITO risk under consideration, multi- sourcing will be considered, as well. In order to provide the reader with a concluding overview of dimensions or rather parts of specific dimensions that will be considered in the following, the multidimensionality model presented above1 was modified. The modified model is represented in the following chart.2
1 2
cp. fig.2 cp. fig.3
18
Financial Dependency Location
Offshore-Outsourcing External Outsourcing Internal Outsourcing Nearshore-Outourcing
Degree of external Procurement
Total Outsourcing Selective Outsourcing Total Insourcing
ITO
Single-Sourcing Multi-Sourcing Insourcing Co-Sourcing Transitional Outsourcing
Number of Suppliers
Outsourcing
Value-added Outsourcing
Backsourcing
Strategic Aspects
Chronological Order
Figure13: Delimitation of considered ITO Dimensions; adapted from von Jouanne-Diedrich, H. (2004)
2.4. ITO - REASONS AND RISKS
The vast field of ITO contains many studies which focus on the revelation of advantages and disadvantages or rather reasons and risks perceived as being linked to ITO operations. In the following, aspects readers usually encounter when they deal with the pros and cons of ITO are represented. The reasons for and risks of ITO have been categorized according to their strategic, technological, economic or political nature and will be presented accordingly in the following.
2.4.1. REASONS FOR ITO Nowadays, a considerable amount of ITO literature primarily focuses on representing the advantages of and the reasons for ITO. Since the positive effects of ITO certainly act as a counterbalance to the ITO risks which will be addressed below, some of the most frequently mentioned reasons for ITO are presented in the following.
2.4.1.1. Strategic Reasons for ITO Among the reasons for ITO characterized as being of a strategic nature, there can frequently be found reasons related to outsourcing companies' chances to focus
1
cp. von Jouanne-Diedrich, H. (2004), p. 127
19
on their respective core businesses.1 This point refers to the fact that ITO firms obtain the chance to concentrate on activities which they are best at and which thus represent an advantage over competitors.2 Another frequently mentioned strategic reason for ITO is the facilitation of reorganization processes such as mergers and acquisitions.3 The core business of IT providers is IT and therefore, the services they supply are based on a high level of experience and expertise. As a result, IT providers are able to support reorganizations of companies quicker and more efficiently than internal IT departments are.4 The augmentation of flexibility associated with the manageability of IT resources is another element reflecting a strategic reason for ITO.5 This point refers to the reduced response time ITO companies have in case of changing capacity needs, for instance.6
2.4.1.2. Technological Reasons for ITO It is in the nature of things, that discussing ITO implicates the discussion of frequently mentioned technological reasons for and advantages of ITO. A major advantage obtained through IT outsourcing is the "access to leading edge technologies faster and less expensive than otherwise".7 This access requires a sound relationship among ITO clients and IT suppliers which, as a result, will enable their ITO clients to get in touch with other companies the IT suppliers work with.8 Another frequently mentioned technological reason for ITO is the increasing pace of internal IT developments. Companies which decide to source out IT have the chance to keep some IT operations, which are perceived as being related to the organizations' core capacities, in-house.9 Hence, the residual internal IT is focused on and in line with the companies' "core business mission".10 As a result, the rapidity with which new applications can be developed increases.
1 2 3
cp. Sparrow, E. (2003), p. 18 cp. ibid. cp. Sparrow, E. (2003), p. 21 cp. ibid. 4 cp. Jurison, J. in L. Willcocks & M. Lacity (1998), p. 188 5 cp. Sparrow, E. (2003), p. 26
6 7
Clark, T.; Zmud, R.; McCray, G. (1998), "The Outsourcing of Information Services: Transforming the Nature of Business in the Information Industry", Published in "Strategic Sourcing of Information Systems: Perspectives and Practices", Editors: L. Willcocks & M. Lacity; Chichester: John Wiley & Sons Ltd, pp. 4578, p. 62 8 cp. ibid. 9 cp. ibid., p. 61 10 ibid.
20
Finally, the reduction of technology related risk is a reason for ITO, because firms entrusting IT to external suppliers also pass on the risks IT operations bring about. 1 For instance, due to the dynamic character of the field of IT and the continuous technological advancements, an important risk associated with IT provision is "technological obsolescence".2 Evidently, by sourcing out their IT, companies can avoid meeting this kind of problems.
2.4.1.3. Economic Reasons for ITO The economic reasons for ITO are probably the most frequently found ones in ITO literature. Since the 'make or buy' decision underlying an outsourcing decision aims at the optimization of cost structures, a major advantage hoped for in ITO operations is cost reduction.3 The latter is expected to result from economies of scale which IT suppliers can achieve.4 The very economies of scale enable IT suppliers to generate services at lower costs than the internal IT departments of the ITO companies could.5 These lower costs are reflected in the prices offered by IT suppliers and hence, lead to cost savings on the side of the outsourcing companies.6 The improvement of cost control is another economic reason for ITO, because by stipulating contracts with defined performance levels requested from the vendor, the predictability of IT related costs is perceived to increase. 7 Additionally, IT costs turn from being fixed costs for IT assets into variable costs for external IT provision which can be modified according to current business demands.8 It is evident that companies which entrust their IT operations to professional service providers expect improved service and quality of IT services. 9 The improvements of quality and service which external providers can offer compared to internal IT departments are due to better accessibility to new technological achievements and due to the dedication - and financial necessity - to satisfy the ITO customers.10
1 2 3
cp. Clark, T.; Zmud, R.; McCray, G. in L. Willcocks & M. Lacity (1998), p. 62 ibid. cp. Jurison, J. in L. Willcocks & M. Lacity (1998), p. 188 4 cp. Sparrow, E. (2003), p. 25 5 cp. Jurison, J. in L. Willcocks & M. Lacity (1998), p. 188 cp. ibid. 6 cp. Sparrow, E. (2003), p. 25 7 cp. Clark, T.; Zmud, R.; McCray, G. in L. Willcocks & M. Lacity (1998), p. 61
8 9 10
cp. Sparrow, E. (2003), p. 22 cp. Clark, T.; Zmud, R.; McCray, G. in L. Willcocks & M. Lacity (1998), p. 61
21
2.4.1.4. Political Reasons for ITO As Lacity and Willcocks found out when they analyzed 145 interviews1, a political reason for ITO is that - within some sectors - ITO is accepted to such an extent that it can be understood "as a viable, irreversible trend"2 which each firm needs to follow. An example regarding this point was given above in conjunction with the ITO decision made by Eastman Kodak 3 which induced increasing acceptance and application of ITO all over industries. Another political reason for ITO is that managers often believe that evaluating the possibilities to outsource IT "demonstrates their willingness to subordinate the good of [the] IT department for the good of the overall business".4 Apparently, this behaviour aims at enhancing the managers' support within their respective organization and is not essentially related to an ITO decision which is motivated by genuine reasons. Rarely, a political reason for outsourcing may consist in governmental regulations such as enforced "market testing".5 This governmental regulation refers to the mandatory comparison between the provision through public services and the provision through external, that is to say private, suppliers. 6 A reason for this comparison is the economic valuation of ITO alternatives compared to internal IT provision.7
2.4.2. RISKS OF ITO For the purpose of providing a shared comprehension of the word, now a brief definition of the term risk will be given. Bahli and Rivard adopt "the notion of risk exposure, wherein the probability of occurrence of an undesirable outcome and the loss associated with it are taken into account".8 This definition is adequate to the following discussion, because it does not only refer to one negative outcome such as financial or rather economic loss, but to negative outcomes of any kind.
1
cp. Lacity, M. & Willcocks, L. (1998), "An empirical investigation of information technology sourcing practices: lessons from experience", MIS Quarterly, September 1998, Vol. 22, Issue 3, pp. 363-408, p. 363 2 ibid., "Table 2. Participant Expectations/Reasons", p. 369 3 cp. chapter 2.2.1. 4 Lacity, M. & Willcocks, L. (1998), "Table 2. Participant Expectations/Reasons", p. 369 5 ibid. 6 cp. Aulich, C. & Hein, J. (2005), "Whole-of-Government Approaches to Outsourcing and Market Testing by the Commonwealth Government", Australian Journal of Public Administration, Sep2005, Vol. 64, Issue 3, pp. 35-45, p. 36 7 cp. ibid. 8 Bahli, B. & Rivard, S. (2005), "Validating measures of information technology outsourcing risk factors" OMEGA - The International Journal of Management Science, Vol. 33, Issue 2, April 2005, pp. 175-187, p. 176
22
2.4.2.1. Strategic Risks of ITO Representing a major strategic decision, ITO holds a considerable number of risks which decision makers have to bear in mind. The enhanced complexity of external IT management compared to internal IT management is a strategic risk implied by ITO.1 According to Clark et al., ITO companies have to deal with "procurement and contract management"2 in order to guarantee that the suppliers' IT provision complies with the predefined performance levels.3 It is evident that the complexity of coordination entailed by ITO augments in case of IT tasks being subdivided among internal IT departments and external IT providers.4 Decision makers in charge have to keep in mind that such situations require unambiguous definitions regarding the respective areas of responsibility.5 Of course, such circumstances most likely lead to an enhancement of anticipated IT management costs.6
Another strategic ITO risk of ITO consists in the fact that ITO operations include IT which is closely linked to core activities of ITO companies and that hence, potential competitive advantages are negatively influenced.7 Obviously, this risk is of great importance, because it is strongly related to companies' competitive ability and thus, to their success. Another important risk of strategic nature entailed by ITO operations is supplier lockin.8 This risk refers to situations in which outsourcing companies are highly dependent on one or few IT suppliers. Such situations are critical due to two major difficulties they imply. Firstly, suppliers knowing that ITO clients have no other suppliers may become overconfident and, as a result, the quality of provided services is at risk of diminishing.9 Secondly, the ITO clients' provision is additionally threatened by "potential bankruptcies and other financial disasters"10 occurring to IT suppliers they are highly dependent on.
2.4.2.2. Technological Risks of ITO Without doubt, a major concern of ITO consists of the technological risks it entails. Sourcing out IT operations implies the risk of losing internal IT knowledge. This loss of IT knowledge is caused by the fact that the IT provided
1 2
cp. Clark, T.; Zmud, R.; McCray, G. in L. Willcocks & M. Lacity (1998), p. 68 ibid. 3 cp. ibid. cp. ibid. cp. 4 ibid. 5
6 7
cp. ibid. cp. Barthélemy, J. (2003), p. 88 8 cp. Jurison, J. in L. Willcocks & M. Lacity (1998), "Table 6.1 Potential Benefits of Outsourcing", p. 189 9 cp. Sparrow, E. (2003), p. 188 10 ibid.
23
by external IT suppliers is constantly altering due to permanent technological advancement and will therefore at some point no longer be comprehensible to the ITO companies.1 This matter of fact is often aggravated by the fact that there is no or very little transfer of newly gained IT knowledge from IT suppliers to their ITO clients.2 Another risk associated with ITO is the loss of innovative capacities.3 This loss is caused by the fact that IT suppliers primarily deal with providing requested services and not with the provision of "innovative application ideas".4 However, the latter could enhance the value of IT within ITO clients' organizations.5 Furthermore, risks connected with ITO are issues related to the security and confidentiality of information or rather data belonging to ITO companies.6 As outsourcing partnerships imply the exchange of critical information concerning the ITO clients, the suppliers gain access to customer, personnel and book- keeping data.7 Additionally, the IT clients lose and the suppliers attain "control over physical and electronic security" 8 of data. These aspects are strongly related to ITO clients' attitudes towards ITO management. A loss of control over outsourced IT certainly occurs in cases of insufficient competencies or neglected supplier management.9
2.4.2.3. Economic Risks of ITO Since ITO operations are often primarily aimed at reducing IT costs 10 and increasing service levels11, economic risks associated with ITO are of great importance. A frequently mentioned problem of ITO is the inadequate definition of determinants regarding the measurement of the performance of provided services. 12 The importance of this aspect is due to the fact that an adequate performance measurement is a necessity in order to guarantee the fulfilment of service levels stipulated in ITO contracts.13 Since the terms included in ITO contracts do not represent major subjects of this work, this aspect will not be deepened further.
1 2 3
cp. Clark, T.; Zmud, R.; McCray, G. in L. Willcocks & M. Lacity (1998), p. 67 cp. ibid. cp. Earl, M. (1996), "The risks of outsourcing IT", Sloan Management Review, Vol. 37, No. 3, pp. 26-32, as referred to in Gottschalk, P. & Solli-Sæther, H. (2006), p. 67 4 ibid. 5 cp. ibid. 6 cp. Sparrow, E. (2003), p. 32 7 cp. ibid. 8 ibid. 9 cp. Barthélemy, J. (2003), p. 92 10 cp. Sparrow, E. (2003), p. 25 11 cp. ibid., p. 22 12 cp. ibid., p. 187 13 cp. Cullen, S. & Willcocks, L. (2003), "Intelligent IT Outsourcing: Eight Building Blocks to Success", Oxford: Elsevier Butterworth-Heinemann, p. 184
24
Another economic risk is the suppliers' opportunistic behaviour as already mentioned above.1 As explained within the scope of the discussion of transaction cost theory, opportunism refers to "self-interest seeking with guile".2 This risk poses a threat to ITO operations when the number of potential suppliers is rather small.3 According to Williamson, such situations require the conclusion of adequate contracts so that potential opportunism is diminished.4 Again, as this is an argument connected to the conclusion of ITO contracts, this aspect will not be discussed any further. Hidden costs represent another economic risk associated with ITO. Hidden costs are costs which augment the anticipated costs and therefore, pose a threat to the economic efficiency of ITO operations. Frequently, these additional costs are caused by the utilization of services which were not originally included in the ITO contract.5 Other factors causing the appearance of unanticipated costs are the underestimation of expenses due to the setup and management of outsourced IT operations.6
2.4.2.4. Political Risks of ITO Compared to the other types of ITO risks mentioned above, political risks are rather infrequently discussed in ITO literature. An ITO risk of a political nature is related to the personnel of ITO companies. Employees often perceive that ITO decisions and even ITO considerations represent a lack of trust in their professional capabilities. As a result, organizations considering ITO will experience considerable problems "even before an actual outsourcing decision has been made".7 Another political ITO risk is based on the fact that current business environments are characterized by high dynamics. As a result, it is difficult to anticipate what the future holds in terms of both companies' organizational developments and general technological innovations.8 Another imaginable political risk of ITO consists of the general public's perception of ITO decisions. Today, crucial decisions made by major companies,
1 2
cp. chapter 2.1.1. Williamson, O. (1975), p. 26 3 cp. Williamson, O. (1975), p. 27 cp. ibid. 4 cp. Sparrow, E. (2003), pp. 202-203 5 cp. Earl, M. (1996), as referred to in Gottschalk, P. & Solli-Sæther, H. (2006), p. 66
6 7 8
Barthélemy, J. (2003), p. 91 cp. Sparrow, E. (2003), p. 198
25
especially the ones involving the diminution of personnel, are instantly reported by the media. It seems to be evident, that decisions involving the reduction of workplaces in order to source IT services from low wage countries negatively influences companies' internal and external image.
2.4.3. DELIMITATION OF RISKS After the presentation of some of the most frequently mentioned risks in recent ITO literature, now the presentation of the ITO risks which will be discussed indepth will follow. Political risks will not be considered any further, because they appear to mostly pertain to outsourcing itself and not necessarily to IT outsourcing. The ITO risks which will be discussed in the following and in the empirical part of this work are the risks of supplier lock-in, hidden costs and the loss of control over outsourced IT.
2.4.3.1. Supplier Lock-In The strategic risk under further consideration is supplier lock-in. As already mentioned above1, this risk refers to a situation characterized by a high level of dependency in regard to one supplier. This situation enhances the risk of the supplier becoming overconfident and hence, providing lower quality services. 2 Additionally, this situation implies that the ITO company is highly dependent on the existence of the providing company. Therefore, mismanagement occurring within the organization of the IT supplier has a considerable impact on the ITO company.3 Another undesirable scenario consists of a business rival's merger with or acquisition of the IT supplier.4 Evidently, these cases would increase competitor's chances to gain insight into strictly confidential data.5 The discussion on the aspect of confidentiality will be resumed later on. Transaction cost theory has already been discussed above6 and a transaction cost theory approach to the analysis of ITO risks used by Bahli and Rivard was chosen for the further discussion of supplier lock-in.7 According to Bahli and Rivard, the risk of supplier lock-in is affected by "asset specificity"8, a "restricted number of
1 2 3
cp. chapter 2.4.2.1. cp. Sparrow, E. (2003), p. 188 cp. ibid. cp. ibid. cp. ibid. 4 cp. chapter 2.1.1. 5 cp. Bahli, B. & Rivard, S. (2003) 6 ibid., p. 213
7 8
26
suppliers"1 and by the ITO "client's lack of expertise with outsourcing contracts".2 Asset specificity is an issue frequently found in connection with transaction cost theory based approaches to ITO.3 Within these approaches asset specificity is known as an enhancer of transaction costs.4 Asset specificity refers to investments in assets which are of particular interest in the scope of a specific contractual relation and which are of significantly less value without that particular contractual relation.5 Certainly, the higher the complexity of an organization's peculiarities is the higher is the risk on the supplier's side, if he is forced to invest in specific assets for the ITO client. Asset specificity refers to both investments in tangible and intangible assets. Especially in the constantly changing field of IT, knowledge is an aspect not to underestimate. From an IT supplier's point of view, knowledge especially gained in order to support a specific business client is often useless in regard to other clients.6From an ITO client's point of view the fact that specific investments are made by the IT supplier can represent an economic advantage, because the ITO client does not have to make certain investments. However, asset specificity may also represent an advantage for the IT supplier and a disadvantage for the ITO client, because once specific investments have been made, the ITO client might be averse to changing the provider and passing through a difficult implementation phase again.7 This means that the ITO client will scrutinize each consideration of supplier change and the supplier can be quite confident of keeping the client. The limited number of suppliers is a factor indicating a risky lock-in situation for ITO clients, because in terms of bargaining power this scenario leads to a stronger position for the IT suppliers.8 As there is "a lack of alternative sources of supply"9, the suppliers may show opportunistic behaviour and, as a result, the transaction costs increase.10 The last factor mentioned by Bahli and Rivard is the expertise ITO companies have in regard to ITO operations. Expertise stands for the ITO companies' professional skills and experience in the field of interest.11 This factor refers to
1 2
ibid., p. 214 ibid. 3 cp. Grover, V.; Teng, J.; Cheon, M. in L. Willcocks & M. Lacity (1998), p. 90 4 cp. ibid. 5 cp. Bahli, B. & Rivard, S. (2003), p. 214 6 cp. Aubert, B.; Rivard, S.; Patry, M. (2004), "A transaction cost model of IT outsourcing", Information & Management, September 2004, Vol. 41, Issue 7, pp. 921-932, p. 922 7 cp. Bahli, B. & Rivard, S. (2003), p. 214 8 cp. ibid. 9 ibid. 10 cp. ibid. 11 cp. ibid.
27
"the entire set of people, processes, tools, and systems that are needed to make the relationship work"1 and thus, to successfully perform ITO. Bahli and Rivard especially refer to customers' inaptness of stipulating ITO contracts which, for instance, ensure the customers' exit possibilities in case of weak performance by the supplier and clarify intellectual property rights in case of contract expiration or termination.2 As a result, ITO clients take the risk to get trapped in ITO contracts and have no chance of getting out of these without financial losses and noticeable losses of IT related knowledge. By this means, decisions regarding supplier changes or backsourcing are impeded considerably.
2.4.3.2. Hidden Costs The above mentioned economic risk in the form of hidden costs3 will be discussed in more detail now. Complying with the discussion on supplier lock-in, the transaction cost theory will play a decisive role within the discussion of hidden costs, as well. As already explained above, hidden costs are costs not anticipated from the very beginning, that is to say these costs are not anticipated while the contractual relations are being established, but these costs emerge during the actual ITO operations. Therefore, it is reasonable that Barthélemy, on the basis of transaction cost theory, subdivides hidden costs into the ones originating before ITO contracts are concluded and the ones originating after ITO contracts are concluded.4 "Search and contracting costs"5 are the unanticipated costs originating before the conclusion of ITO contracts.6 These imply all costs caused by searching for and negotiating with potential IT suppliers. 7 Additionally, the costs due to the necessity of being in compliance with the legal requirements relating to contract conclusions are included.8 Hidden costs emerging after the conclusion of ITO contracts are "vendor management costs".9 These costs include monitoring aimed at assuring that the vendors' performances meet the predefined service levels and problem solving in case of breach of these service levels.10 In addition, unanticipated costs can appear due to the underestimation of expenses regarding the setup of ITO operations.
1 2 3
Bahli, B. & Rivard, S. (2005), p. 179 cp. Bahli, B. & Rivard, S. (2003), p. 214 cp. chapter 2.4.2.3. 4 cp. Barthélemy, J. (2003), p. 93 ibid. 5 cp. ibid. cp. ibid. cp. 6 ibid.
7 8 9 10
ibid. cp. ibid.
28
Setup costs can be caused by a "parallel running"1 of systems as a backup during the implementation phase of new systems, for instance. 2 Furthermore, unanticipated costs can emerge when internal or external conditions change, because this could necessitate costly renegotiations of originally stipulated contracts.3 According to Barthélemy, the complexity of an organization's peculiarities is positively correlated with the amount of hidden costs.4 Sourcing out activities specific to the own organization leads to an increased difficulty to reintegrate these activities, that is to say to bring them back in-house. However, the difficulties implied by the specificity of outsourced IT operations do not only enhance the complexity of bringing these operations back in-house, but do also augment the dependency on the supplier.5 As a result, the risk of hidden costs due to the peculiarity of outsourced activities could be accompanied by a lock-in scenario as aforementioned.6 However, authors such as Sparrow suggest that the costs related to an ITO operation are "much more closely scrutinized than internal costs"7 which an internal IT department would cause. Hence, the transparency of externally emerging costs in combination with costs in excess of the cost prognosis may lead to backsourcing considerations.8 Summing up, on the one hand, asset specificity increases the difficulty of backsourcing and on the other hand, external IT costs being scrutinized more than internal IT costs may lead to backsourcing considerations. Also using a transaction cost theory approach to ITO risks, Bahli and Rivard name three influencing aspects leading to hidden costs or rather "unexpected transition and management costs: (1) the client's lack of expertise with the outsourced activity, (2) the client's lack of expertise with outsourcing and (3) the degree of relatedness of the outsourced activity".9 As already explained above, the factors regarding the lack of expertise in IT operations and in outsourcing most likely result in the conclusion of inadequate ITO contracts and hence, the occurrence of anticipated costs increases. 10 Additionally, as terms and conditions of exit possibilities are often disregarded by IT outsourcers with little expertise, an inappropriate contract enhances the difficulties met in case of supplier change or backsourcing decisions.11
1 2 3
Earl, M. (1996), as referred to in Gottschalk, P. & Solli-Sæther, H. (2006), p. 66 cp. ibid. cp. Barthélemy, J. (2003), p. 93 4 cp. ibid. 5 cp. ibid. 6 cp. ibid. 7 Sparrow, E. (2003), p. 202 8 cp. ibid., pp. 202-203 9 Bahli, B. & Rivard, S. (2003), p. 214 10 cp. ibid. 11 cp. ibid.
29
Relatedness refers to activities which are interdependent and which therefore, cannot be processed independently.1 For instance, interdependency could consist of the necessity to finish one task before the following task can take place. 2 The very interdependency can apply to ITO operations intertwined with other operations which are either outsourced as well or performed in-house.3 Evidently, such cases entail the necessity to coordinate these activities so that neither of these negatively influences the performance of the respective other.4 The coordination of such interdependent operations is crucial and entails considerable efforts causing ITO management costs which often represent unanticipated costs.5 Obviously, the hidden costs of ITO deteriorate the anticipated success and cost savings of ITO. As a result, it seems to be evident that an extensive amount of unanticipated costs could also lead to backsourcing considerations.
2.4.3.3. Loss of Control over outsourced IT Certainly, it is inevitable to take into account technological risks when discussing potential ITO risks. Therefore, in the following, two of the above mentioned technological ITO risks will be considered. Both the risk of losing internally generated IT knowledge and the risks due to data security and confidentiality can be assigned to risks caused by the loss of control over outsourced IT. IT, or rather developing and applying IT, is gaining in importance as a part of organizational knowledge which is often recognized as representing the basis for the creation of a "sustainable competitive advantage".6 The latter aspect was mentioned above in the context of resource theories7 and will be resumed now. As already explained, resource-based theory assumes that resources fulfilling the prerequisites of heterogeneity and immobility might lead to competitive advantages. 8 Heterogeneity refers to the difference among resources belonging to competing firms and immobility refers to the inability to access resources belonging to a competitor. It seems as if the issue of heterogeneity is connectable with the loss of internal IT knowledge. As in ITO, IT knowledge is no longer acquired internally and newly gained IT knowledge is oftentimes not passed on from the IT supplier to the ITO
1 2 3
cp. ibid. cp. Bahli, B. & Rivard, S. (2003), p. 214 cp. ibid., p. 215 cp. ibid. cp. 4 ibid. 5 Clark, T.; Zmud, R.; McCray, G. in L. Willcocks & M. Lacity (1998), pp. 66-67
6 7 8
cp. chapter 2.1.2. cp. Barney, J. (1991), p. 105
30
client1, the future heterogeneity of competitors' resources in terms of IT knowledge is no longer assured. Unlike internal IT departments, IT service providers usually focus on providing the clients with requested services, but not on creating new IT knowledge2 which could lead to competitive advantages. Furthermore, it seems as if the issue of immobility is connectable with data security and confidentiality, because these aspects are of great importance in order to hinder competitors from gaining access to internal knowledge. The very knowledge is - as already mentioned above - essential for the creation of a "sustainable competitive advantage".3 As most of the companies try to achieve competitive advantages, the discussion of internal IT knowledge, data security and confidentiality which all influence the achievability of these competitive advantages certainly is of great importance.
2.5. SUMMARY OF THE THEORETICAL BACKGROUND
Within the theoretical background of this thesis, transaction cost theory and resource theories were presented and an insight into the evolution of ITO was given. The various dimensions of ITO were illustrated and explained. It has been defined which particular dimensions will be assumed for the further discussion and why. Furthermore, frequently mentioned reasons for and risks of ITO were presented according to their strategic, technological, economic or political nature. Hereupon, the risks of supplier lock-in, hidden costs and the loss of control over outsourced IT were discussed according to above mentioned ITO theories. After all, the risks were assigned to the dimensions under consideration in order to specify in which situations these risks appear.
2.6. RESEARCH DELIMITATION
The following chart4 illustrates the considered ITO risks and the respective ITO theories utilized in order to discuss them. Furthermore, the risks are assigned to the various dimensions of ITO in order to determine the situations assumed for the further discussion of the risks.
1 2
cp. Clark, T.; Zmud, R.; McCray, G. in Willcocks, M. & Lacity, M. (1998), p. 67 cp. Earl, M. (1996), as referred to in Gottschalk, P. & Solli-Sæther, H. (2006), p. 67 3 Clark, T.; Zmud, R.; McCray, G. in L. Willcocks & M. Lacity (1998), pp. 66-67 4 cp. fig.4
31
Figure 4: ITO risks, dimensional characteristics and applied ITO theories; own elaboration
In the following, the determination of the ITO dimensions will be explained briefly. Firstly, the location of the ITO partners is irrelevant in regard to the risks under consideration, because these can appear in all ITO operations, independent of the geographical distance between the ITO partners. Since the topic of this paper is ITO and its risks, the financial relation among the ITO company and the IT supplier should be characterized by independency. Since ITO as it is discussed within this paper assumes that companies' decisions to source out IT are not influenced by intra-group constraints, the relationship considered in the following will be a regular clientsupplier relationship between unconnected entities. As the discussion under way aims at revealing the presence of or rather awareness in regard to specific ITO risks within ITO organizations, the degree of external procurement has to permit a valid analysis. The latter requires a significant level of external procurement, that is to say that at least of 20% the total IT expenses have to apply to external IT provision. Since the strategic aspects of the multidimensionality model refer to the aims causing the realization of ITO operations, this dimension will not play a role in the following. This results from the fact that the point of departure for the further discussion is an already existing ITO situation within which specific ITO risks can emerge. As the ITO situation is the point of departure for the discussion of the ITO risks under consideration, the dimension concerning the chronological order of ITO has to be outsourcing. Not all risks under discussion do require a specific number of suppliers, but the risk of supplier lock-in assumes situations characterized by only one or few available IT suppliers. The discussion of the ITO risks under consideration occurred via transaction cost theory and resource-based theory which were presented above.1 Within this discussion, the main factors influencing the risks according to the applied theories were presented.2 A summary of these factors influencing the risks of supplier lock-in, hidden costs and the loss of control over outsourced IT are given below.3
1 2 3
cp. chapter 2.1.1. and chapter 2.1.2. cp. chapter 2.4.3.1., chapter 2.4.3.2. and chapter 2.4.3.3. cp. fig.5
32
RISK Supplier Lock-in
Applied ITO Theory Asset specificity Transaction cost theory
Influencing factors
Limited number of available suppliers ITO clients' lack of expertise with ITO and ITO contracts Vendor management costs Complexity of organizational peculiarities ITO clients' lack of expertise with the outsourced IT and outsourcing Relatedness of outsourced IT IT knowledge
Hidden Costs
Transaction cost theory
Loss of Control over outsourced IT
Resource-based theory
Innovative ability
Data security and confidentiality Figure 5: ITO risks and influencing factors derived from applied ITO theories
Due to the fact that all these risks pose a threat to the strategic and economic expectations ITO operations typically entail, this should leave no doubt about the relevance of concentrating on these particular risks. As mentioned above, these ITO risks have been discussed by other authors, but this study is expected to give new insights into the actual occurrence and awareness of supplier lock-in, hidden costs and the loss of control over outsourced IT. Furthermore, reasonable measures companies can take to face these risks and the role these risks play within backsourcing considerations shall be revealed.1
1
cp. the research questions formulated in chapter 1.1.
33
3. METHODOLOGY
The theoretical background of this work has provided the reader with an appropriate basis necessary for the correct comprehension of both the ITO risks under consideration and the research questions posed. In the following, the applied methodology, which was utilized to respond to the research questions, will be presented. Furthermore, the procedures implemented within this research project will be explained. This chapter will also contain a description regarding the data collection and a discussion on the research quality of this study.
3.1. RESEARCH PURPOSE
Starting the work on this paper, the idea was to write about IT outsourcing. After a first familiarization with the topic by working through current literature on ITO, it was considered to write a paper on ITO with a particular focus on backsourcing. However, literature on backsourcing is hardly existent and the available information regarding backsourcing mainly consists of articles presenting major backsourcing decisions such as the J.P. Morgan Chase case mentioned above.1 After realizing that the current status of literature on backsourcing does not permit an adequate development of a theoretical background and a discussion mainly focused on backsourcing, the main focus of this work had to be reconsidered. Since backsourcing represents a decision to end an existing outsourcing relationship and to bring outsourced IT back in-house, this certainly can be understood as a result of unsatisfying ITO. Since negative outcomes of ITO are certainly influenced by ITO risks, it was decided to concentrate on these. The decision was taken to start by explaining various ITO concepts necessary to finally, be able to discuss specific ITO risks in an appropriate manner. However, as backsourcing still is regarded as being an interesting topic, it was decided to connect this topic to the risks under consideration. This combination resulted in the formulation of the fourth research question. The primary aim of this research is the exposure of information on the perceptions of ITO companies regarding the ITO risks of supplier lock-in, hidden costs and the loss of control over outsourced IT as well as the determination of reasonable measures. As the risks under consideration pose a threat to the successful process of ITO operations, the analysis of their appearance certainly is of great importance to practitioners involved in and theorists interested in ITO alike.
1
cp. chapter 2.2.2.
34
3.2. RESEARCH METHOD
The research questions under discussion are decisive for choosing an adequate research method. Firstly, the researcher has to decide whether to conduct a qualitative or a quantitative research. Qualitative research, being "designed to help organisational decision-making, focusing on understanding the nature of phenomena and their meaning, rather than their incidence"1 seems to be the right approach in order to respond to the above mentioned research questions. The "in- depth examination of small-scale samples or small numbers of observations"2 as well as "unstructured interviewing guides which are responsive to context"3 are typical characteristics of qualitative research. Since the responses to the formulated research questions require situations in which the interviewer has the chance to dwell on aspects which appear to be crucial for the topics' discussion and to ask the interviewees for further explanations concerning certain answers, the decision to conduct telephone or face-to-face interviews was taken. Furthermore, as misunderstandings caused by language barriers were to be excluded, the decision to merely conduct interviews with respondents working for German companies was taken. Since I am from Germany and a native speaker, misunderstandings caused by language barriers can be excluded to a great extent. As my current place of residence does not permit face-to-face interviews with German respondents, the decision to conduct telephone interviews was taken. It was planned to tape the conversations and afterwards, put these down in writing.
3.3. RESEARCH DESIGN
According to Yin's 2 x 2 matrix describing "Basic Types of Designs for Case Studies"4, case studies can assume four different shapes. According to this categorization, case studies are on the one hand whether "holistic" 5 or "embedded"6 and on the other hand whether "single-case designs"7 or "multiple case designs".8 The research questions under consideration require interviews with individuals responsible for or rather involved in ITO operations. Therefore, in this case a holistic design is given, because "no logical subunits can be defined"9 in regard to the above mentioned individuals. According to Yin's other
1 2
http://www.aqr.org.uk (accessed 20th April 2008) ibid. 3 ibid. 4 Yin, R. (2003), "Case Study Research: Design and Methods", 3rd Edition, Thousand Oaks: Sage Publications, Inc., "Figure 2.4", p. 40 5 ibid. 6 ibid. 7 ibid. 8 ibid. 9 ibid., p. 45
35
distinction, the research project under consideration will be characterized by a multiple-case design, which "may be preferred over single-case designs".1 This preference can be explained by the fact that multiple-case designs include "the possibility of direct replication".2 The latter refers to the possibility of deducing equal results from different cases. Hence, the perceived value of the results obtained from this study will significantly gain in quality.3
3.3.1. DATA COLLECTION The aim of this research being "to elicit views and opinions from the participants"4 regarding specific risks entailed by the ITO operations their company recently is or was involved in, the appropriate way to collect data is conducting interviews. Since "there is little theory available to guide predictions"5 concerning the particular research questions under consideration, these are difficult to answer and thus, demonstrate the exploratory nature of this study. A semi-structured interview as mentioned by Hair et al.6 provides the researcher with the necessary flexibility "to ask related, unanticipated questions that were not originally included".7 This flexibility was a major reason for the decision to utilize a semi-structured interview. Certainly, this kind of interview increases the chances to reveal unforeseeable information and hence, will improve the quality of the results of this research project. Planning to conduct interviews, researchers should be conscious of some crucial aspects concerning the interviewer and the interviewees. These will be presented in the following.
3.3.1.1. The Interviewer Certainly, qualitative studies require a higher personal involvement of the researcher than quantitative studies. The interviewer takes an active part in a face- toface or telephone interview as implied in this study and therefore, he has to be cautious and sensitive in order to obtain valid results. Being the interviewer in charge, I am well aware of the influence I might have on the respondents when conducting interviews. I understand that an interviewer should be characterized by flexibility and the ability to adapt to the interviewee. An adequate knowledge in
1 2 3
Yin, R. (2003), p. 53 ibid. cp. ibid. 4 Creswell, J. (2003), "Research Design: Qualitative, Quantitative, and Mixed Methods Approaches", 2nd Edition, Thousand Oaks: Sage Publications, Inc.,p. 188 5 Hair, J.; Babin, B.; Money, A.; Samouel, P. (2003), "Essentials of Business Research Methods", New York: John Wiley & Sons, Inc., p. 57 6 cp. ibid., p. 135 7 ibid.
36
the concerned topic under investigation and not having any preconceptions are other requirements which I am well aware of.1 Furthermore, I am well aware of the fact that the results of a qualitative study are to a noticeable extent dependent on the researcher's interpretative abilities. In other words, "qualitative research is interpretative research, with the inquirer typically involved in a sustained and intensive experience with participants".2 After all, the interviewer has to be aware of his crucial role and the responsibility it entails.
3.3.1.2. The Interviewees Without doubt, the interviewees play an important role within the topic of data collection. When choosing the interviewees, the researcher has to be aware of the effects his choices might have on the outcome of the entire research project. If the interviewer knows the interviewee and the respective organization, this could have positive as well as negative effects on the interview results. On the one hand, a negative effect this occurrence could have is the potential prepossession of the interviewer. In such a situation the interviewer could think that he knows which answers he will get in advance and, as a result, the revelation of important information could be hindered.3 On the other hand, the same situation could have a positive impact on the results of a study. "In the context of social groups, Adler and Adler mention 'two sets of realities about their activities: one presented to outsiders and the other reserved for insiders'".4 Certainly, the attempt to answer above mentioned research questions should be accompanied by information frequently reserved for insiders. Hence, knowing the interviewee and the respective organization in advance could enhance the researcher's chances to reveal relevant information. Within this work, the aim was to find an appropriate balance for dealing with these pros and cons of knowing the interview partners in advance. The aim also was to conduct interviews with interviewees most likely to divulge significant information. Therefore, I decided to include one interviewee which I already knew, so that I could be confident about the fact that interviewing him would reveal important insider information.5 In order not to be confronted with above mentioned problems connected with interviewing known persons, I decided that
1 2
cp. Yin, R. (2003), p. 59 Creswell, J. (2003), p. 184 3 cp. Flick, U. (2002), "An Introduction to Qualitative Research", 2nd Edition, Thousand Oaks: Sage Publications, Inc., p. 58 4 Adler, P.A. & Adler, P. (1987), as referred to in Flick, U. (2002), p. 58 5 NB: We worked together for about two years.
37
the other interviewees had to be strangers. However, for the purpose of increasing my chances of receiving important insider information, the other three interviewees were recommended to me by some personal contacts of mine. Hence, I expected the interviewees - found with the help of acquaintances - to be well- disposed to answer to my questions and to reveal valuable information. In order to respond to the research questions mentioned above, not only ITO companies, but also IT suppliers, were interviewed. Including different perspectives regarding the risks under discussion certainly increases the quality of results obtained from the interviews and hence, the chances of deducing meaningful overall results. Summing up, the final interview partners were composed of one former colleague of mine as well as two strangers representing the ITO clients' side and two other strangers representing the IT suppliers' perspective. Since one of the interviews with ITO clients revealed rather little relevant information, it was not included in the empirical part of this work. As a result, the empirical part of this work includes two interviews with ITO clients and two interviews with IT suppliers.
3.3.1.3. The Interview Guide After the final interviewees informed me about their willingness to cooperate, an interview guide was sent to them.1 Furthermore, they were asked to decide on a suitable appointment for the conduction of the announced telephone interview and to inform me about it. The interview guide includes a preface which informs the interviewees about the fact that the answers to the presented questions do not have to be given in written form, but are simply thought as an outline allowing the interviewees to prepare for the actual telephone interviews. Within the preface, the possibility to remain anonymous and the affirmation of respecting the data confidentiality are mentioned. Since the group of interviewees consists of both ITO customers and IT suppliers, two slightly differing interview guides had to be utilized. The interview guides consist of 26 main questions which are subdivided into five sections.2 In addition, there are subordinate questions to some of these main questions targeted at deepening the responses to the main questions.
1 2
cp. Appendix B1 and Appendix B2 cp. fig.6
38
Figure 6: Overview of Questions included in the Interview Guide
The first six questions are general questions concerning the interviewees, the organization and the extent to which ITO is utilized. The following section includes five questions which deal with problems related to supplier lock-in situations and one final question asking for the measures which have been taken within the respondents' companies to deal with supplier lock-in. This final question asks for an explanation of current measures and for the interviewees' suggestions in regard to adequate measures which could be implemented in order to deal with the problems under consideration. The next segment includes questions regarding the risk of hidden costs and their appearance. There are four main questions and one final question in this segment. Again, the final question asks for the explanation of measures which are currently taken within the respondents' organizations and for the interviewees' recommendations regarding appropriate risk mitigating measures which could be implemented. In the following section, the loss of control over outsourced IT represents the topic for five main questions and one final question. Once again, the final question demands the illustration of existing measures and asks for the interviewees' suggestions concerning adequate measures which could be taken in order to deal with the issues under consideration. The last segment contains three main questions which recapitalize the importance of the risks under discussion and asks for their effect on potential backsourcing decisions. The interview guide for the IT suppliers generally corresponds to the interview guide designed for the ITO clients. However, in order to benefit from the IT suppliers' point of view, some of the questions were modified. Some formulations were changed and subordinate questions were added. A partial reformulation was necessary, because this work aims at revealing the presence of specific ITO risks within ITO companies. Thus, the questions for the IT suppliers ask for the way the suppliers' clients perceive the risks under consideration. Nevertheless, in order to tap the full potential of the interviews with IT suppliers, some questions additionally ask for the way the ITO suppliers themselves perceive the risks under
39
consideration. That is to say, the IT suppliers are asked whether - from their point of view - the regarded risks should be recognized as such by ITO clients or not. Before sending the interview guide to the final interviewees, it was sent to a friend of mine who works for an IT supplier. He received the preliminary version of the interview guide in order to help me uncover questions which were formulated ambiguously or too complicated. After this first step, two of the main questions, which appeared to be rather difficult to understand, were reformulated. The second step consisted of sending the modified interview guide to this person once again. Hereupon, a pilot interview was conducted with this person. This telephone interview took about 45 minutes and was recorded. Afterwards, the recording was utilized to find out at which points of the conversation further explanations could be necessary. By this means, an adequate preparation for the actual interviews was facilitated.
3.3.2. STRENGTHS A potential strength of this research project consists in the fact that telephone interviews permit the adjustment of questions during the conversation. The flexibility of this measure is very beneficial when conducting exploratory studies, because the latter often require the addition or modification of questions during the interviews. Furthermore, recording the telephone interviews gives me the chance to focus on listening to the interviewees and on formulating further questions, because making notes during the conversation becomes unnecessary. This surely represents one of this study's strengths. The successful realization of the interviews is also supported by the fact that the interviewees are all from Germany and native speakers. Since the interviewer is from Germany and a native speaker as well misunderstandings caused by language barriers can be excluded to a great extent. An additional strength of this study is the fact that the chosen interviewees consist of both clients and suppliers involved in ITO. Including these different perspectives certainly improves the chances of obtaining multilateral information and thus, definitely has a positive effect on the quality of the final results of this work.
3.3.3. WEAKNESSES Since the empirical part of this work is based on telephone interviews, the effects of utilizing this kind of interview compared to a face-to-face interview have to be mentioned. Obviously, a potential weakness consists in the fact that telephone interviews do not give the interviewer the chance to interpret and react to the 40
interviewees' gestures and facial expressions which can act as indicators for the interviewees' attitudes towards certain issues. However, due to the fact that the geographical distance between interviewer and interviewees is high, face-to-face interviews are not realizable. Not having the chance to analyze the interviewees' behaviour as it would be possible in face-to-face interviews, the possibility of missing out important information during the conduction of the telephone interviews has to be minimized. In order to verify the correctness and unambiguousness of answers given during the telephone interviews, I will repeat ambiguous answers and - if necessary - ask for clarification in order to obtain reliable results. Certainly, the limited period of time available to accomplish this work could be perceived as a weakness, because it can affect the choice and the number of interviewees. Nevertheless, as mentioned above, the interviewees were chosen with the primary aim to reveal relevant information from different points of view. Therefore, the interviewees would most likely be the same, even if more time to conduct this study was given. Since no further interviewees were needed, the number of interviewees was not negatively influenced by the limited period of time available to accomplish this work. The limited number of interviewees is reasonable, because this is a qualitative study of exploratory nature and thus, the aim is not to find statistical evidence for any kind of fact, but to gain new, deeper insights into the field of the ITO risks under consideration.
3.4. DATA PRESENTATION AND DATA ANALYSIS
The fourth chapter of this thesis includes the data presentation. Firstly, general information regarding the companies under consideration is represented. The general information consists of data collected during the interviews. Additionally, in order to get a general idea of the companies under consideration, the companies' homepages were visited. Secondly, the interview results for each respondent are presented according to the fields of interest: supplier lock-in, hidden costs, the loss of control over outsourced IT and recapitulating thoughts including backsourcing potentials. Since the respondents are employed at ITO companies as well as IT suppliers, the presentation of results includes different points of view regarding the specific risks under consideration. Within the fifth chapter of this work, the gathered data is combined and arranged according to the research questions mentioned above. That is to say, the data analysis mainly consists of the responses to the research questions formulated above. The very responses to the research questions include the presentation of 41
reasonable measures companies can take in order to face the risks under consideration. For the purpose of giving an apt review of these measures, the response to each research question concludes with summarizing illustrations of the measures companies can take in order to face the respective ITO risk. Additionally, the effects these measures have are represented in the illustrations. Moreover, the measures were subdivided into internal and external measures, since this facilitates the manageability of the results. After the separate presentation of the responses to each research question, the summary of the results obtained is presented. Within this summary, the charts utilized to sum up the measures to take against each risk are summarized and represent an overview of measures to take against the ITO risks under discussion.
3.5. QUALITY OF RESEARCH DESIGN
For the purpose of evaluating the quality of the research design, the researcher has to check the case study's construct validity, internal validity, external validity as well as its reliability.1 In the following, these topics will be addressed separately and linked to this thesis.
3.5.1. CONSTRUCT VALIDITY In order to fulfil the requirements of construct validity, the researcher can make use of various tactics. The decision for a multiple-case study instead of a single- case study is one of these tactics, which is implemented in this research and which ameliorates the construct validity.2 Furthermore, to achieve construct validity, the measures utilized to gather information regarding the original research problem have to be appropriate.3 The questions included in the interview guide4 are based on and derived from the discussion of the specific ITO risks under consideration given in the theoretical background of this work.5 Therefore, the appropriateness of the questions used for the interviews should not be in doubt. Moreover, after the interview results were put into writing and translated into English, they were sent to the interviewees in order to verify the correctness of the translations and of the reproduction of given answers. The interviewees were asked to inform me in case of incorrectly reproduced answers or additional comments they wanted to be added to their original statements. According to Yin, the construct validity of a qualitative study ameliorates by this kind of review.6 Yin states that the creation
1 2 3
cp. Yin, R. (2003), p. 34 cp. ibid. cp. ibid., pp. 34-35 4 cp. Appendix B2 and Appendix B2 5 cp. chapter 2.4.3. 6 cp. Yin, R. (2003), p. 159
42
of a "chain of evidence"1, that is to say that the results have to be deduced in a way that appears to be logic and traceable for the reader, enhances the construct validity of a case study. This issue will be approached within the empirical part of this work. The gathered interview results will be presented in a manner that permits the reader to follow all consecutive steps leading to the final results of this study.
3.5.2. INTERNAL VALIDITY As "internal validity is only a concern for causal (or explanatory) case studies" 2 this issue does not have to be considered in each case study. Since this research can generally be characterized as exploratory, this point could possibly be disregarded. However, given that the fourth research question refers to the ITO risks under consideration and their influence on backsourcing considerations and that this certainly can be understood as a causal relation, internal validity will be considered, as well. The issue of internal validity refers to the fact that deductions made have to be secured. Any causal relation declared has to be definite, that means that the researcher has to exclude that other - unconsidered - factors may have influenced a deduced result. In order to assure internal validity, my questions dealing with causal relations are formulated properly and unambiguously. Additionally, for the purpose of guaranteeing this unambiguousness, I will stress which factors are to be regarded within the response of these questions during the conduction of the telephone interviews.
3.5.3. EXTERNAL VALIDITY External validity "deals with the problem of knowing whether a study's findings are generalizable beyond the immediate case study".3 Due to the exploratory nature of this study, this work does not lay claim to finding results that are valid for every case of ITO. Instead, the purpose of this work is the revelation of significant information that enhances the awareness and understanding of phenomena or rather risks frequently occurring in ITO operations. The findings of this work are supposed to represent the current occurrence of the ITO risks under discussion and the measures implied for dealing with these risks. The aim of this study is not and cannot be finding results which can be generalized to every case of ITO. According to Yin, the generalizability of case study results is frequently doubted by critics and thus, the aim should not be to generalize findings to other case studies, but "to generalize findings to 'theory'".4 Agreeing to this statement,
1 2
Yin, R. (2003), Fig. 2.3 "Case Study Tactics for Four Design Tests", p. 34 ibid., p. 36 3 ibid., p. 37 4 ibid., "BOX 7: How Case Studies Can Be Generalized to Theory", p. 38
43
the intent of this study is to find relevant information which enriches theory and hence, the understanding of the specific ITO risks under consideration. As a result, the findings of this work may not be generalizable to a large extent, but will certainly be auxiliary to decision makers who currently are or plan to be involved in ITO.
3.5.4. RELIABILITY A satisfying level of reliability is achieved by documenting the procedures so that a third party could repeat the study and would "arrive at the same findings and conclusions".1 Thus, all relevant documents are attached to the Appendix of this work. The Appendix segment includes the email I wrote in order to present myself and my research project2 as well as the interview guides which were sent to the interviewees once they confirmed their cooperativeness.3 As these documents were originally written in German, they were translated into English - so as to make them understandable to a larger readership - and attached in the Appendix, as well.
1 2 3
Yin, R. (2003), p. 37 cp. Appendix A1 and Appendix A2 cp. Appendix B1 and Appendix B2
44
4. DATA PRESENTATION
In the following, the results obtained from the telephone interviews will be presented. This chapter is merely dedicated to the data presentation whereas the next chapter will contain the data analysis. Firstly, a brief presentation of the participating companies and the respective interviewees will be given. These brief case study presentations will also include information regarding the status quo of ITO within the companies under investigation. Secondly, the presentation of information obtained will be given. This presentation will be structured according to the composition of the utilized interview guide, that is to say, the responses given will be illustrated in four parts: supplier lock-in, hidden costs, loss of control over outsourced IT and recapitulating thoughts including backsourcing potentials. The responses given from each interviewee will be presented separately. Since the companies' and the interviewees' wish to remain anonymous, they were renamed. The companies representing ITO clients have been named Company C1 and Company C2 and the companies representing IT suppliers have been named Company S1 and Company S2. The interviewees have been renamed according to their respective employer: Interviewee C1, Interviewee C2, Interviewee S1 and Interviewee S2.
4.1. GENERAL INFORMATION
4.1.1. COMPANY C1 Company C1 was founded in 1948. Its core business consists of the development, production and sale of products in the sector of electrical connectivity, functional electronics and communication electronics. The company takes the German legal form of a 'GmbH & Co. KG' which can be translated into 'limited partnership with a limited liability company as the partner with personal liability'.1 Company C1 is part of a holding and is situated in North Rhine-Westphalia. The total amount of personnel of Company C1 accounts for about 3,600 employees in over 70 countries. In the fiscal year of 2007, the worldwide turnover of Company C1 reached about €503 million. The central IT department of Company C1 is responsible for the IT of all companies incorporated in the holding. Today, the entire IT department consists of 58 employees. However, 23 of the latter are
1
For further information cp. http://www.frankfurt-main.ihk.de/english/business/start-up/idem/kg/index.html (accessed 15th May 2008)
45
engaged in a division merely dedicated to internal SAP1 support and development. Within this division, Interviewee C1 is the head of department in charge and reports directly to the Chief Information Officer (CIO) of the company. Interviewee C1 started working for the company under consideration in 2000. In 2003, the company sourced out 25% of its total IT. Today, the outsourced IT amounts for approximately 50% of the total IT of Company C1 and Interviewee C1 is regularly in touch with about 15 external IT suppliers. However, the entire firm regularly engages about 50 external IT suppliers.
4.1.2. COMPANY C2 Company C2 was founded in 1959. The core business of this company consists of selling stationary and portable devices necessary for the measurement of combustible and toxic gases. Company C2 takes the legal form of a 'Gesellschaft mit beschränkter Haftung' ('GmbH') which can be translated into 'limited liability company'.2 The company under consideration is situated in North Rhine- Westphalia and the total amount of personnel accounts for 30 employees. The annual turnover of Company C2 accounts for approximately €5 million to €6 million. In 2006, a company from the US acquired 100% of a French company which, in turn, currently holds a stake of 75% in Company C2. Thus, today 75% of Company C2 indirectly is in possession of a company from the US. Hence, major strategic decisions within Company C2 necessitate an approval from the very US company. Within Company C2, there is no actual IT department, but only one employee who is in charge of online maintenance and observation of customers' portable devices. Secondarily, this employee is also in charge of minor tasks regarding the internal IT such as linking new printers to the existing network. Interviewee C2 started working for the company under consideration in 1986. Today, he is the Supply Chain Manager of Company C2 and responsible for the outsourced IT. Currently, Company C2 sources out approximately 95% of the total IT to one external IT supplier.
1
NB: SAP represents the world's leading provider of business software. For further information cp. http://www.sap.com/about/index.epx (accessed 27th April 2008) 2 For further information cp. http://www.frankfurt-main.ihk.de/english/business/startup/idem/gmbh/index.html (accessed 15th May 2008)
46
4.1.3. COMPANY S1 Company S1 is an IT service provider founded in 1997. Company S1 takes the German legal form of a 'Gesellschaft mit beschränkter Haftung' ('GmbH') which can be translated into 'limited liability company'.1 The company is situated in North RhineWestphalia. The personnel of Company S1 consist of the CEO and one employee. Services offered by Company S1 are strongly related to IT knowledge and manpower. Today, the annual turnover of Company S1 accounts for approximately €400,000 to €500,000. Interviewee S1 is founder and CEO of Company S1. The customer base of Company S1 mainly consists of small and medium-sized enterprises which primarily source out system administrative activities to Company S1. The company under consideration regularly acts as an IT supplier for approximately 25-30 clients. The average amount of IT these companies source out to Company S1 accounts for approximately 80%. The clients of Company S1 either have no internal IT department or an internal IT department consisting of one employee to whom IT management is a secondary task.
4.1.4. COMPANY S2 Company S2 is an IT service provider founded in 1998. The company is a 'Gesellschaft bürgerlichen Rechts' ('GbR') which can be translated into 'company constituted under civil law'.2 Company S2 offers software solutions, business solutions and services related to a specific enterprise resource planning system. Company S2 is situated in North Rhine-Westphalia and its personnel consists of six employees. Today, the annual turnover of Company S2 amounts to a total of approximately €500,000. Company S2 was founded by Interviewee S2 and his brother. Today, they both act as managing partners. According to Interviewee S2, the clientele of Company S2 consists of approximately 60 small and medium-sized enterprises. Some of those enterprises, especially the small ones engaging up to ten employees, source out up to 98% of their total IT to Company S2. On average, the clients engaging more than ten employees source out approximately 50%-60% of their total IT to Company S2. Most of the clients either have no internal IT department or IT departments which consist of one employee to whom managing the IT is a
1
For further information cp. http://www.frankfurt-main.ihk.de/english/business/startup/idem/gmbh/index.html (accessed 15th May 2008) 2 For further information cp. http://www.frankfurt-main.ihk.de/english/business/start-up/idem/gbr/index.html (accessed 15th May 2008)
47
secondary task. However, only very few of the ITO customers of Company S2 have internal IT departments consisting of one or more employees.
4.2 SUPPLIER LOCK-IN
4.2.1. COMPANY C1 For some parts of the IT which Company C1 sources out there are only a few IT suppliers available. Therefore, Interviewee C1 states that supplier opportunism does not only represent an imaginable ITO risk he is aware of, but a circumstance Company C1 actually experiences. According to Interviewee C1, especially one of the IT suppliers he works with has a unique selling point resulting in noticeable opportunistic behaviour such as repeated remarks referring to Company C1's dependence on this supplier. He states that such lock-in situations lead to a deterioration of the quality of provided IT and also to an elongation of time needed to complete outsourced tasks. As a result, costs associated with outsourced IT are most likely to be high. Interviewee C1 states that IT plays an important role within Company C1, but still the risk of supplier opportunism does not pose a threat to the existence of Company C1. Nonetheless, Interviewee C1 states that a high level of dependence on merely one IT supplier poses a significant threat to the success of ITO. Furthermore, the interviewee affirms the importance of IT suppliers' financial success, because suppliers that cannot persist in economic terms could represent a noticeable risk to ITO companies. However, the interviewee claims that within Company C1 this risk is currently perceived as being rather low, but that continuous observation of the financial conditions of suppliers certainly is important. Regarding asset specificity, the interviewee states that this factor does not have a major influence on both considerations regarding supplier changes or backsourcing and supplier lock-in situations. He explains that hardware is easily replaceable and that the only problematic asset when deciding to switch supplier or to bring IT back in-house would be knowledge. Interviewee C1 underlines that knowledge plays a decisive role in ITO. According to Interviewee C1, Company C1 takes measures in order to face the risk of supplier lock-in. Firstly, IT suppliers and their success at the market are under permanent observation. By this means, as soon as a supplier appears to have economic difficulties, Company C1 can reduce the level of cooperation with the
48
very supplier. Secondly, standardization is an important measure, because utilizing standard processes permits less complicated supplier changes or backsourcing operations. Since standard IT is offered by a bigger number of IT suppliers than very particular IT, the risk of being highly dependent on one or few suppliers can be reduced. As a result, Company C1 can avoid situations in which IT suppliers gain exaggerated self-confidence which could lead to opportunism. Furthermore, Interviewee C1 states that a clear documentation is essential concerning the risk of being highly dependent on IT suppliers. He explains that ITO necessitates an unambiguous documentation of processes, sequences and competencies in order to gain clarity regarding internal and external responsibilities. According to Interviewee C1, knowing what the external suppliers actually do is a basic prerequisite for the reduction of dependence on the suppliers and for the successful realization of future transition projects such as supplier changes or backsourcing operations. A further measure taken within Company C1 is aimed at reducing the self-confidence of the IT suppliers. Company C1 regularly renegotiates existing contracts and indicates that the possibility of supplier change is not unimaginable. By this means, the risk of exaggerated self-confidence and opportunism on the part of the suppliers is reduced.
4.2.2. COMPANY C2 The IT sourced out by Company C2 could be provided by many IT suppliers at the market. Even though there is only one IT supplier regularly working for Company C2, Interviewee C2 affirms that changing the IT supplier would represent a minor problem, because the outsourced IT does only consists of standard software and standard products. Therefore, asset specificity, opportunistic behaviour and overconfidence on the side of the IT supplier do not pose major threats to Company C2. Interviewee C2 states that he observes the IT supplier's success at the market. By this means, he gains knowledge about the supplier's financial condition and can recognize whether a future cooperation is probable and reasonable or not. However, since Company C2 highly relies on standard IT, even a potential bankruptcy of the IT supplier in charge does not represent a major concern, because potential supplier changes are perceived as being rather unproblematic. Regarding asset specificity, Interviewee C2 also states that the IT supplier in charge has not made any specific investments for Company C2. In such a situation, he affirms, contractual stipulations regarding the transition of assets would be necessary and the dependency on the supplier would certainly increase.
49
Interviewee C2 explains that the only measure taken regarding the avoidance of high dependency on an external IT supplier was the decision to utilize standard IT. Interviewee C2 states that an additional measure could consist of specific training for the one employee of Company C2 who is responsible for performing minor, IT related tasks. However, he explains that performing bigger parts of the IT internally would certainly require a distinct and unambiguous segmentation of responsibilities between internal and external IT provision.
4.2.3. COMPANY S1 The IT services provided by Company S1 are offered by many other IT suppliers, as well. Therefore, Interviewee S1 considers the risk of supplier lock-in as being rather low for the ITO customers of Company S1. However, Interviewee S1 states that some of the ITO clients had already experienced ITO relationships which were characterized by high dependency before they started working with Company S1. Interviewee S1 does not see any risk in the point of asset specificity for the clients of Company S1, because his company is not involved in services which require specific investments. However, Interviewee S1 states that the aspect of asset specificity certainly enhances the ITO clients' dependency on IT suppliers. Interviewee S1 claims that companies sourcing out to only one service provider should ensure not to get too dependent on the latter. According to Interviewee S1, it is reasonable to regularly cross check the costperformance ratio of the current IT suppliers and compare it to the one of alternative IT suppliers. By this means, ITO clients can make sure whether the present terms are in line with the current market situation or not. Furthermore, this comparison of alternatives reduces risks entailed by suppliers' potential bankruptcy, because the clients are always informed about potential alternatives. Moreover, Interviewee S1 states that the documentation of IT is an important measure to take in order not to get too dependent on external IT suppliers. He explains that ITO clients need to assure that these documentations are provided by their IT suppliers, because these documentations noticeably simplify supplier changes and backsourcing operations. By this means, the risk of supplier lock-in is reduced.
4.2.4. COMPANY S2 Some IT related services offered by Company S2 are only offered by a few IT suppliers. Interviewee S2 states that vendor opportunism caused by little competition is quite imaginable. He explains that IT service providers with little 50
competition have significant bargaining power and that some suppliers take advantage of such situations. Due to the huge dimensions of the IT market, IT suppliers cannot know and offer all potential products currently existing at the market. Interviewee S2 explains that some suppliers with little competition ignore the fact that they have limitations in terms of their product portfolio and sell suboptimal solutions or services to their clients. Interviewee S2 states that, unfortunately, many customers do not deal with potential problem solutions, but only focus on the simple fact that problems are being solved. Hence, ITO clients highly depending on one IT supplier frequently do not recognize that they obtain IT solutions involving products from their IT supplier's product portfolio, even though there could be better solutions for the client. Many of the customers seem to be aware of the fact that sourcing out big parts of their IT to Company S2 entails that they are dependent on the future existence of Company S2. Some of the bigger companies Company S2 works for regularly receive information regarding the creditworthiness of Company S2 and some of the smaller clients call every now and then in order to gain information on the current economic success of their IT supplier. Interviewee S2 states that such information certainly makes sense in order to check whether a current IT supplier will persist in the future. Regarding asset specificity, Interviewee S2 explains that his company usually tries to avoid specific investments related to one customer. Company S2 concentrates on products and services which can be offered to as many customers as possible. Furthermore, the interviewee affirms that specific investments certainly enhance ITO customers' dependency on their IT suppliers. Customers of Company S2 take very few measures in order to face the risk of supplier lock-in. Interviewee S2 states that in order to diminish the risk of becoming too dependent on a single IT supplier, outsourcing companies could consider a multisourcing strategy. However, he affirms that a multi-sourcing strategy entails a high level of necessary coordination and the segregation of duties among the IT suppliers in charge. Interviewee S2 also states that documentation is of great importance in order to facilitate supplier changes or backsourcing. Additionally, he mentions the necessity of having a responsible contact within an ITO company. This contact should supervise, control and know the current ITO operations. Interviewee S2 suggests that this responsible employee should also create and maintain an IT manual including all relevant data in a way that is comprehensible for internal decision makers with little IT knowledge. As a result, the internal IT knowledge will increase, the risk of supplier lock-in will decrease and supplier changes or backsourcing decisions will be facilitated. 51
4.3. HIDDEN COSTS
4.3.1. COMPANY C1 In 2003, Company C1 sourced out 25% of its IT and, at that time, the level of internal IT knowledge was quite high. This significant part of the IT was primarily sourced out, because the decision makers perceived tasks related to the IT infrastructure such as server administration and network management as not being core competences of Company C1. This ITO operation was not only characterized by a high level of internal IT knowledge, but - since this event represented the first major outsourcing operation undertaken by Company C1 - also by a low level of experience with outsourcing. Hence, it was not completely clear which issues need to be regarded when ITO contracts are concluded and subsequently become effective. Company C1 experienced unanticipated costs due to monitoring, negotiations regarding the fulfilment of stipulated service levels and due to the underestimation of setup costs. Interviewee C1 mentions that maintenance is a factor which incessantly increases in complexity and causes additional, unanticipated costs, as well. Today, even though Company C1 had to face all of these unanticipated costs, there is no tendency to bring outsourced IT back in-house, because the overall evaluation of current ITO operations is rather positive. Measures taken within Company C1 included the creation of a department for service and demand level management as well as the definition of specific responsibility assignments. In addition, procedures regarding monitoring, reporting and status requests of ITO operations were defined. Concerning the ITO contracts, Company C1 called in external consultants to check all contracts as well as included service level agreements.
4.3.2. COMPANY C2 Interviewee C2 states that until 2003 one employee of Company C2 dealt with approximately 80% of the total IT and only every now and then external IT suppliers were engaged. In 2003, this employee left the company and, since no other employee had sufficient IT knowledge to replace him, the 80% of IT primarily processed internally were sourced out. Interviewee C2 explains that Company C2 had some experience regarding IT and outsourcing, but that the rather big dimension of this ITO operation was new to Company C2. Therefore,
52
not all costs could be anticipated. The unanticipated costs that appeared mainly consisted of costs due to monitoring and negotiations. According to Interviewee C2, measures aimed at reducing the risk of facing unanticipated costs were barely taken. Interviewee C2 explains that in case of contractual stipulation of ITO operations, external consultants are called in to give advice and check the contracts.
4.3.3. COMPANY S1 According to Interviewee S1, about 50%-60% of his clients have a low degree of expertise regarding the IT they source out and regarding outsourcing, as well. Interviewee S1 states that mainly organizations of bigger dimensions monitor their outsourced IT whereas smaller companies frequently do not. According to Interviewee S1, monitoring outsourced IT is of great importance, because in the beginning of ITO relationships the interconnectedness of IT processes is frequently disregarded or underestimated. As a result, frequently unanticipated costs are caused by the necessity to coordinate internal IT processes and outsourced IT processes which are interconnected. Furthermore, setup costs are often being underestimated, as well. Interviewee S1 affirms that the appearance of unanticipated costs is likely to lead to more unanticipated costs due to conflicts and renegotiations. For the purpose of protecting themselves from being exposed to unanticipated costs, Interviewee S1 suggests to budget all expenses dedicated to IT. This budget should include maintenance costs as well as important events such as new hardware purchases and software updates which need to be implemented. By this means, clients do not have to face unanticipated expenses for larger acquisitions all at once. He also suggests for customers to assign priorities to the outsourced IT tasks and to concentrate on monitoring parts of IT characterized as being highly important to the ITO company.
4.3.4. COMPANY S2 Interviewee S2 states that the customers of Company S2 mainly have little IT knowledge and little outsourcing experience. Interviewee S2 explains that many clients of Company S2 do not exactly know what they actually need, but that this matter of fact does not keep them from having quite concrete expectations regarding the price for the outsourced IT tasks. Therefore, ITO customers often have to face unanticipated costs for monitoring, renegotiating and setup costs 53
which they primarily underestimate. Moreover, unanticipated costs emerge because of poor internal organization of IT which leads to uncoordinated workflows. Interviewee S2 states that costs also appear due to unanticipated interconnectedness of outsourced IT processes and IT processes which are kept internally. In general, the customers of Company S2 only take very few measures regarding the risk of appearance of unanticipated costs. Some customers call in external consultants when ITO contracts are to be concluded in order to guarantee the sufficiency of the contracts and stipulated terms. However, sometimes ITO clients only ask Interviewee S2 or other employees of Company S2 for advice regarding the ITO contracts. Concerning ITO contracts, he also mentions that customers should consider the stipulation of short-term ITO contracts. He explains that these are rather expensive on the one side, but permit a faster reorientation and adaptation in case of crucial IT changes on the other side. A measure that some clients of Company S2 take consists of reorganizing their internal IT. By this means, they hope to reduce avoidable coordination costs. Again, a responsible employee who concentrates on the coordination of ITO operations would be an appropriate measure to take. Interviewee S2 states that the most effective measure to avoid the appearance of unanticipated costs consists of formulating enquiries as specific as possible. By this means, the risk of facing unanticipated costs is reduced considerably.
4.4. LOSS OF CONTROL OVER OUTSOURCED IT
4.4.1. COMPANY C1 Within Company C1, IT is generally perceived as being an important part of organizational knowledge. The fact that all internal processes are not only influenced, but also supported by IT is well known. The relevance of IT can also be recognized in the organizational classification of IT within Company C1: The CIO directly reports to the CEO of the company. IT suppliers working with Company C1 mainly focus on fulfilling their contractually stipulated tasks, but some suppliers also make suggestions regarding innovations and inform Company C1 about the present state-of-the-art of IT. Interviewee C1 states that external IT suppliers cannot guarantee innovative abilities of a company and thus, they should primarily fulfil their contractually stipulated tasks. Furthermore he explains that expecting external suppliers to guarantee innovation would not be appropriate and would additionally lead to
54
high costs. Within the business strategy of Company C1, SAP application support is defined as being an internal competency. Thus, helpful suggestions can be made from external partners, but innovation is a task that is to be performed internally. Interviewee C1 explains that this is reasonable, because external IT suppliers cannot gain the same insights into the overall concept of an organization as an internal IT department can. Company C1 takes some measures to minimize the loss of control over outsourced IT. Regarding the internal IT, authorization is controlled regularly in order to guarantee an appropriate internal IT organization. ITO contracts and especially terms guaranteeing data security are scrutinized. Additionally, external IT audits are utilized in order to check applied practices and documentations. Interviewee C1 affirms that data are to be protected and represent one of the most precious assets companies have. However, he also states that data security and confidentiality are no topics of major concern within Company C1, because risks regarding these topics are minimized by contractual stipulations.
4.4.2. COMPANY C2 Interviewee C2 states that, within Company C2, IT is generally not perceived as being an important part of organizational knowledge. Contrariwise, Interviewee C2 underlines that, in his opinion, IT is and should be regarded as an important part of organizational knowledge. Within Company C2, external IT provision is perceived as guaranteeing the innovative ability of IT just as well as internal IT provision. However, Interviewee C2 states that engaging an additional employee for the purpose of running the IT of Company C2 internally is not perceived as being economically justifiable, because this extra employee - only managing the internal IT - would most likely not be occupied constantly. Thus, an internal IT department is not perceived as being a valid alternative compared to the current external IT provision. Interviewee C2 also mentions that major decisions concerning the structure of Company C2 would require the approval of the company holding the majority of Company C2. Interviewee C2 affirms that data security and confidentiality certainly represent considerable risks of ITO. According to Interviewee C2, the risk of loss of control over outsourced IT cannot be faced effectively. That is to say, the risks of loss of IT knowledge and of data abuse cannot be entirely excluded. Interviewee C2 states that future measures regarding the risk of losing control over outsourced IT could consist of raising the awareness of the personnel of Company C2 for the importance of IT and for the influence it has on the success of an organization. Furthermore, he explains that 55
contractual stipulations regarding data security and confidentiality certainly are important, but that an ITO relationship requires a high level of trust, as well. Interviewee C2 concluded by referring to the fact that within rather small companies the decision of engaging an internal IT department is considerably influenced by the fixed costs such departments entail.
4.4.3. COMPANY S1 According to Interviewee S1, many organizations regard the technological realization of IT as being too complicated and as not being one of their core competencies. Thus, especially rather small companies which either cannot afford an internal IT department or do not want to disregard their core business source out great parts of their IT. Only a few clients of Company S1 regularly ask for more than the contractually stipulated services, that is to say they ask for support regarding the innovation of IT which could lead to competitive advantages. However, most clients of Company S1 regard the innovative ability of their IT as being secured by external IT provision. Interviewee S1 states that the very innovative ability offered by an external IT supplier is superior to the one an internal IT department could generate. He states that the variety of clients of Company S1 stimulates lateral thinking, that is to say the possibility to implement solutions already utilized within the organizations of other customers. Of course, Interviewee S1 affirms, this kind of knowledge transfer is only utilized by Company S1 if the concerned IT clients are not working in the same sector. Interviewee S1 claims that, besides not having the above mentioned advantage of lateral thinking, another negative attribute of internal IT departments is that they tend to become blinded by daily routines. Regarding data security, Interviewee S1 states that the clients of Company S1 often avoid to source out data, but that current trends of the ITO market seem to lead to increasing quantities of outsourced data. Thus, he adds, the risk of data abuse or data theft increases, as well. Interviewee S1 affirms that IT suppliers often have almost unrestricted access to data and that therefore, a high level of trust among IT suppliers and their clients is essential. According to Interviewee S1, at the best, a client company internally guarantees a first level support. This means that there is at least one employee who is not only entrusted with managing IT related issues as secondary tasks, but who is allowed to spend a specific amount of his working time with these issues. By this means, smaller problems can be solved internally in a fast, efficient and unconventional manner. In case of demands becoming too excessive, the external supplier can be called in to provide second level support. Interviewee S1 states that a possible 56
outcome of this approach is helping the ITO clients to help themselves in case of reappearance of problems. Moreover, he affirms that merely relying on external IT providers is rather costly. Interviewee S1 suggests that neutral IT consultants should be involved during the negotiations of ITO contracts. These consultants should scrutinize whether all necessary terms are stipulated, so that risks due to the loss of control over outsourced IT are minimized.
4.4.4. COMPANY S2 According to Interviewee S2, many companies sourcing out IT to Company S2 do only recognize the importance of IT when they experience problems with it. Company S2 does not only focus on the delivery of contractually stipulated services, but does also make suggestions regarding technological innovation. One reason for giving these suggestions is self-interest consisting of the need to sell products and make a profit. Additionally, informing clients about innovations should enhance the customer satisfaction, because customers obtain the chance to gain competitive advantages through technological innovation. Interviewee S2 explains that suggestions for innovation made by external IT suppliers are frequently scrutinized more critically than suggestions made by internal IT departments. Therefore, it might be easier for internal IT departments to get approval for the implementation of innovation. However, Interviewee S2 also states that IT suppliers have got to be informed on the current state-of-the-art of IT to stay competitive. Since internal IT departments are most likely to be less informed on the current state-of-the-art of IT, the advantage of an external IT supplier is having access to a bigger variety of available IT products and solutions. In addition, he mentions that another advantage ITO clients obtain from external provision is that it certainly is easier to change an external IT supplier than to replace an entire, internal IT department. The perception of data security and confidentiality as important ITO risks varies noticeably among the clients of Company S2. Interviewee S2 explains that these issues deserve to be considered more, because not all IT suppliers respect data security and confidentiality. Since data security and confidentiality are considerable risks of ITO, outsourcing companies should have trustful relationships with their IT suppliers. Interviewee S2 suggests that outsourcing companies should guarantee a sufficient level of internal IT knowledge to be able to comprehend the ITO operations provided by the IT supplier and not to lose the control over outsourced IT. He states that the data security dilemma of ITO consists of the fact that external IT provision necessitates IT suppliers' access to data and thus, companies expose themselves to the risk of data abuse. The only measures customers can take are 57
either not to source out sensitive data or to stipulate compensations in case of data abuse. Nonetheless, the actual loss of data cannot entirely be excluded in ITO.
4.5. RECAPITULATING THOUGHTS AND BACKSOURCING POTENTIALS
4.5.1. COMPANY C1 Summing up, Interviewee C1 states that the risk factors under discussion pose noteworthy threats to ITO companies. According to him, especially monitoring IT suppliers, the conservation of the innovative ability of a company's IT and the necessity to scrutinize which operations need to remain in-house pose major challenges to ITO companies. Certainly, the non-observance of these points leads to considerable problems such as high costs, the supply of inaccurate services and the collaboration with unreliable partners. Furthermore, Interviewee C1 affirms that companies involved in ITO need to take measures in regard to the risks under consideration. ITO contracts concluded by Company C1 usually include terms regarding regular and irregular contract termination as well as the transition of material and immaterial assets. Regarding a potential backsourcing decision, Interviewee C1 states that this is a difficult topic to address. He explains that the problems under consideration could certainly lead to backsourcing tendencies and that he recently increased the number of employees within his department instead of sourcing out specific IT tasks. On the one hand, since internal IT demands increase, he could imagine bringing parts of outsourced IT back in-house. On the other hand, he mentions political reasons such as management plans regarding the total number of employees and the overall company strategy which have a significant influence on backsourcing considerations. He adds that, unfortunately, ITO decisions made by companies are often primarily based on the aim to turn fixed costs into variable costs. Interviewee C1 states that within his business environment he perceives that there is an increasing number of companies which reintegrate formerly outsourced IT. However, he also gives an example for successful ITO operations as they should be according to him. Last year, he realized a project by sourcing it out to Eastern Europe and perceived it as a huge success. He describes this ITO operation as a short-term relationship with confined, simple tasks which were performed at very low costs. According to Interviewee C1, ITO and backsourcing decisions differ for each single case. Certainly, demanded service levels and the complexity of outsourced tasks have a direct influence on ITO costs and decisions. After all, Interviewee C1 states that ITO companies have to remain capable of acting even without the services supplied by external IT suppliers and
58
that companies should not run the risk of being totally dependent on external IT provision.
4.5.2. COMPANY C2 Interviewee C2 states that the issues under discussion certainly represent major risks entailed by ITO operations. Regarding Company C2 he mentions that the rather simplistic structure of the IT and the utilization of standard products certainly mitigate the potential harm the risks under discussion could do. In case of contractual stipulation of ITO relationships, terms regarding the termination of the ITO relationship and the transition of assets are included. However, Interviewee C2 again states that within Company C2 above mentioned financial reasons and the corporate structure are reasons for not creating an internal IT department. Furthermore, he explains that within Company C2 the costperformance ratio is perceived as being a major benefit of external IT provision. Interviewee C2 states that for IT suppliers IT is a core competence and that adequately replacing external IT provision with an internal IT department would require a considerable amount of investments and training for the internal IT department's personnel.
4.5.3. COMPANY S1 According to Interviewee S1, hidden costs do only represent a minor risk compared to the other risks under consideration. He justifies this statement by explaining that additional costs can be negotiated and explained in case of dissension. Interviewee S1 states that, among the risk factors under discussion, the loss of control over outsourced IT and especially data certainly represents a major risk of ITO. He adds that the importance of this risk is even enhanced since there is little awareness of this risk within organizations of ITO clients. Since Company S1 strictly avoids investments in specific assets for ITO clients by directly selling assets to the clients, there is no need to stipulate the transition of investments at the termination of ITO relationships. Obviously, this enhances the facility of potential IT supplier changes or backsourcing decisions. According to Interviewee S1, backsourcing certainly is a considerable alternative for many ITO organizations. Especially, companies which source out sensitive operations such as the storage of data and which are highly dependent on external IT suppliers are most likely to consider backsourcing. This can be explained by the fact that in these situations companies are highly dependent on the permanent accessibility of 59
the IT supplier or the Internet access' operability, for instance. In such situations an unavailability of the IT supplier jeopardizes the ITO company's ability to work. Internal IT provision, of course, regarding these factors, has major advantages like immediate accessibility and hence, short response time. Interviewee S1 states that within each company the maintenance or rather protection of the internal business processes' capacity to act should be given top priority. Thus, according to him, at least core IT tasks should be performed internally.
4.5.4. COMPANY S2 Summing up, Interviewee S2 states that the topics under discussion pose significant risks to ITO clients. In his opinion, many of these risks could be avoided by enhancing internal IT knowledge and the awareness of the importance of IT. Whenever this is necessary, Company S2 stipulates the transition of specific material and immaterial investments at the termination of ITO relationships. Since a basic documentation is always saved on the servers of the ITO clients, potential supplier changes or backsourcing operations are facilitated significantly. Regarding backsourcing potentials Interviewee S2 states that internal IT departments can certainly realize bigger projects in a more convenient way than external IT suppliers can. He explains that external IT suppliers can realize bigger projects as well, but that this often necessitates much effort and time resulting in high costs for the ITO company. Therefore, in case of major project realization, the costs of internal IT departments are most likely to be lower than the ones for external IT provision. However, Interviewee S2 states that companies of certain dimensions cannot perform all their IT related tasks on their own, because today's IT implies many specific tasks which require services offered by different, specialized IT suppliers.
60
5. DATA ANALYSIS
In the following, the data presented in the former chapter will be analyzed. In conformance with the utilized interview guide and the data presentation, the data analysis will also be presented in four parts: supplier lock-in, hidden costs, loss of control over outsourced IT and recapitulating thoughts including backsourcing potentials. Each part represents the response to one of the research questions under discussion.
5.1. SUPPLIER LOCK-IN
1. What is the occurrence of the risk of supplier lock-in in ITO companies? a) Which reasonable measures can ITO companies take in order to mitigate this risk? According to the transaction cost theory approach to the analysis of ITO risks, presented in chapter 2.4.3.1., factors influencing the risk of supplier lock-in are asset specificity, a limited number of available suppliers and ITO clients' lack of expertise and experience in regard to ITO and ITO contracts. All respondents state that asset specificity certainly enhances the dependency of ITO clients on IT suppliers. However, none of the respondents perceives to currently be in such a situation and Interviewee C1 even states that asset specificity of hardware does not represent a major ITO risk, because in case of supplier changes it can simply be replaced. The other respondents have similar opinions. However, Interviewee C1 admits that IT suppliers might have IT knowledge which ITO companies do not have. Thus, IT knowledge appears to be an asset which is rather difficult to replace. Therefore, a dependency on IT suppliers seems to be related more to IT knowledge than to specific material assets. All other respondents do not perceive the specificity of assets as a threat, because the IT applied within their companies mainly consists of standard products and services. Utilizing standard IT wherever applicable certainly is a reasonable measure to take. By this means, ITO companies can guarantee a greater number of potential IT suppliers. As a result, companies have the chance to regularly check the costperformance ratio of their current IT supplier and compare it to alternative IT suppliers. Another chance obtained through the greater number of available IT
61
suppliers is the chance to apply a multi-sourcing strategy.1 However, applying a multi-sourcing strategy necessitates an unambiguous delimitation of tasks in order to avoid interferences among the IT suppliers in charge. Such interferences can lead to the decrease of quality of provided IT and the increase of time necessary for the completion of tasks. Thus, the costs related to the external IT provision increase. In order to avoid these costly interferences among IT suppliers, a multi- sourcing strategy necessitates a considerable amount of coordination which, in turn, leads to coordination costs. Therefore, it seems as if a multi-sourcing strategy is only beneficial if the coordination costs it entails do not exceed the costs the opportunistic behaviour of a single supplier would cause. Interviewee C1 and Interviewee S2 have experienced situations characterized by a limited number of available IT suppliers offering specific IT products and services. Company C1 is currently involved in an ITO relationship with an IT supplier that has a unique selling point which results in noticeable opportunistic behaviour. As a result, the quality of outsourced IT diminishes, the time needed to complete tasks increases and the costs for the outsourced IT tasks increase. Interviewee S2 is sure about the fact that a limited number of available suppliers leads to an increase of the bargaining power of the suppliers and that, as a result, some suppliers take advantage of this situation by offering suboptimal solutions to their customers which are highly dependent on them. Again, the utilization of standard IT wherever applicable is a sensible measure to take, because it guarantees a greater number of potential IT suppliers. As a result, the risk of supplier opportunism is mitigated and supplier changes are simplified conspicuously. However, adaptations of internal business processes might be necessary in order to conform to the implemented standard IT. It is evident that the extensiveness of these adaptations is different for each company, because specific business processes are rather unique. However, these adaptations should not negatively influence the efficiency of the business processes. Another reasonable measure in regard to a restricted number of available suppliers consists of reducing the self-confidence of the IT suppliers in charge by regularly renegotiating existing ITO contracts. By this means, ITO clients indicate that the possibility of supplier change is not completely unimaginable and reduce the risk of exaggerated self-confidence and opportunism on the part of the IT suppliers.
1
cp. chapter 2.3.1.6.
62
Company C1 and Company C2 both source out rather big parts of their IT.1 When they started to source out their IT, both companies had little experience in regard to outsourcing operations of these dimensions. According to Interviewee S1 and Interviewee S2, their ITO clients mostly have little experience with outsourcing, too. When they started sourcing out significant parts of their respective IT, Company C1 had a rather high and Company C2 had a rather low level of internal IT knowledge. More than half of the ITO clients of Company S1 and hardly all customers of Company S2 have a low degree of internal IT knowledge, as well. Obviously, this fact results in a high dependency on external IT providers. This dependency concerns the honesty of the IT suppliers and the appropriateness of applied IT solutions. Evidently, this dependency requires that ITO clients trust their IT suppliers to a great extent. There are measures ITO clients can take in order to face the low degree of internal IT knowledge which results in a high level of dependency on external IT provision. In companies where IT is internally being managed as a secondary task by an employee, decision makers should consider turning IT into a primary task. Companies involved in ITO should at least have one employee that is responsible for both the internal and the outsourced IT. The very responsible employee should supervise, control and know the current ITO operations. Thus, ITO companies do not have to simply rely on and have trust in external IT suppliers, but preserve or resume an overview of the outsourced IT. As suggested by Interviewee S2, a responsible employee dealing with the ITO operations should also create and maintain an IT manual including all relevant data. This manual should be written in a simplified way, so that even internal decision makers with little IT knowledge can understand it. By this means, decision makers will gain deeper insights into the extensiveness of ITO operations. As a result, decisions regarding ITO and supplier changes or backsourcing will not only be facilitated noticeably, but the quality of these decisions will increase, as well. All interviewees agree on the fact that supplier lock-in situations are highly risky and should be avoided when IT is being sourced out. They all confirm that supplier lock-in situations are most likely to appear when there is only a little number of IT suppliers available to perform specific tasks. In such situations the appearance of supplier opportunism is quite imaginable. For instance, opportunistic behaviour can consist in the exploitation of bargaining power or of non-compliance with agreements such as appointed consulting capacities. Another negative effect resulting from high dependency on one IT supplier is the fact that
1
cp. chapter 4.1.1. and chapter 4.1.2.; Company C1: 50% of the total IT is being sourced out. Company C2: 95% of the total IT is being sourced out.
63
ITO clients face significant problems in case of being in an ITO relationship with an IT supplier that has economic difficulties. Generally, companies can take measures in order to face the risk of supplier lock- in. For instance, IT suppliers of Company C1 are under permanent observation, so that Company C1 stays informed about the economic success of its suppliers. By this means, as soon as IT suppliers appear to have economic difficulties, Company C1 can reduce the level of cooperation and thus, the risk of negative outcomes on the part of Company C1 is reduced. Observing the economic situation of the IT suppliers in charge certainly is a reasonable measure to take, because it enables ITO clients to react to impending business failures of IT suppliers. Furthermore, in order to face the risk of high dependency on one IT supplier, ITO clients should recognize the importance of keeping outsourced IT as transparent as possible. The unambiguous documentation of processes, sequences and competencies is crucial. Documentations should comprise the delimitation of internal and external responsibilities. This delimitation enables a reasonable coordination of internal IT and outsourced IT. At the best, documentations include all information a new IT supplier would need to take over. Hence, documentation of IT is a basic prerequisite for the successful realization of future transition projects such as supplier changes or backsourcing operations. Within the following figures, the above mentioned measures, which can be taken in order to face the risk of supplier lock-in, are summarized. The measures are subdivided into measures which can be taken within an organization and measures which can be taken in connection with external partners. Furthermore, the direct and subsequent effects these measures have are represented. The following figure1 contains measures which can be taken within ITO companies.
INTERNAL MEASURES EFFECT (1) EFFECT (2) The risk of opportunism is reduced; Multi-sourcing is enabled The risk of opportunism is reduced Decision making is facilitated
Apply standard IT
More suppliers available Internal IT knowledge Establish responsible ITO contact enables the supervision and (with IT as a primary task) control of ITO operations Deeper insights into ITO Maintain simplified manual operations are obtained Figure 7: Supplier Lock-in: Internal measures
1
cp. fig.7
64
Within the following figure1 measures which can be taken in connection with external partners are summarized. Again, the effects these measures cause are presented.
EXTERNAL MEASURES Observe the financial situation of IT suppliers Take charge of documentation by IT suppliers Figure 8: Supplier Lock-in: External measures EFFECT Appropriate reactions are enabled Supplier changes and/or backsourcing are facilitated
5.2. HIDDEN COSTS
2. What is the occurrence of the risk of hidden costs in ITO companies? a) Which reasonable measures can ITO companies take in order to mitigate this risk?
According to the transaction cost theory approaches to unanticipated costs presented in chapter 2.4.3.2., after ITO contract conclusions, factors influencing the risk of hidden costs are vendor management, the complexity of organizational peculiarities, the lack of ITO clients' expertise with the outsourced IT and outsourcing, as well as the relatedness of outsourced IT.
The interviewed ITO clients state that they had rather little expertise regarding outsourcing when they started sourcing out significant parts of their respective IT. At the beginning of their respective ITO operations, Company C1 had some and Company C2 had very little IT knowledge. The interviewed IT suppliers state that most of their clients have little expertise and experience in regard to both the outsourced IT and outsourcing. All interviewees confirm the appearance of at least some of the unanticipated costs related to vendor management, that is to say costs related to monitoring, renegotiations and the underestimation of setup costs. Since ITO contracts concluded by companies with little expertise concerning the outsourced IT and/or outsourcing are presumably incomplete, unanticipated costs related to renegotiations and contractual additions are most likely to emerge. It seems as if ITO clients frequently have to face unanticipated costs for monitoring and setup costs which they primarily underestimate, as well.
A measure that companies with little knowledge about the outsourced IT and outsourcing should take regarding the conclusion of ITO contracts consists of calling in external consultants. The very consultants should not only have
1
cp. fig.8
65
expertise regarding the conclusion of outsourcing contracts, but also regarding the IT which is planned to be sourced out. Otherwise, even engaging external consultants might not guarantee complete ITO contracts and the resulting reduction of emergence of unanticipated costs. Another measure companies can take regarding ITO contracts consists of the stipulation of short-term ITO contracts. On the one hand, these are rather expensive and certainly more expensive than long-term contracts. On the other hand, short-term contracts frequently are characterized by the stipulation of fixed prices excluding all additional costs. Often, these contracts include round-the-clock services and guaranteed substitution of defective hardware within 48 hours. Moreover, compared to long-term contracts, short-term contracts permit faster adaptations such as supplier changes or backsourcing operations in case of crucial changes within the ITO companies or within the field of IT.
Once ITO contracts are concluded, companies need to take measures to face the risk of unanticipated costs. Outsourcing companies need to create internal departments dedicated to managing the outsourced IT and define responsibility assignments regarding specific topics. For instance, Company C1 created a department for service and demand level management as soon as a big part of the IT was sourced out. It seems to be evident that the creation of internal departments in charge of ITO management turns unanticipated costs for monitoring and renegotiating into calculated, fixed costs. Additionally, procedures regarding monitoring, reporting and status requests have to be defined so that the tasks performed by the internal departments in charge of ITO management are as accurate as possible.
Furthermore, it seems as if unanticipated costs appearing after the conclusion of ITO contracts are often caused by poor internal knowledge and organization of IT. Frequently, unanticipated costs appear because a lack of internal IT knowledge does not allow deeper insights into the entire extent and complexity of ITO operations. Evidently, this lack of deeper insight leads to situations in which IT suppliers receive inappropriate information or misinformation regarding the planned ITO operations. As a result, it is rather difficult for IT suppliers to realistically estimate the extensiveness and costs of ITO operations. Thus, primarily concluded contracts often need additions which cause unanticipated costs on the part of the ITO clients. It seems as if a lack of internal IT knowledge does also result in difficulties concerning monitoring, because not all cost factors entailed by ITO operations can 66
be comprehended by ITO clients. Hence, clients with little IT knowledge can frequently only check whether tasks have been completed or not, but cannot check all of the underlying cost factors. In such situations, ITO clients are highly dependent on the honesty of their IT suppliers and have to totally trust them. However, ITO companies which monitor the activities of their IT suppliers need to ask themselves how much monitoring is economically justifiable. Certainly, engaging internal personnel to monitor all activities of external IT suppliers leads to high costs. As a result, the costs for internal departments dealing with the management of all outsourced IT might reach dimensions comparable to the costs internal IT provision would cause. Thus, companies need to assign priorities to the outsourced IT tasks and focus on merely monitoring tasks which are defined as being of major importance to the respective ITO company. According to Interviewee S1, organizations of bigger dimensions frequently monitor their outsourced IT whereas smaller companies seldom do. Certainly, these differing practices are based on the availability of financial resources. However, smaller companies which cannot afford the creation of internal departments merely dealing with outsourced IT should at least consider to entrust one employee with the coordination of all external IT provision. This employee should reduce the risk of facing unanticipated costs by preparing a budget which contains all predictable, future expenses for hardware purchases, software updates and maintenance costs. In the field of ITO, especially maintenance requires a significant amount of coordination effort, because IT is continuously becoming more sophisticated and incessantly increases in complexity. Therefore, an employee responsible for the management of outsourced IT appears to be indispensable, even for smaller companies. Furthermore, if this employee has more than just basic IT knowledge this can result in a diminishment of unanticipated costs which can be caused when IT suppliers are misinformed about the attributes of planned ITO operations. This results from the fact that a responsible employee with more than just basic IT knowledge can specify his enquiries. Firstly, when specific enquiries are made, IT suppliers have fewer chances to deliver IT which is inadequate. As already explained, when ITO customers cannot specify and understand the factors underlying an ITO operation, IT suppliers might behave opportunistically and try to implement own products or services even though there would be better solutions for the customer. Secondly, specific enquiries enable the IT suppliers to make offers which are more precise. Hence, the emergence of unanticipated costs is reduced on the part of the ITO customers.
67
Interestingly, as in the case of Company C2, unanticipated coordination costs due to the logical or technological interconnectedness of outsourced IT and internally kept IT do not appear, when companies opt for a total outsourcing approach. 1 Coordination efforts might be reduced to a minimum in such situations, but the amount of outsourced IT certainly reaches dimensions in which reasonable, necessary monitoring becomes quite extensive and costly. Additionally, only keeping a little amount of the IT in-house leads to a high level of dependency on external IT provision and, as already discussed above, increases the risk of supplier lock-in. Summing up, total outsourcing reduces the appearance of some unanticipated costs, but results in higher monitoring costs and a high level of dependency on external IT providers. Hence, total outsourcing cannot be considered as being a reasonable measure to take in order to reduce the risk of appearance of unanticipated costs. Mainly depending on external IT provision and not being able to maintain the ability to work without external partners certainly represents an undesirable, strategic risk for ITO companies. This aspect will be resumed below. The following figures summarize the above mentioned measures which can be taken in order to face the risk of hidden costs. The measures are subdivided into measures which can be taken within an organization and measures which can be taken in regard to external partners. Furthermore, the direct and subsequent effects these measures have are represented. The following figure2 contains measures which can be taken within ITO companies in order to reduce the risk of emergence of hidden costs.
INTERNAL MEASURES EFFECT (1) Establish responsible ITO Unanticipated costs for contact (with IT as a monitoring and renegotiating primary task) turn into fixed costs Establish responsible ITO contact (with more than just IT suppliers receive enquiries basic IT knowledge) which are more precise Figure 9: Hidden Costs: Internal measures EFFECT (2)
The risk of opportunistic behaviour is reduced; Offers made by IT suppliers are more precise
Within the following figure3 external measures which can be taken in order to face the risk of hidden costs are summarized. Again, the direct and subsequent effects these measures have are presented. Total outsourcing as a measure is included in this chart, but, as already explained above, does not represent a reasonable measure to take.
1 2 3
cp. chapter 2.3.1.3. cp. fig.9 cp. fig.10
68
EXTERNAL MEASURES
EFFECT (1)
EFFECT (2)
Unanticipated costs for monitoring and renegotiating turn into fixed costs; Supplier changes and/or backsourcing Conclude short-term ITO are realizable quicker contracts The risk of concluding incomplete ITO contracts is Call in consultants for ITO reduced contract conclusions (Hardly no coordination costs; but high dependency on external provision) (Total Outsourcing) Figure 10: Hidden Costs: External measures
Less unanticipated costs appear
(High monitoring costs)
5.3. LOSS OF CONTROL OVER OUTSOURCED IT
3. What is the occurrence of the risk of loss of control over outsourced IT in ITO companies? a) Which reasonable measures can ITO companies take in order to mitigate this risk? Within chapter 2.4.3.3., resource-based theory was utilized to approach the risk of loss of control over outsourced IT. In the following, IT knowledge, data security and confidentiality are under investigation. IT, as a part of organizational knowledge, continuously gains in importance, because organizational knowledge is frequently perceived as representing the basis for the creation of competitive advantages. Heterogeneity, the difference among resources belonging to competing firms, and immobility, the inability to access resources belonging to a competitor, are the basic prerequisites resources need to fulfil in order to lead to competitive advantages. Heterogeneity in this case refers to IT knowledge and innovative ability whereas immobility refers to data security and confidentiality. Only within Company C1 which is a big company engaging 3,600 employees worldwide, IT is perceived as being an important part of organizational knowledge which does not only influence, but also support all processes within an organization. Statements of Interviewee C2 and the interviewed IT suppliers show that ITO companies frequently do not regard IT as being an important part of organizational knowledge, but that it should be regarded as such. It seems as if within many companies there is a lack of awareness regarding the fact that IT has a significant influence on the creation of competitive advantages. All too often, IT is perceived as merely being a tool and therefore, only attracts attention when problems occur.
69
It seems as if smaller companies tend to regard the innovative ability of IT as being secured by external IT providers whereas bigger companies do not. Frequently, smaller companies do not to have enough financial resources to guarantee that internal personnel keep up with the dynamic field of IT. Thus, external IT provision appears to be advantageous, because external IT suppliers possess expert knowledge which smaller companies are most likely not to have, because of their restricted financial resources. Besides the financial aspect which can lead to ITO, IT suppliers have the chance to conceive of solutions derived from solutions found for other ITO clients. Concerning the innovative ability of IT, this possibility of lateral thinking certainly is an advantageous criterion in favour of external IT provision, because ITO clients can benefit from IT suppliers' experiences. External IT providers should certainly make suggestions regarding innovation of current IT within the organizations of their clients, but, as Interviewee C1 states, external IT suppliers cannot guarantee the innovative abilities of their ITO clients and thus, they should principally fulfil their contractually stipulated tasks. Moreover, as Interviewee C1 underlines, turning suggestions into useful innovations as well as elaborating and integrating processes into the proper business context are tasks which have to be fulfilled by internal IT departments. Obviously, since internal business processes are strongly interconnected and highly complex, individual components of processes are difficult to detach. Furthermore, since internal IT departments have the advantage of being a part of the company they provide with IT, they gain deeper insights into business processes and coherences than external IT providers. Expecting external IT providers to gain similar insights would certainly require a considerable amount of time and thus, would lead to high costs. Consequently, expecting external IT suppliers to guarantee the innovative ability of IT is not appropriate and additionally leads to high costs. It seems as if the complexity of processes increases with the company size and thus, gaining an insight into internal business processes increases in complexity, as well. Regarding data security and confidentiality all respondents agree about the fact that these are issues of major importance in the field of ITO. However, many ITO companies do not realize which risks they take when external IT suppliers gain access to their data. Frequently, IT suppliers have unrestricted access to data and, as Interviewee S2 affirms, not all IT suppliers respect data security and confidentiality. Thus, the loss of control over outsourced IT and data certainly represents a risk which deserves to be considered attentively. It seems as if ITO clients only have two choices regarding this risk. Firstly, they can decide not to source out sensitive data. Secondly, when concluding ITO contracts, ITO clients 70
can stipulate compensations regarding cases of data abuse. Nonetheless, these compensations do only become effective in case of actual data loss and cannot prevent data abuse. Since data represents an intangible asset, it is imaginable that outsourcing companies do not even notice cases of data abuse. As a result, it seems as if besides not sourcing out IT and sensitive data there is no measure companies can take to entirely exclude the loss of data in the context of ITO. It is in the nature of things that ITO entails the risk of data abuse or rather data theft. In order to deal with the latter a company has to decide on how much time and effort are economically justifiable to monitor and control ITO operations which include sensitive data. Therefore, the element of trust appears to be of major importance in ITO relationships. Especially the interviewed IT suppliers affirm that trust is an indispensable requisite for ITO relationships. Interviewee C2 also states that ITO companies need to have trustful relationships with their IT suppliers, because risks of data abuse cannot be excluded entirely. Furthermore, it seems as if internal data security and confidentiality are topics which are frequently disregarded in ITO companies. Within many organizations there seems to be a lack of sensitization concerning the importance of IT, data security and confidentiality. Data security should begin with internal measuresaimed at the organization and control of data. By this means, companies can reduce data theft by employees - which appears to be a topic as important as external data abuse - and can improve the overall data security. In order to do so, companies need to regularly check rights of access and sensitize the internal personnel for the crucial importance of data and its influence on the success of a company. Furthermore, it is reasonable to call in external partners to perform audits in order to check applied practices and documentations. As Interviewee S1 confirms, an internally organized IT implies data security and thus, minimizes economic risks. The very economic risks refer to today's world of work which is characterized by a high dependency on IT. Consequently, IT problems have a negative impact on the work flow which, in turn, leads to economic losses. Summing up, ITO clients need to guarantee the heterogeneity, that is to say the innovative ability, of their IT not only by relying on external partners. Instead, ITO companies need to utilize their expert knowledge about their own organization to apply innovations in a way which allows gaining best possible competitive advantages. Internally, data security and confidentiality can be improved by organizing and controlling access authorizations. Externally, in ITO, the risk of data abuse is not excludable and therefore, the choice of IT suppliers should be scrutinized. Since IT suppliers gain access to sensitive data, they should be trusted in to a great extent. Furthermore, contractual stipulations guaranteeing 71
compensations in case of data abuse should be accompanied by external experts. However, it is crucial to bear in mind that these compensations guarantee financial compensation in case of data abuse, but do not prevent the actual data abuse. The following figures summarize the above mentioned measures which can be taken in order to face the risk of loss of control over outsourced IT. The measures are subdivided into measures which can be taken within ITO companies and measures which can be taken regarding external partners. Moreover, the direct and subsequent effects these measures have are presented. The following figure 1 summarizes which internal measures can be taken in order to face the risk of loss of control over outsourced IT.
INTERNAL MEASURES EFFECT (1) Deeper insights into business Define innovative ability processes and coherences are gained of IT as an internal task Sensitize personnel for the relevance of IT and data Internal data security is improved EFFECT (2) Innovative ability of IT is improved External data security is improved
Regularly check access External data security is authorizations Internal data security is improved improved Figure 11: Loss of Control over outsourced IT: Internal measures
Within the following figure2 external measures which can be taken in order to face the risk of hidden costs are summarized. Again, the direct and subsequent effects these measures cause are presented.
EXTERNAL MEASURES Stipulate compensation agreements EFFECT No prevention of data abuse, but compensation
Regularly call in external partners for internal IT audits Applied practices and documentations are scrutinized Figure 12: Loss of Control over outsourced IT: External measures
5.4. RECAPITULATING THOUGHTS AND BACKSOURCING POTENTIALS
4. How do the risks under consideration influence backsourcing considerations of ITO companies? All respondents agree on the fact that the risks under discussion have a great influence on ITO. It seems to be obvious, that ITO companies need to be active, not reactive, in regard to the risks under consideration. Thus, companies involved
1 2
cp. fig.11 cp. fig.12
72
in ITO should consider the measures mentioned above in order to avoid the negative outcomes these risks can lead to. As Interviewee C1 affirms, Company C1 would certainly be in a much less advantageous situation today if the applied measures would not have been taken. It also seems as if the risks under consideration all have a significant influence on backsourcing considerations. However, backsourcing decisions are certainly not merely based on the ITO risks under discussion, but on a combination of various factors. Nevertheless, the ITO risks under consideration certainly have a considerable influence on backsourcing considerations of ITO companies. Obviously, for companies which cannot afford internal IT departments, backsourcing is not perceived as being an alternative to ITO. For instance, within Company C2, backsourcing is perceived as representing an unrealizable option, because it would not be economically justifiable to establish an internal IT department that deals with all the IT of Company C2. Since IT represents a core competency for IT suppliers, but not for most of the ITO clients, the attempt to establish an internal IT department with similar competencies would certainly entail costly investments and specific training for the personnel of the IT department. Hence, the cost-performance ratio certainly impedes considerations of large-scale inhouse IT provision within smaller companies. Furthermore, mainly relying and depending on external IT provision entails risks such as supplier lock- in and reduces the chances of bringing outsourced IT back in-house, because in such situations internal IT knowledge presumably is low. After all, since organizational growth is, sooner or later, most likely to lead to the necessity of running at least core parts of the IT in-house, even smaller companies should avoid a high level of dependence on external IT provision. Therefore, companies of smaller size should consider selective outsourcing, that is to say they should perform parts of the IT on their own. The IT operations processed inside should be managed by an internal IT department which, according to requirements and financial situations, could even consist of merely one employee. The important task of such an internal IT department consists of first level support, internal IT management, ITO relationship management and the preservation of IT knowledge at a level which is sufficient to run supplier changes or backsourcing operations. Since all respondents state that the transition of specific material and immaterial investments in case of the termination of ITO relationships are usually stipulated in ITO contracts, this does not appear to restrain companies from bringing outsourced IT back in-house. Furthermore, there seems to be an appropriate awareness about the importance of documentations which, as already explained 73
above, noticeably facilitate potential supplier changes or backsourcing operations. Therefore, these issues do not seem to hinder companies from considering backsourcing as an alternative to ITO. Especially companies which source out sensitive data and/or are highly dependent on external IT provision should consider backsourcing. Not only are data security and confidentiality issues which require high levels of trust. Companies which are highly dependent on external IT provision are also highly dependent on the permanent accessibility of their IT suppliers and of their outsourced data. The trouble is that, in such situations, an unavailability of IT suppliers jeopardizes the ITO companies' ability to work and thus, most likely leads to noticeable economic loss. In regard to this issue, internal IT provision has, compared to external IT provision, the major advantage of immediate accessibility and hence, short response time. Certainly, as Interviewee S1 affirms, within each company the maintenance and protection of the internal business processes' capacity to act should be given top priority. Thus, since trustworthiness and accessibility of external IT providers are not controllable, at least core IT processes influencing the ITO companies' capacity to act should be managed internally. It is evident, that running processes internally does not prevent the appearance of problematic situations, but at least external risks can be reduced noticeably. Moreover, it seems as if major projects which require deeper insight into business processes and coherences should preferably be performed by internal IT departments, because external providers most likely need a considerable amount of time and effort to gain the same insights and perform the same tasks. As a result, costs for external provision are most likely to be high. However, smaller projects consisting of simple IT tasks, without involvement of sensitive data and only requiring short-term contractual relationships represent IT operations which can certainly be sourced out with rather little concern in regard to the ITO risks under consideration. However, the possibility of bringing outsourced IT back in- house is not only affected by the complexity of tasks, but also by the demanded service levels and whether these can be achieved internally or not. The complexity of IT tasks seems to grow proportionally with the organizational size. This is affirmed by Interviewee S2, who explains that increasing organizational dimensions lead to increasingly specific requests which, in turn, result in the necessity to collaborate with several, specialized IT suppliers. That is to say, bigger companies have more complex IT structures than smaller companies. Consequently, within bigger organizations there are more sophisticated IT tasks to be performed. As a result, bigger companies are most likely to have difficulties performing all IT tasks on their own. Hence, it seems as if the amount of complex 74
tasks within bigger companies necessitates the collaboration with specialized, external IT suppliers which can perform these tasks. Since not all IT can be performed internally and not all IT should be sourced out for various, above mentioned reasons, selective outsourcing appears to be the right approach for bigger companies, as well. In the end, ITO companies primarily need to guarantee that they stay capable of acting without being totally dependent on external IT provision. Organizational success, which is certainly influenced by IT, should primarily originate within a company and not be totally dependent on external partners.
5.5. SUMMARY AND CONCLUSION
As already presented above, ITO companies regard the risks under discussion as important factors which significantly influence ITO and its success. Several internal and external measures which can be taken in order to face the risks of supplier lockin, hidden costs and the loss of control over outsourced IT were presented above. For the purpose of giving an overview over the discussed measures, they are all summarized in the figure below.1
1
cp. fig.13
75
INTERNAL MEASURES
EFFECT (1)
EFFECT (2) The risk of opportunism is reduced; Multi-sourcing is enabled The risk of opportunism is reduced Decision making is facilitated
Apply standard IT Supplier lock-in Establish responsible ITO contact (with IT as a primary task) Maintain simplified manual EXTERNAL MEASURES Observe the financial situation of IT suppliers Take charge of documentation by IT suppliers INTERNAL MEASURES Establish responsible ITO contact (with IT as a primary task) Establish responsible ITO contact (with more than just basic IT knowledge) EXTERNAL MEASURES
More suppliers available Internal IT knowledge enables the supervision and control of ITO operations Deeper insights into ITO operations are obtained EFFECT Appropriate reactions are enabled Supplier changes and/or backsourcing are facilitated EFFECT (1) Unanticipated costs for monitoring and renegotiating turn into fixed costs IT suppliers receive enquiries which are more precise EFFECT (1) Unanticipated costs for monitoring and renegotiating turn into fixed costs; Supplier changes and/or backsourcing are realizable quicker The risk of concluding incomplete ITO contracts is reduced (Hardly no coordination costs; but high dependency on external provision) EFFECT (1)
EFFECT (2)
Hidden costs
The risk of opportunistic behaviour is reduced; Offers made by IT suppliers are more precise EFFECT (2)
Conclude short-term ITO contracts Call in consultants for ITO contract conclusion
Less unanticipated costs ap p ear
(Total Outsourcing) INTERNAL MEASURES Loss of control over outsourced IT Define innovative ability of IT as an internal task Sensitize personnel for the relevance of IT and data Regularly check access authorizations EXTERNAL MEASURES
(High monitoring costs) EFFECT (2)
Deeper insights into business processes and coherences are Innovative ability of IT is obtained improved Internal data security is improved Internal data security is improved EFFECT External data security is improved External data security is improved
Stipulate compensation No prevention of data abuse, agreements but compensation Regularly call in external Applied practices and documentations are partners for internal IT scrutinized audits Figure 13: ITO Risks: Measures and their effects
After all, it became apparent that all ITO risks under discussion are perceived as being of considerable importance to ITO companies and that - among the risks 76
under consideration - the risk of hidden costs is not perceived as being the most important one. This is rather remarkable, because ITO basically represents a 'make or buy' decision and hence, generally the economic aspects of ITO are the ones primarily considered. Obviously, within ITO, economic aspects are not more important than strategic or technological aspects. Furthermore, it became apparent that the occurrence of supplier lock-in represents an important ITO risk, even though asset specificity is not perceived as posing a major threat leading to supplier lock-in, because investments in material assets are easily replaceable. In fact, the actual dependency on IT suppliers is rather created by the length of stipulated ITO contracts as with specific, material assets procured by IT suppliers. However, IT knowledge represents an intangible asset which might be difficult to replace and thus, increases the risk of high dependency on external IT provision. A restricted number of available suppliers certainly leads to vendor opportunism resulting in decreasing quality of performed tasks, increasing time required to fulfil tasks and finally, to high costs. Apparently, a low level of expertise with ITO also leads to an increase of the risk of supplier lock-in. Many companies involved in ITO seem to be aware of the threat supplier lock-in represents, but there certainly is a need to approach this risk more intensely. Companies can take internal and external measures to face the risk of supplier lock-in. On the one hand, companies can take measures which are aimed at the improvement of the internal organization such as the application of standard IT or the definition of responsible ITO contact persons. On the other hand, companies in ITO relationships can take measures which are not aimed at improving ITO operations by internal modifications, but by actions targeted at the external of a company such as the observance of the financial situations of IT providers. Hidden or rather unanticipated costs represent an ITO risk which appears rather often. Frequently, the appearance of hidden costs is caused by a lack of IT knowledge existing within ITO organizations. Firstly, this lack of IT knowledge results in incomplete contracts which, in turn, cause the emergence of unanticipated costs. The latter mainly consist of vendor management costs such as costs for monitoring and renegotiations. Secondly, the lack of IT knowledge within ITO companies results in the inaptness to recognize the entire extent of planned ITO operations. As a result, information given to external suppliers is most likely to be incomplete and lead to improper offers. Furthermore, little internal IT knowledge increases the dependency on external IT suppliers and constrains the ability of monitoring the correctness of performed tasks. Thus, ITO clients with little IT knowledge are highly dependent on the honesty of the IT suppliers in charge and simply have to trust them. Obviously, such situations can 77
lead to opportunistic behaviour which, in turn, leads to the emergence of unanticipated costs. In order to face the risk of hidden costs, companies involved in ITO can take internal and external measures. An internal measure can consist of creating a responsible person which manages all IT and ITO whereas an external measure can consist of calling in external consultants to assist in the conclusion of ITO contracts. Apparently, the loss of control over outsourced IT represents a crucial risk of ITO. The importance of IT as a part of organizational knowledge which can result in competitive advantages does not seem to be a fact the majority of companies is aware of. Certainly, this lack of awareness regarding the relevance of IT and of internal IT knowledge can especially be found in small companies. These also seem to perceive the innovative ability of IT as being guaranteed through external IT provision. However, the influence the financial situations of ITO companies have on this perception is not to be underestimated. It is evident that the choice for external IT provision is intensified by limited financial resources. Sourcing out sensitive data definitely leads to the risk of data abuse or rather data theft. Regarding these threats, ITO companies can either decide not to source out sensitive data or completely rely on the trustworthiness and honesty of external IT suppliers. ITO clients can take internal and external measures to face the risk of loss of control over outsourced IT. Within organizations, the sensitization of employees for the relevance of IT and data can represent effective measures. An external measure can consist of the stipulation of compensation agreements, which do not hinder data abuse, but at least guarantee financial compensation. All reasonable measures ITO companies can take in order to face the risks of supplier lock-in, hidden costs and the loss of control over outsourced IT presented above are summarized below.1 This figure does not include the effects of the measures, but gives an overview over all reasonable, internal and external measures assigned to the respective ITO risks they belong to.
1
cp. fig.14
78
RISK Supplier Lock-in
INTERNAL MEASURES Apply standard IT
EXTERNAL MEASURES Observe the financial situation of IT suppliers
Establish responsible ITO contact (with Take charge of documentation by IT IT as a primary task) suppliers Maintain simplified ITO documentation/manual Establish responsible ITO contact (with IT as a primary task)
Hidden Costs
Conclude short-term ITO contracts
Establish responsible ITO contact (with Call in consultants for ITO contract more than just basic IT knowledge) conclusion (Total Outsourcing) Define innovative ability of IT as an internal task Stipulate compensation agreements
Loss of Control over outsourced IT
Sensitize personnel for the relevance of Regularly call in external partners for IT and data internal IT audits
Regularly check access authorizations Figure 14: ITO Risks: Internal and external measures
After all, it became apparent that all risks under consideration play decisive roles in regard to backsourcing considerations. Certainly, small companies with limited financial resources are in less advantageous situations than companies which are financially strong, but still even small companies should not take the risks entailed by total outsourcing. Instead of taking these risks companies should consider selective outsourcing. That is to say, an adequate amount of IT - at least core tasks such as first level support and reasonable ITO management - should be guaranteed internally. By this means, future backsourcing operations are facilitated considerably. Furthermore, it became apparent that the transition of material assets and the documentation of provided IT do not represent major problems in regard to backsourcing decisions. It seems as if especially companies which source out sensitive data and/or are highly dependent on external IT provision should consider to bring parts of the outsourced IT back in-house. Companies of rather big dimensions are likely to have complex structures with interconnected business processes which lead to a dilemma. On the one hand, projects which require deeper insights into the specific, complex structure of organizations are most likely to be performed better and more cost-efficient when they are confided to internal IT providers. On the other hand, organizational growth seems to result in an increase of the complexity of IT tasks which need to be fulfilled. As a result, this increasing complexity leads to an increasing necessity to work with specialized, external IT suppliers. Since 79
each case of ITO is characterized by different peculiarities, backsourcing decisions can most likely not be made based on the analysis of a few factors, but need to be scrutinized with regard to the peculiarities of the respective organization under consideration. However, the points mentioned above certainly represent an auxiliary starting point for discussions on backsourcing considerations. Without doubt, ITO companies should primarily aim at guaranteeing their capability of acting without being significantly dependent on external IT provision. By this means, companies which conserve their independency are solely responsible for the efficient utilization of IT. As a result, the influence IT has on the organizational success will primarily originate from internal achievements and is not highly dependent on external partners. Therefore, ITO companies should scrutinize whether it is reasonable to bring parts of their outsourced IT back in-house or not.
80
6. THEORETICAL CONTRIBUTION
6.1. ACHIEVEMENT OF AIMS
The aim of this thesis was the revelation of significant information regarding the prevailing perceptions ITO clients have in regard to the ITO risks of supplier lock-in, hidden costs and the loss of control over outsourced IT. Within the theoretical background, the evolution of ITO and some of the most frequent ITO theories were presented. Moreover, in order to appropriately present in which kind of ITO operations the risks under discussion are most likely to appear, a multidimensional approach was chosen to present the various dimensions of ITO. Furthermore, reasons for and risks of ITO were presented according to their strategic, economic, technological or political nature. Thereupon, the risks selected for further examination were presented and discussed according to transaction cost theory or resource-based theory. Additionally, the dimensions of ITO which are characteristic for the risks under discussion were identified. Since the aim of this thesis was the exposure of relevant information on the prevailing perceptions ITO clients have in regard to supplier lock-in, hidden costs and the loss of control over outsourced IT, primary data was collected. This primary data collection aimed at the revelation of significant information. The very information was obtained by conducting telephone interviews with both ITO clients and IT suppliers and by analyzing these interviews in an extensive way. Furthermore, this work aimed at examining reasonable measures to take with regard to the risks under consideration. These measures were presented according to the respective ITO risk they belong to and the effects these measures have were explained. Additionally, the measures were subdivided into internal and external measures, so that an overview of the presented measures was facilitated. Finally, the influence of the risks under consideration on potential backsourcing considerations was examined.
6.2. PROPOSALS FOR FUTURE RESEARCH
In the following, topics which could be of interest for future research will be addressed. During the realization of this thesis, it became apparent that there are several issues which certainly are worth studying in order to deepen or rather widen the topic of ITO and its risks addressed in this work. Further research in this field of interest is expected to reveal information of considerable importance to companies currently involved in or planning to be involved in ITO.
81
First of all, since the conducted study is a qualitative study of exploratory nature, it would certainly be reasonable to conduct an empirical research aiming at the revelation of statistical evidence for the results found within this study. By this means, the value of the results obtained within this study could be increased. During the data analysis it became apparent that the size of a company has an influence on the complexity of internal IT processes. Since this complexity seems to result in an increasing need for external IT provision, it would certainly be interesting to investigate the actual significance of these coherences in regard to ITO risks and backsourcing considerations. As the loss of control over outsourced IT seems to be related to the existing level of trust among ITO partners, this could be another interesting topic for future research. Especially the risk of data abuse represents a risk which is strongly connected with the aspect of trust. Studies regarding this topic would certainly be of great value to companies involved in ITO, because there seems to be no way of entirely excluding the risk of data abuse and thus, the element of trust appears to be of great importance. One more way of deepening this work could consist of studying the same risks, but with other applied ITO theories. Furthermore, the dimensional characteristics defined for this study could be modified.1 For instance, the effect of a limited number of IT suppliers on the risk of hidden costs or the effect of the location of the IT suppliers on the risk of supplier lock-in could be studied. Such studies could reveal interesting information for companies which plan to source out parts of their IT and want to minimize the occurrence of these specific risks within their ITO operations.
1
cp. fig.4, chapter 2.6.
82
REFERENCES
Adler, P.A. & Adler, P. (1987), "Membership Roles in Field Research", Beverly Hills: Sage, as referred to in Flick, U. (2002) Aubert, B.; Rivard, S.; Patry, M. (2004), "A transaction cost model of IT outsourcing", Information & Management, September 2004, Vol. 41, Issue 7, pp. 921-932 Aulich, C. & Hein, J. (2005), "Whole-of-Government Approaches to Outsourcing and Market Testing by the Commonwealth Government", Australian Journal of Public Administration, Sep2005, Vol. 64, Issue 3, pp. 35-45 Bahli, B. & Rivard, S. (2003), "The information technology outsourcing risk: a transaction cost and agency theory-based perspective", Journal of Information Technology, September 2003, Vol. 18, Issue 3, pp. 211-221 Bahli, B. & Rivard, S. (2005), "Validating measures of information technology outsourcing risk factors" OMEGA - The International Journal of Management Science, Vol. 33, Issue 2, April 2005, pp. 175-187 Barney, J. (1991), "Firm Resources and Sustained Competitive Advantage", Journal of Management, 1991, Vol. 17, No. 1, pp. 99-120 Barthélemy, J. (2003), "The seven deadly sins of outsourcing", Academy of Management Executive, May 2003, Vol. 17, No. 2, pp. 87-98 Clark, T.; Zmud, R.; McCray, G. (1998), "The Outsourcing of Information Services: Transforming the Nature of Business in the Information Industry", Published in "Strategic Sourcing of Information Systems: Perspectives and Practices", Editors: L. Willcocks & M. Lacity; Chichester: John Wiley & Sons Ltd, pp. 45-78 Coase, R. (1937), "The Nature of the Firm", Economica, New Series, November 1937, Vol. 4, No. 16, pp. 386-405 Creswell, J. (2003), "Research Dnesign: Qualitative, Quantitative, and Mixed Methods Approaches", 2 d Edition, Thousand Oaks: Sage Publications, Inc. Cullen, S. & Willcocks, L. (2003), "Intelligent IT Outsourcing: Eight Building Blocks to Success", Oxford: Elsevier Butterworth-Heinemann Deutsche Bank Research, Allweyer, T.; Besthorn, T.; Schaaf, J. (2004), "IT-Outsourcing: Zwischen Hungerkur und Nouvelle Cuisine - die gesamtwirtschaftliche Perspektive", economics, April 2004, No. 43, http://www.dbresearch.de/PROD/DBR_INTERNET_DEPROD/PROD0000000000073793.pdf,thFound on http://www.dbresearch.de, (accessed 8 April 2008)
Deutsche Bank Research, Meyer, T. (2006), "Offshoring an neuen Ufern: Nearshoring nach Mittelund Osteuropa", economics, July 2006, No. 58, http://www.dbresearch.de/PROD/DBR_INTERNET_DEPROD/PROD0000000000200245.pdf,thFound on http://www.dbresearch.de, (accessed 8 April 2008) Deutsche Bank Research, Rollwagen, I. (2007), "Präsentation: Zukünftige Qualitätsanforderungen und Bildungslandschaften", Kongress „Offen für morgen"/Kongress „Bildung und Betreuung", Stuttgart, October 2007, http://www.dbresearch.de/PROD/DBR_INTERNET_DEPROD/PROD0000000000217016.pdf,thFound on http://www.dbresearch.de, (accessed 8 April 2008) Dibbern, J.; Goles, T.; Hirschheim, R.; Jayatilaka, B. (2004), "Information Systems Outsourcing: A Survey and Analysis of the Literature", The DATA BASE for Advances in Information Systems, Fall 2004, Vol. 35, No. 4, pp. 6-102 Earl, M. (1996), "The risks of outsourcing IT", Sloan Management Review, Vol. 37, No. 3, pp. 26-32, as referred to in Gottschalk, P. & Solli-Sæther, H. (2006) Flick, U. (2002), "An Introduction to Qualitative Research", 2nd Edition, Thousand Oaks: Sage Publications, Inc. Gottschalk, P. & Solli-Sæther, H. (2006), "Managing Successful IT Outsourcing Relationships", Hershey: IRM Press Grover, V.; Teng, J.; Cheon, M. (1998), "Towards a Theoretically-based Contingency Model of Information Systems Outsourcing", Published in "Strategic Sourcing of Information Systems: Perspectives and Practices", Editors: L. Willcocks & M. Lacity; Chichester: John Wiley & Sons Ltd, pp. 79-101 Hair, J.; Babin, B.; Money, A.; Samouel, P. (2003), "Essentials of Business Research Methods", New York: John Wiley & Sons, Inc. Hirschheim, R. & Lacity, M. (2000), "The Myths and Realities of Information Technology Insourcing", Communication of the ACM, February 2000, Vol. 43, No. 2, pp. 99-107 Jurison, J. (1998), "A Risk-Return Model for Information Technology Outsourcing Decisions", Published in "Strategic Sourcing of Information Systems: Perspectives and Practices", Editors: L. Willcocks & M. Lacity; Chichester: John Wiley & Sons Ltd, pp. 187-204 Kotter, J. (1979), "Managing External Dependence", The Academy of Management Review, 1979, Vol. 4, No. 1, pp. 87-92
II
Lacity, M. C. & Hirschheim, R. (1995), "Beyond the Information Systems Outsourcing Bandwagon - The Insourcing Response", Chichester: John Wiley & Sons Ltd Lacity, M.; Willcocks, L.; Feeny, D. (1997), "The Value of Selective IT Sourcing", Published in "Managing IT as a Strategic Resource", Editors: L. Willcocks, D. Feeny, G. Islei; Maidenhead: McGraw-Hill Publishing Company, pp. 277-305 Lacity, M. & Willcocks, L. (1998), "An empirical investigation of information technology sourcing practices: lessons from experience", MIS Quarterly, September 1998, Vol. 22, Issue 3, pp. 363-408 Lacity, M. & Willcocks, L. (2001), "Global Information Technology Outsourcing: In Search of Business Advantage", Chichester: John Wiley & Sons Ltd Lee, J.; Huynh, M.; Kwok, R.; Pi, S. (2003), "IT Outsourcing Evolution - Past, Present, and Future", Communications of the ACM, May 2003, Volume 46, Issue 5, pp. 84-89 Loh, L. & Venkatraman, N. (1992), "Diffusion of Information Technology Outsourcing: Influence Sources and the Kodak Effect", Information Systems Research, December 1992, Vol. 3, Issue 4, pp. 334-358 McLaughlin, D. & Peppard, J. (2006), "IT Backsourcing: From 'Make or Buy' to 'Bringing it Back In-house'", Proceedings of the 14th European Conference on Information Systems, Gotenberg, Sweden, June, 2006 Sparrow, E. (2003), "Successful IT Outsourcing: From Choosing a Provider to Managing the Project", (Practitioner series), London: Springer-Verlag Tadelis, S. (2007), "The Innovative Organization: Creating Value Trough Outsourcing", California Management Review, Fall 2007, Vol. 50, No. 1, pp. 261-277 Von Jouanne-Diedrich, H. (2004), "15 Jahre Outsourcing- Forschung: Systematisierung und Lessons Learned", Published in "Informationsmanagement: Konzepte und Strategien für die Praxis", Editors: R. Zarnekow, W. Brenner, H. Grohmann; Heidelberg: dpunkt.verlag GmbH, pp. 125-133 Weakland, T. (2005), DiamondCluster International, Inc., "DiamondCluster 2005 Global IT Outsourcing Study", Spring 2005, http://www.diamondconsultants.com/PublicSite/ideas/perspectives/downlo ads/Diamond2005OutsourcingStudy.pdf, Found otn http://www.diamondconsultants.com, (accessed 8 h April 2008) Willcocks, L & Lacity, M. (1998), "The Sourcing and Outsourcing of IS: Shock of the New?", Published in "Strategic Sourcing of Information Systems: Perspectives and Practices", Editors: L. Willcocks & M. Lacity; Chichester: John Wiley & Sons Ltd, pp. 1-41 III
Willcocks, L.; Hindle, J.; Feeny, D.; Lacity, M. (2004), "IT and Business Process Outsourcing: The Knowledge Potential", Information Systems Management, June 2004, Volume 21, Issue 3, pp. 7-15 Williamson, O. (1975), "Markets and Hierarchies: Analysis and Antitrust Implications - A Study in the Economics of Internal Organization", New York: The Free Press Yin, R. (2003), "Case Study Research: Design and Methods", 3rd Edition, Thousand Oaks: Sage Publications, Inc.
INTERNET SOURCES
Chamber of Commerce and Industry, Frankfurt am Main http://www.frankfurt-main.ihk.de/englhish/business/startup/idem/gbr/index.html, (accessed 15t May 2008) Chamber of Commerce and Industry, Frankfurt am Main http://www.frankfurt-main.ihk.de/english/business/startup/idem/gmbh/index.html, (accessed 15th May 2008) Chamber of Commerce and Industry, Frankfurt am Main http://www.frankfurt-main.ihk.de/enghlish/business/startup/idem/kg/index.html, (accessed 15t May 2008) Choong, A. (2004), "Capgemini sells S'pore, M'sia operations to Frontline", ZDNet Asiah, http://www.zdnetasia.com/news/hardware/0,39042972,39199280,00.htm, (accessed 4t April 2008) Electronic Data Systems Corporation http://www.eds.com/about/history, (accessed 3rd April 2008) Gartner, Inc. http://www.gartner.com, (accessed 4th April 2008) Intel Corporation http://www.intel.com/museum/archives/4004.htm, (accessed 3rd April 2008) J.P. Morgan Chase & Co. http://www.jpmorganchase.comh/cm/cs?pagename=Chase/Href&urlname=j pmc/about/history, (accessed 5t April 2008) Lufthansa Systems AG http://www.lhsystemts.com/resource/document/pdf/news/company_profile _en.pdf, (accessed 5 h April 2008) OANDA Corporation http://www.oanda.com/convert/fxaverage, (accessed 14th May 2008) IV
V
APPENDICES
APPENDIX A1: GERMAN CORRESPONDENCE
Sehr geehrte Damen und Herren, mein Name ist Domenico Blyth und ich studiere in meinem letzten Studienjahr im Europäischen Studiengang Wirtschaft der Fachhochschule Aachen. Im Rahmen dieses Studiengangs besuche ich zurzeit die Mid Sweden University in Östersund und schreibe an meiner Master Thesis. Bei dieser können Sie mir hoffentlich ein wenig weiterhelfen. Das Thema meiner Arbeit sind Risikofaktoren, die die Auslagerung interner IT Prozesse an externe Partner, mit sich bringt. Für den empirischen Teil meiner Arbeit benötige ich nun Aussagen von Verantwortlichen zu Erfahrungen und Umgang mit einigen dieser Risikofaktoren. Ich wäre Ihnen sehr dankbar, wenn Sie mich bei der Realisierung meiner Arbeit unterstützen würden. Ich möchte daher erfragen, ob die Möglichkeit bestünde, die für externe IT Beschaffung verantwortliche Person Ihres Unternehmens telefonisch zu interviewen. Dieses Interview würde zu einem von Ihnen frei gewählten Termin zwischen dem 21. und dem 30. April stattfinden. Es würde circa 30 Minuten dauern und weder Fragen zu konkreten Kosten noch zu technischen Einzelheiten beinhalten. Die Fragen sind eher organisatorischer und strategischer Art. Das Unternehmen eines Interviewpartners sollte lediglich folgende Voraussetzunge erfüllen: 1. ein großer Teil - mindestens 20% - der IT Ausgaben des Unternehmens sollten für externe Beschaffung von IT Diensten bestimmt sein und 2. die Beschaffung sollte von unverbundenen Unternehmen erfolgen. In Vorfreude auf eine zeitnahe Antwort danke ich Ihnen im Voraus für Ihre Unterstützung. Mit freundlichen Grüßen, DomenicoBlyth
VI
APPENDIX A2: ENGLISH CORRESPONDENCE
Dear Sir or Madam, my name is Domenico Blyth and I am attending the European Business Programme at Aachen University of Applied Sciences. Within this programme I am currently studying at Mid Sweden University in Östersund. I am now working on my Master Thesis and hope for your assistance regarding this work. The work deals with risk factors which appear in IT outsourcing to external partners. For the empirical part of my work, I need persons in charge of IT outsourcing to make statements on experiences with and management of some risk factors. I would be very grateful, if you would decide to support the realization of my work. Therefore, I would like to ask whether it is possible to conduct a telephone interview with the employee responsible for the external IT procurement of your company. The very interview would be conducted on a date of your choice between the 21st and the 30th of April. It would take about 30 minutes and would neither contain questions on specific costs nor questions on technological details. The questions are of organizational and strategic nature. The company of an interview partner should merely comply with following requirements: 1. a great part - at least 20% - of all IT expenses of the company should be spent for external IT service provision and 2. the IT provision should be carried out by unconnected companies. In anticipation of a quick reply, I thank you in advance for your assistance. Yours sincerely, DomenicoBlyth
VII
VIII
Allgemeine Fragen zur Person und zum Unternehmen: 1. Welche Position nehmen Sie in Ihrem Unternehmen ein? 2. Seit wann sind Sie in diesem Unternehmen beschäftigt? 3. Wie viele Mitarbeiter beschäftigt Ihr Unternehmen? 4. Wie viele Mitarbeiter beschäftigt Ihre interne IT Abteilung? 5. Wie viel Prozent der IT lagert Ihr Unternehmen an externe Dienstleister aus (circa)? 6. Wie viele IT Dienstleister sind regelmäßig in Ihrem Auftrag tätig? Fragen zu „Lock -in", d.h. Risiken entstehend durch ein hohes Maß an Abhängigkeit in Bezug auf einen oder wenige IT Dienstleister: 7. Gibt es für die von Ihnen ausgelagerten Prozesse nur wenige Anbieter am Markt? a) Führt dies dazu bzw. könnte dies dazu führen, dass der IT Dienstleister opportunistisches Verhalten zeigt, da es nur wenige Alternativen zu ihm gibt? 8. Stellt die Tatsache, dass ein IT Dienstleister zu selbstsicher werden und die Qualität der für Sie erbrachten Leistungen dadurch abnimmt, ein Risiko für Sie dar? 9. Stellt die Tatsache, dass Ihr Unternehmen vom finanziellen Bestehen des IT Dienstleisters abhängig ist, ein Risiko für Sie dar? 10. Stellt die Tatsache, dass Ihr IT Dienstleister durch eines Ihrer Konkurrenzunternehmen gekauft werden und Ihre Daten offen legen könnte, ein Risiko für Sie dar? 11. Erschweren bestimmte Investitionen, die ihr IT Dienstleister speziell zur Erfüllung seiner Aufgaben gegenüber Ihrem Unternehmen getätigt hat, die Möglichkeiten eines Anbieterwechsels bzw. die Wiedereingliederung ausgelagerter IT? 12. Wurden in Ihrem Unternehmen in Bezug auf die genannten Risiken Maßnahmen ergriffen? a) Wenn ja, welche? / Wenn nein, warum nicht? b) Welche Maßnahmen wären Ihrer Meinung nach sinnvoll?
IX
Fragen zu „unvorhergesehenen Kosten", d.h. Kosten, die nicht von vornherein geplant waren, sondern erst nach der tatsächlichen Auslagerung der IT hinzugekommen sind: (Im Folgenden sind „Kosten" gleichzusetzen mit „verwaltungstechnischem Aufwand".) 13. Hatte Ihr Unternehmen wenig Erfahrung bzw. Fachwissen in Bezug auf die auszulagernden IT Prozesse einerseits und Outsourcing im Allgemeinen andererseits? 14. Sind folgende zusätzliche Kosten im Lieferanten-Management angefallen? a) Kosten für Überwachung, d.h. um zu garantieren, dass vertraglich festgelegte Leistungen tatsächlich erbracht wurden? b) Kosten für Verhandlungen, wenn Leistungen nicht ordnungsgemäß erbracht wurden? c) Setup Kosten, die unterschätzt wurden? d) Kosten für Neuverhandlungen, da sich ursprünglich geschlossene Verträge als unvollständig herausgestellt haben? 15. Sind Probleme aufgetreten, weil es eine logische bzw. technische Verbundenheit zwischen ausgelagerten und intern verbliebenen Prozessen gibt? a) Führte die notwendige Koordination zusammenhängender Prozesse zu unvorhergesehenen Kosten? 16. Sind andere unvorhergesehene Kosten angefallen? 17. Wurden in Ihrem Unternehmen in Bezug auf die genannten Risiken Maßnahmen ergriffen? a) Wenn ja, welche? / Wenn nein, warum nicht? b) Welche Maßnahmen wären Ihrer Meinung nach sinnvoll? Fragen zu „Kontrollverlust über ausgelagerte IT", d.h. Kontrollverlust überintern generiertes IT Wissen bzw. IT Kenntnisse, Datensicherheit und Vertraulichkeit: 18. Wird IT innerhalb Ihres Unternehmens als wichtiger Bestandteil organisatorischen Wissens wahrgenommen, welcher zu einem Wettbewerbsvorteil führen kann?
X
19. Konzentriert sich Ihr IT Dienstleister nur auf die Erbringung vertraglich vereinbarter Leistungen oder gibt er auch Anregungen bzw. setzt sich für Neuerungen ein, die in Ihrem Unternehmen zu einem Wettbewerbsvorteil führen könnten? 20. Ist durch einen externen Versorger die Innovationsfähigkeit der IT (und daraus möglicherweise entstehende Wettbewerbsvorteile) gesichert? 21. Stellen ausgelagerte IT bzw. Daten ein Sicherheitsrisiko für Ihr Unternehmen dar? a) Wenn ja, welcher Art? / Wenn nein, warum nicht? 22. Stellt die Tatsache, dass Ihr IT Dienstleister Zugriff auf vertrauliche, interne Kunden- bzw. Geschäftsdaten hat, ein Risiko für Sie dar? a) Wenn ja, welcher Art? / Wenn nein, warum nicht? 23. Wurden in Ihrem Unternehmen in Bezug auf die genannten Risiken Maßnahmen ergriffen? a) Wenn ja, welche? / Wenn nein, warum nicht? b) Welche Maßnahmen wären Ihrer Meinung nach sinnvoll? Fragen zur zusammenfassenden Meinung bezüglich oben genannter Risiken und zu Möglichkeiten der Wiedereingliederung ausgelagerter IT: 24. Stellen die Themen, die hier zur Diskussion stehen, im Allgemeinen bedeutende Risiken für Ihr Unternehmen dar? a) Warum? / Warum nicht? 25. Wurden adäquate Konditionen im Falle einer regulären bzw. irregulären Beendigung des Vertragsverhältnisses vereinbart? a) Wurde der Übergang immateriellen und materiellen Anlagevermögens geregelt? 26. Könnten diese oder andere Probleme innerhalb Ihres Unternehmens zu Erwägungen führen, IT Prozesse wieder einzugliedern? a) Warum? / Warum nicht?
Vielen Dank für Ihre Mithilfe.
XI
XII
Allgemeine Fragen zur Person und zum Unternehmen: 1. Welche Position nehmen Sie in Ihrem Unternehmen ein? 2. Seit wann besteht Ihr Unternehmen? 3. Wie viele Mitarbeiter beschäftigt Ihr Unternehmen? 4. Wie viele Mitarbeiter beschäftigen die internen IT Abteilungen Ihrer Kunden (circa)? 5. Wie viel Prozent der IT lagern Ihre Kunden an Ihr Unternehmen aus (circa)? 6. Für wie viele Unternehmen sind Sie regelmäßig als externer IT Dienstleister tätig (circa)? Fragen zu „Lock -in", d.h. Risiken entstehend durch ein hohes Maß an Abhängigkeit in Bezug auf einen oder wenige IT Dienstleister: 7. Gibt es für die an Sie ausgelagerten IT Prozesse nur wenige Anbieter am Markt? a) Könnte eine solche Situation Ihrer Meinung nach dazu führen, dass IT Dienstleister opportunistisches Verhalten zeigen, da es nur wenige Alternativen für den Kunden gibt? 8. Stellt die Tatsache, dass ein IT Dienstleister in einer solchen Situation zu selbstsicher wird und die Qualität der für den Kunden erbrachten Leistungen dadurch abnimmt, aus Kundensicht ein Risiko dar? a) Sollte sie dies Ihrer Meinung nach? 9. Stellt die Tatsache, dass Ihre Kunden vom finanziellen Bestehen des IT Dienstleisters abhängig sind, aus Kundensicht ein Risiko dar? a) Sollte sie dies Ihrer Meinung nach? 10. Stellt die Tatsache, dass Ihr Unternehmen durch ein Konkurrenzunternehmen eines Kunden gekauft werden und Daten dadurch offen gelegt werden könnten, aus Kundensicht ein Risiko dar? a) Sollte sie dies Ihrer Meinung nach? 11. Erschweren bestimmte Investitionen, die Sie als IT Dienstleister speziell zur Erfüllung Ihrer Aufgaben gegenüber einem bestimmten Kunden getätigt haben, die Möglichkeiten des Kunden bezüglich eines Anbieterwechsels bzw. einer Wiedereingliederung ausgelagerter IT?
XIII
12. Haben Ihre Kunden in Bezug auf die genannten Risiken Maßnahmen ergriffen? a) Wenn ja, welche? / Wenn nein, warum nicht? b) Welche Maßnahmen wären Ihrer Meinung nach sinnvoll? Fragen zu „unvorhergesehenen Kosten", d.h. Kosten, die nicht von vornhereingeplant waren, sondern erst nach der tatsächlichen Auslagerung der IT hinzugekommen sind: (Im Folgenden sind „Kosten" gleichzusetzen mit „verwaltungstechnischem Aufwand".) 13. Haben Ihre Kunden wenig Erfahrung bzw. Fachwissen in Bezug auf die ausgelagerten IT Prozesse einerseits und in Bezug auf Outsourcing im Allgemeinen andererseits? 14. Fallen bei Ihren Kunden folgende unvorhergesehenen Kosten an? a) Kosten für Überwachung, d.h. um zu garantieren, dass vertraglich festgelegte Leistungen tatsächlich erbracht werden? b) Kosten für Verhandlungen, wenn Leistungen nicht ordnungsgemäß erbracht werden? c) Setup Kosten, die unterschätzt werden? d) Kosten für Neuverhandlungen, da sich ursprünglich geschlossene Verträge als unvollständig herausstellen? 15. Treten bei Ihren Kunden Probleme auf, weil es eine logische bzw. technische Verbundenheit zwischen ausgelagerten und intern verbliebenen Prozessen gibt? a) Führt die notwendige Koordination zusammenhängender Prozesse zu unvorhergesehenen Kosten? 16. Fallen bei Ihren Kunden andere unvorhergesehene Kosten an? 17. Haben Ihre Kunden in Bezug auf die genannten Risiken Maßnahmen ergriffen? a) Wenn ja, welche? / Wenn nein, warum nicht? b) Welche Maßnahmen wären Ihrer Meinung nach sinnvoll? Fragen zu „Kontrollverlust über ausgelagerte IT", d.h. Kontrollverlust überintern generiertes IT Wissen bzw. IT Kenntnisse, Datensicherheit und Vertraulichkeit:
XIV
18. Wird IT innerhalb der Unternehmen Ihrer Kunden als wichtiger Bestandteil organisatorischen Wissens wahrgenommen, der zu einem Wettbewerbsvorteil führen kann? a) Sollte sie dies Ihrer Meinung nach? 19. Konzentrieren Sie, als IT Dienstleister, sich nur auf die Erbringung vertraglich vereinbarter Leistungen oder geben Sie auch Anregungen bzw. setzen sich für Neuerungen ein, die im Unternehmen eines Kunden zu einem Wettbewerbsvorteil führen könnten? 20. Halten Ihre Kunden die Innovationsfähigkeit der IT eines Unternehmens durch einen externen IT Versorger für gesichert? a) Halten Sie diese für gesichert? 21. Stellen ausgelagerte IT bzw. Daten aus Kundensicht ein Sicherheitsrisiko dar? a) Wenn ja, welcher Art? / Wenn nein, warum nicht? b) Sollten sie dies Ihrer Meinung nach? 22. Stellt die Tatsache, dass Sie als IT Dienstleister Zugriff auf vertrauliche, interne Kunden- bzw. Geschäftsdaten haben, aus Kundensicht ein Risiko dar? a) Wenn ja, welcher Art? / Wenn nein, warum nicht? b) Sollte sie dies Ihrer Meinung nach? 23. Haben Ihre Kunden in Bezug auf die genannten Risiken Maßnahmen ergriffen? a) Wenn ja, welche? / Wenn nein, warum nicht? b) Welche Maßnahmen wären Ihrer Meinung nach sinnvoll? Fragen zur zusammenfassenden Meinung bezüglich oben genannter Risiken und zu Möglichkeiten der Wiedereingliederung ausgelagerter IT: 24. Stellen die Probleme, die hier zur Diskussion stehen, aus Kundensicht im Allgemeinen bedeutende Risiken dar? a) Warum? / Warum nicht? b) Sollten sie dies Ihrer Meinung nach? 25. Vereinbaren Sie mit Ihren Kunden adäquate Konditionen im Falle einer regulären bzw. irregulären Beendigung eines Vertragsverhältnisses? a) Werden Übergänge immateriellen und materiellen Anlagevermögens geregelt? XV
26. Führen die genannten Risiken innerhalb der Unternehmen Ihrer Kunden zu Erwägungen, ausgelagerte IT wieder einzugliedern? a) Warum? / Warum nicht? b) Sollten sie dies Ihrer Meinung nach?
Vielen Dank für Ihre Mithilfe.
XVI
XVII
General questions regarding the interviewee and the company: 1. Which position do you hold within the company? 2. How long have you been working fort his company? 3. How many employees work for your company? 4. How many employees work for your internal IT department? 5. How many percent of your company's IT is being sourced out to external suppliers? 6. How many IT suppliers are regularly engaged on behalf of your company? Questions regarding "Lock-in", i.e. Risks emerging from a high level of dependency in regard to one or few IT suppliers: 7. Are there only few IT suppliers at the market who can provide the kind of IT processes you source out? a) Does this or rather could this lead to a situation in which an IT supplier shows opportunistic behaviour, because there are only few alternatives to him? 8. Does the fact that an IT supplier could become too self-confident and that, as a result, the quality of provided services could decrease, represent a risk to you? 9. Does the fact that your firm is dependent on the IT supplier's existence pose a risk to you? 10. Does the fact that your IT supplier could be bought by a business rival of yours and hence, reveal your data to the latter, pose a risk to you? 11. Do your IT supplier's investments in assets which are of particular interest for the completion of his tasks regarding your company, exacerbate the potentialities of changing the supplier or bringing outsourced IT back in-house? 12. Have any measures been taken within you company regarding above mentioned risks? a) If yes, which? / If not, why not? b) Which measures would be reasonable from your point of view?
XVIII
Questions regarding "hidden costs", i.e. costs which were not planned right from the start, but supervened after IT has actually been sourced out: (In the following, the term "costs" is synonymous with "administrative effort".) 13. Did your company have little experience and expertise in regard to the IT processes to be outsourced, on the one hand, and outsourcing itself, on the other hand? 14. Did following additional costs appear in vendor management? a) Costs for monitoring, i.e. in order to guarantee that the vendor's performance meets the predefined service levels? b) Costs for negotiations, i.e. problem solving in case of breach of stabilized service levels? c) Costs for setup, which were underestimated? d) Costs for renegotiations, in the case of agreements originally entered into turn out to be incomplete? 15. Did problems appear, because there is a logical or rather technological connectedness among processes that were outsourced and processes that were kept in-house? a) Did the necessary coordination of interconnected processes lead to unanticipated costs? 16. Did other unanticipated costs occur? 17. Have any measures been taken within you company regarding above mentioned risks? a) If yes, which? / If not, why not? b) Which measures would be reasonable from your point of view? Questions regarding "loss of control over outsourced IT", i.e. loss of control over internally generated IT knowledge, data security and confidentiality: 18. Does your company apprehend IT as an important part of organizational knowledge which could lead to a competitive advantage? 19. Does your IT supplier only concentrate on providing your company with requested services or does he also give helpful suggestions for the creation of new IT knowledge which could lead to a competitive advantage? XIX
20. Is the innovative ability regarding IT assured through an external IT supplier? 21. Does outsourced IT or data represent a security risk for your company? a) If yes, why? / If not, why not? 22. Does the fact that your external IT supplier has access to confidential, internal customer and business data pose a risk to you? a) If yes, why? / If not, why not? 23. Have any measures been taken within you company regarding above mentioned risks? a) If yes, which? / If not, why not? b) Which measures would be reasonable from your point of view? Recapitulating questions and backsourcing potentials of outsourced IT: 24. Do the topics under discussion represent considerable risks for your company, in general? a) Why? / Why not? 25. Have adequate terms been stipulated in case of regular or irregular contract termination? a) Has the transition of immaterial and material assets been stipulated? 26. Could the risks under consideration lead to your company's considerations of bringing outsourced IT back in-house? a) Why? / Why not?
Thank you very much for your assistance.
XX
XXI
General questions regarding the interviewee and the company: 1. Which position do you hold within the company? 2. How long have you been working fort his company? 3. How many employees work for your company? 4. How many employees work for your internal IT department? 5. How many percent of your company's IT is being sourced out to external suppliers? 6. How many IT suppliers are regularly engaged on behalf of your company? Questions regarding "Lock-in", i.e. Risks emerging from a high level of dependency in regard to one or few IT suppliers: 7. Are there only few IT suppliers at the market who can provide the kind of IT processes companies source out to your company? a) Does this or rather could this lead to a situation in which an IT supplier shows opportunistic behaviour, because there are only few alternatives to him? 8. Does the fact that an IT supplier could become too self-confident and that this could lead to a decreasing quality of provided services represent a risk to ITO clients? a) Do you think that it should? 9. Does the fact that your clients are dependent on their IT supplier's existence pose a risk to them? a) Do you think that it should? 10. Does the fact that your company could be bought by business rivals of your clients and hence, reveal data to the latter, pose a risk to your clients? a) Do you think that it should? 11. Do your investments in assets which are of particular interest for the completion of tasks regarding specific clients, exacerbate the clients' potentialities of changing the supplier or bringing outsourced IT back in-house? 12. Have any measures been taken within you company regarding above mentioned risks? a) If yes, which? / If not, why not? b) Which measures would be reasonable from your point of view? XXII
Questions regarding "hidden costs", i.e. costs which were not planned right from the start, but supervened after IT has actually been sourced out: (In the following, the term "costs" is synonymous with "administrative effort".) 13. Do your clients have little experience and expertise in regard to the IT processes to be outsourced, on the one hand, and outsourcing itself, on the other hand? 14. Did following additional costs appear on the part of your clients? a) Costs for monitoring, i.e. in order to guarantee that the vendor's performance meets the predefined service levels? b) Costs for negotiations, i.e. problem solving in case of breach of stabilized service levels? c) Costs for setup, which were underestimated? d) Costs for renegotiations, in the case of agreements originally entered into turn out to be incomplete? 15. Do problems appear on the part of your clients, because there is a logical or rather technological connectedness among processes that were outsourced and processes that were kept in-house? a) Does the necessary coordination of interconnected processes lead to unanticipated costs? 16. Do other unanticipated costs occur? 17. Have any measures been taken within you company regarding above mentioned risks? a) If yes, which? / If not, why not? b) Which measures would be reasonable from your point of view? Questions regarding "loss of control over outsourced IT", i.e. loss of control over internally generated IT knowledge, data security and confidentiality: 18. Do your clients apprehend IT as an important part of organizational knowledge which could lead to a competitive advantage? a) Do you think that they should?
XXIII
19. Do you, as an IT supplier, only concentrate on providing stipulated services or do you also give helpful suggestions for the creation of new IT knowledge which could lead to a competitive advantage for your clients? 20. Do your clients perceive the innovative ability of IT as being assured through an external IT supplier? a) Do you think that it is? 21. Do your clients perceive outsourced IT or data as being a security risk? a) If yes, why? / If not, why not? b) Do you think that they should? 22. Does the fact that you, as an external IT supplier, have access to confidential, internal customer and business data pose a risk to your clients? a) If yes, why? / If not, why not? b) Do you think that it should? 23. Do your clients take any measures regarding above mentioned risks? a) If yes, which? / If not, why not? b) Which measures would be reasonable from your point of view? Recapitulating questions and backsourcing potentials of outsourced IT: 24. Do the topics under discussion represent considerable risks for ITO clients, in general? a) Why? / Why not? b) Do you think that they should? 25. Do you stipulate adequate terms in case of regular or irregular contract termination? a) Do you stipulate the transition of immaterial and material assets? 26. Could the risks under consideration lead to your clients' considerations of bringing outsourced IT back in-house? a) Why? / Why not? b) Do you think that they should?
Thank you very much for your assistance.
XXIV
doc_803376351.docx
Outsourcing is the contracting out of an internal business process to a third-party organization. The term "outsourcing" became popular in the United States near the turn of the 21st century. Outsourcing sometimes involves transferring employees and assets from one firm to another, but not always.
A STUDY ON INFORMATION TECHNOLOGY OUTSOURCING AND ITS RISKS
SUPPLIER LOCK-IN, HIDDEN COSTS AND THE LOSS OF CONTROL OVER OUTSOURCED IT
ABSTRACT
Nowadays, information technology outsourcing (ITO) represents an established business practice in which a considerable number of companies are involved. Since the success of ITO is highly dependent on the exposure to ITO risks, studying the very risks is of great importance. The aim of this thesis consists in revealing the occurrence of specific ITO risks: supplier lock-in, hidden costs and the loss of control over outsourced IT. Further aims of this work are the revelation of measures which can be taken in order to face these risks and of the influences these risks have on backsourcing considerations. The first part of this thesis constitutes the theoretical framework which is based on the review of relevant literature. Within this part of the work, transaction cost theory and resource-based theory are presented and applied for the discussion of the specific ITO risks under consideration. Furthermore, a multidimensional approach is utilized in order to illustrate the various dimensions of ITO. By this means, the identification of situations in which the ITO risks under consideration appear is enabled. The empirical part of this exploratory research is based on a multiple case study. The data necessary for this qualitative research was gathered from telephone interviews conducted with both ITO clients and IT suppliers. The results of this study indicate that the ITO risks under consideration all pose considerable threats to ITO operations and that there are both internal and external measures ITO companies can take in order to face these risks. Furthermore, the risks under discussion influence backsourcing considerations.
ii
TABLE OF CONTENTS
1. INTRODUCTION .............................................................................................1
1.1. PROBLEM FORMULATION............................................................................................................ 1 1.2. DELIMITATION OF THE STUDY .................................................................................................... 3 1.3. PURPOSE OF THE STUDY.............................................................................................................. 4 1.4. DISPOSITION ............................................................................................................................... 4
2. THEORETICAL BACKGROUND .................................................................6
2.1. ITO THEORIES ............................................................................................................................ 6 2.1.1. TRANSACTION COST THEORY ............................................................................................. 7 2.1.2. RESOURCE THEORIES .......................................................................................................... 8 2.1.3. OVERVIEW OVER ITO THEORIES......................................................................................... 9 2.2. THE EVOLUTION OF ITO ........................................................................................................... 10 2.2.1. THE HISTORY OF ITO........................................................................................................ 10 2.2.2. ITO TODAY....................................................................................................................... 11 2.3. ITO DIMENSIONS ...................................................................................................................... 12 2.3.1. MULTIDIMENSIONALITY OF ITO ....................................................................................... 12 2.3.1.1. Location............................................................................................................ ........ 13 2.3.1.2. Financial dependency ............................................................................................... 14 2.3.1.3. Degree of external procurement ............................................................................... 15 2.3.1.4. Strategic aspects ....................................................................................................... 15 2.3.1.5. Chronological order.................................................................................................. 16 2.3.1.6. Number of suppliers ................................................................................................. 16 2.3.2. DELIMITATION OF RELEVANT ITO DIMENSIONS................................................................ 17 2.4. ITO - REASONS AND RISKS ...................................................................................................... 19 2.4.1. REASONS FOR ITO ............................................................................................................ 19 2.4.1.1. Strategic Reasons for ITO ........................................................................................ 19 2.4.1.2. Technological Reasons for ITO................................................................................ 20 2.4.1.3. Economic Reasons for ITO ...................................................................................... 21 2.4.1.4. Political Reasons for ITO ......................................................................................... 22 2.4.2. RISKS OF ITO .................................................................................................................... 22 2.4.2.1. Strategic Risks of ITO .............................................................................................. 23 2.4.2.2. Technological Risks of ITO ..................................................................................... 23 2.4.2.3. Economic Risks of ITO ............................................................................................ 24 2.4.2.4. Political Risks of ITO............................................................................................... 25 2.4.3. DELIMITATION OF RISKS ................................................................................................... 26 2.4.3.1. Supplier Lock-In....................................................................................................... 26 2.4.3.2. Hidden Costs ............................................................................................................ 28 2.4.3.3. Loss of Control over outsourced IT.......................................................................... 30 2.5. SUMMARY OF THE THEORETICAL BACKGROUND ...................................................................... 31 2.6. RESEARCH DELIMITATION ........................................................................................................ 31
3. METHODOLOGY ..........................................................................................34
3.1. RESEARCH PURPOSE ................................................................................................................. 34 3.2. RESEARCH METHOD ................................................................................................................. 35
iii
3.3. RESEARCH DESIGN ................................................................................................................... 35 3.3.1. DATA COLLECTION ........................................................................................................... 36 3.3.1.1. The Interviewer ........................................................................................................ 36 3.3.1.2. The Interviewees ...................................................................................................... 37 3.3.1.3. The Interview Guide................................................................................................. 38 3.3.2. STRENGTHS ....................................................................................................................... 40 3.3.3. WEAKNESSES .................................................................................................................... 40 3.4. DATA PRESENTATION AND DATA ANALYSIS ............................................................................ 41 3.5. QUALITY OF RESEARCH DESIGN ............................................................................................... 42 3.5.1. CONSTRUCT VALIDITY ...................................................................................................... 42 3.5.2. INTERNAL VALIDITY.......................................................................................................... 43 3.5.3. EXTERNAL VALIDITY......................................................................................................... 43 3.5.4. RELIABILITY...................................................................................................................... 44
4. DATA PRESENTATION ...............................................................................45
4.1. GENERAL INFORMATION........................................................................................................... 45 4.1.1. COMPANY C1 .................................................................................................................... 45 4.1.2. COMPANY C2 .................................................................................................................... 46 4.1.3. COMPANY S1 .................................................................................................................... 47 4.1.4. COMPANY S2 .................................................................................................................... 47 4.2 SUPPLIER LOCK-IN..................................................................................................................... 48 4.2.1. COMPANY C1 .................................................................................................................... 48 4.2.2. COMPANY C2 .................................................................................................................... 49 4.2.3. COMPANY S1 .................................................................................................................... 50 4.2.4. COMPANY S2 .................................................................................................................... 50 4.3. HIDDEN COSTS.......................................................................................................................... 52 4.3.1. COMPANY C1 .................................................................................................................... 52 4.3.2. COMPANY C2 .................................................................................................................... 52 4.3.3. COMPANY S1 .................................................................................................................... 53 4.3.4. COMPANY S2 .................................................................................................................... 53 4.4. LOSS OF CONTROL OVER OUTSOURCED IT ................................................................................ 54 4.4.1. COMPANY C1 .................................................................................................................... 54 4.4.2. COMPANY C2 .................................................................................................................... 55 4.4.3. COMPANY S1 .................................................................................................................... 56 4.4.4. COMPANY S2 .................................................................................................................... 57 4.5. RECAPITULATING THOUGHTS AND BACKSOURCING POTENTIALS............................................. 58 4.5.1. COMPANY C1 .................................................................................................................... 58 4.5.2. COMPANY C2 .................................................................................................................... 59 4.5.3. COMPANY S1 .................................................................................................................... 59 4.5.4. COMPANY S2 .................................................................................................................... 60
5. DATA ANALYSIS...........................................................................................61
5.1. SUPPLIER LOCK-IN.................................................................................................................... 61 5.2. HIDDEN COSTS.......................................................................................................................... 65 5.3. LOSS OF CONTROL OVER OUTSOURCED IT ................................................................................ 69 5.4. RECAPITULATING THOUGHTS AND BACKSOURCING POTENTIALS............................................. 72 5.5. SUMMARY AND CONCLUSION ................................................................................................... 75
iv
6. THEORETICAL CONTRIBUTION.............................................................81
6.1. ACHIEVEMENT OF AIMS ............................................................................................................ 81 6.2. PROPOSALS FOR FUTURE RESEARCH......................................................................................... 81
REFERENCES ...................................................................................................... I APPENDICES..................................................................................................... VI
APPENDIX A1: GERMAN CORRESPONDENCE....................................................................................VI APPENDIX A2: ENGLISH CORRESPONDENCE...................................................................................VII APPENDIX B1: GERMAN INTERVIEW GUIDE - ITO CLIENTS......................................................... VIII APPENDIX B2: GERMAN INTERVIEW GUIDE - IT SUPPLIERS ..........................................................XII APPENDIX B3: ENGLISH INTERVIEW GUIDE - ITO CLIENTS ........................................................XVII APPENDIX B4: ENGLISH INTERVIEW GUIDE - IT SUPPLIERS......................................................... XXI
TABLE OF FIGURES
Figure 1: Overview of ITO theories; adapted from Dibbern, J.; Goles, T.; Hirschheim, R.; Jayatilaka, B. (2004) .....................................................................9 Figure 2: Multidimensionality of ITO; adapted from von Jouanne-Diedrich, H. (2004).....................................................................................................................13 Figure 3: Delimitation of considered ITO Dimensions; adapted from von JouanneDiedrich, H. (2004)................................................................................................19 Figure 4: ITO risks, dimensional characteristics and applied ITO theories; own elaboration .............................................................................................................32 Figure 5: ITO risks and influencing factors derived from applied ITO theories...33 Figure 6: Overview of Questions included in the Interview Guide.......................39 Figure 7: Supplier Lock-in: Internal measures ......................................................64 Figure 8: Supplier Lock-in: External measures .....................................................65 Figure 9: Hidden Costs: Internal measures............................................................68 Figure 10: Hidden Costs: External measures.........................................................69 Figure 11: Loss of Control over outsourced IT: Internal measures.......................72 Figure 12: Loss of Control over outsourced IT: External measures......................72 Figure 13: ITO Risks: Measures and their effects .................................................76 Figure 14: ITO Risks: Internal and external measures ..........................................79
v
TABLE OF ABBREVIATIONS
CEO CIO IS IT ITO RBT RDT TCT US US$ € Chief Executive Officer Chief Information Officer Information Systems Information Technology Information Technology Outsourcing Resource-Based Theory Resource-Dependency Theory Transaction Cost Theory United States of America US Dollar Euro
vi
1. INTRODUCTION
Over the past decades, information technology outsourcing (ITO) considerably altered the worldwide economic environment. ITO comprises two indispensable elements of today's business world: information technology (IT) 1 and outsourcing. Without doubt, technological achievements have revolutionized and will keep on changing both everyday life and working practices. Due to the process of globalization, the competitiveness of companies incessantly gains in importance. Outsourcing, which today represents an established business practice, is frequently perceived as a chance to improve the competitiveness and the success of companies. According to a study conducted by IT research and consulting organization Gartner2, the global ITO market amounted to US$ 180.5 billion, in 2003. 3 However, the "fact that firms are increasingly turning to external suppliers in order to meet their IT needs does not mean that outsourcing is a panacea or that it is without problems".4 Therefore, since the global ITO market has reached such a significant magnitude and companies involved in ITO are certainly interested in the successful realization of ITO operations, studying ITO and its risks is of great importance.
1.1. PROBLEM FORMULATION
In recent years, many authors have dealt with various facets of ITO, but this vast topic still allows a considerable amount of research. Authors such as Sparrow scrutinized factors influencing the success of ITO5 and Barthélemy addressed reasons for failure of ITO.6 Furthermore, authors like Lacity and Hirschheim dealt with practices and decisions of IT insourcing.7 The risks of ITO were scrutinized by authors such as Bahli and Rivard, but still there is rather little literature focussing on specific ITO risks.8
1
NB: As this is common practice in ITO literature, Information Technology (IT) and Information Systems (IS) will be used interchangeably in the fo llowing. 2 cp. http://www.gartner.com (accessed 4thApril 2008) 3 cp. Choong, A. (2004), "Capgemini sells S'pore, M'sia operations to Frontline", ZDNet Asia, http://www.zdnetasia.com/news/hardware/0,39042972,39199280,00.htm (accessed 4th April 2008) 4 Bahli, B. & Rivard, S. (2003), "The information technology outsourcing risk: a transaction cost and agency theory-based perspective", Journal of Information Technology, September 2003, Vol. 18, Issue 3, pp. 211221, p. 211 5 cp. Sparrow, E. (2003), "Successful IT Outsourcing: From Choosing a Provider to Managing the Project", (Practitioner series), London: Springer-Verlag 6 cp. Barthélemy, J. (2003), "The seven deadly sins of outsourcing", Academy of Management Executive, May 2003, Vol. 17, No. 2, pp. 87-98 7 cp. Lacity, M. C. & Hirschheim, R. (1995), "Beyond the Information Systems Outsourcing Bandwagon The Insourcing Response", Chichester: John Wiley & Sons Ltd 8 cp. Bahli, B. & Rivard, S. (2003)
Since ITO represents a major strategic decision, the successful realization of ITO is of great importance. Frequently, companies source out rather large parts of their IT, confiding the successful performance of the outsourced tasks to external partners. Certainly, this represents a precarious situation which implicates many risks. Since these risks have an impact on the successful realization of ITO, the necessity to deal with these risks is evident. For ITO companies, understanding and knowing how to face ITO risks represent major tasks to perform. This work will include the presentation of several ITO risks, but will focus on three specific ITO risks: supplier lock-in, hidden costs and the loss of control over outsourced IT. ITO risks such as supplier lock-in, hidden costs and the loss of control over outsourced IT represent potential constraints to the successful realization of ITO and hence, are topics worth studying. It is not only important to study the occurrence of ITO risks, but also to reveal which reasonable measures companies can take in order to face these risks. Certainly, the revelation of these measures is a prerequisite for the deterioration of negative outcomes ITO risks can have on ITO operations. Furthermore, revealing the influence ITO risks have on backsourcing considerations increases the level of awareness regarding the significance of specific ITO risks.
Since outsourcing basically represents a 'make or buy' decision, transaction cost theory will be explained and applied in order to discuss the ITO risks of supplier lock-in and hidden costs. Furthermore, since IT represents an indispensable resource which influences the success of companies, resource-based theory will be discussed and applied to the risk of loss of control over outsourced IT.
In order to reveal the occurrence of the ITO risks mentioned above, these risks will be discussed in accordance with aforementioned ITO theories. This discussion will result in the identification of factors which influence the ITO risks under consideration. The telephone interviews conducted for this study are based on these influencing factors and finally, enable to respond to the following research questions: 1. What is the occurrence of the risk of supplier lock-in in ITO companies? a) Which reasonable measures can ITO companies take in order to mitigate this risk? 2. What is the occurrence of the risk of hidden costs in ITO companies?
2
a) Which reasonable measures can ITO companies take in order to mitigate this risk? 3. What is the occurrence of the risk of loss of control over outsourced IT in ITO companies? a) Which reasonable measures can ITO companies take in order to mitigate this risk? In addition, one more research question derived from the three aforementioned research questions will be posed. Recently, the appearance of the term backsourcing, which refers to the termination of an existing outsourcing relation in order "to bring operations back in-house"1, has increased in ITO literature. In 2005, a study conducted by DiamondCluster International revealed that in the twelve months previous to the study, about 50 percent2 of the organizations under investigation "had abnormally terminated an outsourcing relationship".3 That is to say, ITO contracts primarily concluded were terminated before their regular expiration. The fact that this considerable number of ITO projects fail certainly confirms the relevance of backsourcing as a future ITO topic. However, ITO risks such as the three risks under consideration have an influence on the success of ITO operations and, in turn, the success of ITO operations certainly has an influence on backsourcing considerations. As a result, understanding the effect of ITO risks on potential backsourcing decision appears to be of great importance. Hence, in order to reveal the effects the ITO risks under consideration have on backsourcing considerations, the following research question has been formulated: 4. How do the risks under consideration considerations of ITO companies? influence backsourcing
1.2. DELIMITATION OF THE STUDY
The aim of this study is to respond to the four research questions mentioned above. Obviously, these research questions only address three specific ITO risks, so that many other risks entailed by ITO will not be included in the empirical part of this study.
1 2
Sparrow, E. (2003), p. 223 cp. Weakland, T. (2005), DiamondCluster International, Inc., "DiamondCluster 2005 Global IT Outsourcing Study", Spring 2005, http://www.diamondconsultants.com/PublicSite/ideas/perspectives/downloads/Diamond2005OutsourcingStu dy.pdf (accessed 8th April 2008), p. 6 3 ibid.
3
The risks under consideration are likely to appear within ITO companies of all sizes. Since recent ITO literature does predominantly not distinguish between small and medium-sized enterprises and large companies, there will be no such distinction within this work either. However, noticeable aspects regarding the size of ITO companies will be presented within the empirical part of this work. Since the aim of this work is an in-depth examination of specific ITO risks, logical conclusions which contribute to recent theory in the field of ITO shall be derived from the results of this study. However, the aim of this work is not to find statistical evidence for the results obtained, but to derive logical contributions to theory.
1.3. PURPOSE OF THE STUDY
The aim of this thesis is the exposure of relevant information on the prevailing perceptions of IT outsourcing companies regarding the risks of supplier lock-in, hidden costs and the loss of control over outsourced IT. Furthermore, the measures taken in order to face these risks shall be discussed and evaluated. The role these risks play in connection with backsourcing considerations shall be revealed, as well. As the ITO risks under discussion pose a threat to the successful realization of ITO operations, the analysis of their appearance in today's business world certainly is of great importance to practitioners and theorists alike. Thus, students as well as decision makers interested or involved in ITO situations are the addressees of this paper. The decision makers involved in ITO situations can either be ITO clients or IT suppliers interested in the perceptions regarding the risks under discussion. Furthermore, the findings of this paper shall contribute to managers' capability to scrutinize ITO operations they are in charge of in terms of ITO risks and backsourcing considerations.
1.4. DISPOSITION
This thesis consists of six chapters. These chapters contain the introduction, the theoretical background, the methodology, the data presentation, the data analysis and the theoretical contribution of this work. In the following, the content of these chapters will be outlined. The introduction of this thesis includes the general introduction to ITO and its risks and illustrates the relevance of this topic. Furthermore, the introduction
4
contains the presentation of the research questions under discussion as well as the delimitation and the purpose of this study. The second chapter of this work contains the theoretical background within which transaction cost theory and resource theories are presented. Thereafter, the past and the present of ITO are represented. Furthermore, the various dimensions of ITO are illustrated via the utilization of a multidimensional model. Thereupon, reasons for and risks of ITO are presented. Hereupon, three of these risks are presented in-depth. In the end, presented theories, dimensions and risks of ITO are combined illustrating the delimitation of the empirical study. The third chapter of this thesis is dedicated to the presentation of the applied research method and the research design. The presentation of the latter includes both the description of the data collection and the discussion of weaknesses and strengths of the utilized methods. Furthermore, an outline regarding the data presentation and the data analysis which are part of the subsequent chapter is presented. The fourth chapter of this work contains the presentation of empirical data. Within this chapter, the results obtained from the conduction of telephone interviews are represented. The fifth chapter of this thesis is dedicated to the data analysis. The analysis is arranged according to the research questions mentioned above and comprises the responses to the very research questions. Furthermore, the ITO risks and the measures taken in order to face these risks are combined and discussed. Additionally, both recapitulating thoughts and the influence these risks have on backsourcing considerations are presented. The sixth chapter of this work contains a presentation of the achievement of aims and suggestions for future research.
5
2. THEORETICAL BACKGROUND
Since this paper is limited in terms of scope and time, not all aspects which could be considered in the vast field of ITO and its risks can be discussed. Nonetheless, the following work will also include insights into facets which cannot be dealt with indepth, but which are of great relevance, because they represent a shared basis for discussion. Within the following theoretical framework, transaction cost theory and resource theories will be explained. Afterwards, an overview of recent ITO theories will be illustrated. The subsequent part will be dedicated to the evolution of ITO including decisive cornerstones such as Eastman Kodak's decision to outsource its IT operations to external suppliers.1 Afterwards, the work will include a brief presentation of the scope ITO has reached, today. Hereupon, the various dimensions of ITO will be illustrated via the utilization of a multidimensional model. By this means, a framework for the classification of ITO and situations in which specific risks appear will be given. Thereupon, prevalently mentioned reasons for and risks of ITO will be presented. The particular attention will be dedicated to three ITO risks: supplier lockin, hidden costs and the loss of control over outsourced IT. These ITO risks emerge during actual ITO operations, that is to say they emerge after ITO contracts have been concluded. The appearance of these three ITO risks will be linked to the various dimensions of ITO. Furthermore, in order to provide an adequate basis for their analysis within the empirical part of this work, these risks will be discussed in-depth. This discussion will be based on transaction cost theory and resource-based theory.
2.1. ITO THEORIES
Recent ITO literature comprises various ITO theories which all represent different perspectives on ITO operations. These theories are not mutually exclusive and thus, can even be combined in order to examine ITO operations from different angles.2 As already mentioned above, the scope of this work is limited and thus, the presentation of ITO theories will only concentrate on some of the most frequently discussed theories in ITO literature: transaction cost theory and resource theories.
1
cp. Dibbern, J.; Goles, T.; Hirschheim, R.; Jayatilaka, B. (2004), "Information Systems Outsourcing: A Survey and Analysis of the Literature", The DATA BASE for Advances in Information Systems, Fall 2004, Vol. 35, No. 4, pp. 6-102, p. 7 2 cp. Gottschalk, P. & Solli-Sæther, H. (2006), "Managing Successful IT Outsourcing Relationships", Hershey: IRM Press, p. 71
6
2.1.1. TRANSACTION COST THEORY Without doubt, transaction cost theory (TCT) is one of the most cited ideas in ITO literature. TCT is often named in conjunction with Oliver Williamson 1 and basically has its origins in Ronald Coase's "The Nature of the Firm"2 from 1937. Coase characterizes transaction costs as being the main "determinant of the boundaries of the firm".3 This assumption is based on the fact that market transactions always involve costs. In fact, TCT represents the typical 'make or buy' approach, which compares internal production costs with external transaction costs.4 According to Williamson, a particular characteristic of this theory is that it is based on two behavioural assumptions: bounded rationality and opportunism.5 The former refers to the impossibility of possessing and including all relevant information when making a 'make or buy' decision.6 In addition, the human capabilities do not enable the anticipation of all consequences which decisions might cause. 7 The second behavioural assumption, opportunism, alludes to the possibility of a vendor behaving opportunistically in order to attain a personal advantage. In other words, this assumption refers to the vendor who is "self- interest seeking with guile".8 Williamson states that the risk of opportunism represents a threat when there are only a small number of suppliers.9 In this case, he recommends the stipulation of adequate contracts in order to reduce potential opportunism.10 Willcocks and Lacity state that TCT "has become a major starting point for those studying IS outsourcing"11 and that it is a useful instrument enhancing the understanding of ITO. 12 It seems to be obvious that, since ITO basically represents a 'make or buy' decision, it is quite inevitable to consider TCT when discussing ITO. As a result, within this thesis the assumptions related to transaction cost theory will be considered, as well.
1 2
cp. Lacity, M. & Hirschheim, R. (1995), p. 24 Coase, R. (1937), "The Nature of the Firm", Economica, New Series, November 1937, Vol. 4, No. 16, pp. 386-405 3 Gottschalk, P. & Solli-Sæther, H. (2006), p. 71 4 cp. Jurison, J. (1998), "A Risk-Return Model for Information Technology Outsourcing Decisions", Published in "Strategic Sourcing of Information Systems: Perspectives and Practices", Editors: L. Willcocks & M. Lacity; Chichester: John Wiley & Sons Ltd, pp. 187-204, p. 191 5 cp. Williamson, O. (1975), "Markets and Hierarchies: Analysis and Antitrust Implications. A Study in the Economics of Internal Organization", New York: The Free Press, p. 254 6 cp. Lacity, M. & Hirschheim, R. (1995), p. 36 7 cp. Bahli, B. & Rivard, S. (2003), p. 213 8 Williamson, O. (1975), p. 26 9 cp. ibid., p. 27 10 cp. ibid. 11 Willcocks, L & Lacity, M. (1998), "The Sourcing and Outsourcing of IS: Shock of the New?", Published in "Strategic Sourcing of Information Systems: Perspectives and Practices", Editors: L. Willcocks & M. Lacity; Chichester: John Wiley & Sons Ltd, pp. 1-41, p. 9 12 cp. ibid.
7
2.1.2. RESOURCE THEORIES In contrast to TCT which reflects an economic approach, resource theories can be classified as being strategic management approaches.1 Resource theories can be subdivided into two categories: resource-based theory and resource-dependency theory.2 Resource-based theory (RBT) is based on the assumption that resources which fulfil specific criteria might lead to competitive advantages. According to RBT, such competitive advantages presume the existence of resource heterogeneity and resource immobility.3 The prerequisite of resource heterogeneity refers to the fact that competitive advantages are only possible if the resources possessed by competing companies are different, that is to say the resources must be heterogeneous.4 The other assumption, resource immobility, refers to the inability to get access to the resources of competitors.5 Based on these two assumptions, Barney identified four criteria which resources must fulfil in order to lead to a "sustainable competitive advantage".6 According to these criteria, resources must be valuable, rare, imperfectly imitable and not substitutable.7 After all, RBT suggests that a company which has resources characterized by these criteria will be able to gain competitive advantages.8 Resource-dependency theory (RDT) in contrast to RBT does not focus on analyzing the interior, but the exterior of companies, that is to say their environment. RDT assumes that each organization is dependent on external resources which are being controlled by others. These resources include "land, labor, capital, information or a specific product or service".9 Since resources which companies cannot provide internally have to be acquired externally10, RDT assumes that every organization's success depends on its ability to obtain resources from external partners. Since IT today represents an indispensable factor for each organization and outsourcing represents a form of external provision, resource theories seem to be reasonable theories to apply when discussing ITO. The relevance TCT and
1
cp. Grover, V.; Teng, J.; Cheon, M. (1998), "Towards a Theoretically-based Contingency Model of Information Systems Outsourcing", Published in "Strategic Sourcing of Information Systems: Perspectives and Practices", Editors: L. Willcocks & M. Lacity; Chichester: John Wiley & Sons Ltd, pp. 79-101, p. 84 2 cp. Dibbern, J.; Goles, T.; Hirschheim, R.; Jayatilaka, B. (2004), p. 19 3 cp. Barney, J. (1991), "Firm Resources and Sustained Competitive Advantage", Journal of Management, 1991, Vol. 17, No. 1, pp. 99-120, p. 105 4 cp. ibid., p. 104 5 cp. ibid., p. 105 6 ibid., p. 115 7 cp. ibid. 8 cp. Grover, V.; Teng, J.; Cheon, M. in Willcocks, L. & Lacity, M. (1998), p. 84-85 9 Kotter, J. (1979), "Managing External Dependence", The Academy of Management Review, 1979, Vol. 4, No. 1, pp. 87-92, p. 87 10 cp. Grover, V.; Teng, J.; Cheon, M. in Willcocks, L. & Lacity, M. (1998), p. 88
8
resource theories have in the field of ITO seems to be obvious and hence, keeping above mentioned theories in mind will hopefully contribute to the extension of perspectives with regard to the further reading process.
2.1.3. OVERVIEW OVER ITO THEORIES Since the aforementioned ITO theories only represent two of many frequent ITO theories, the following chart1 adapted from Dibbern et al. has been included in this work. This chart does not contain all existing ITO theories, but certainly provides the reader with an adequate overview over current ITO theories. The figure includes the level of analysis, the description of basic assumptions and the core focal points of the mentioned theories. The reason for illustrating this chart is to enable readers interested in ITO theories to deal with other than the mentioned ITO theories, as well. The chart facilitates dwelling on theories that arouse interest in the reader by presenting key authors associated with each mentioned theory. Certainly, the latter aspect represents a major benefit of this overview.
Figure 1: Overview o2f ITO theories; adapted from Dibbern, J.; Goles, T.; Hirschheim, R.; Jayatilaka, B. (2004)
1 2
cp. fig.1 cp. Dibbern, J.; Goles, T.; Hirschheim, R.; Jayatilaka, B. (2004), "Table 3. Overview of Theoretical
9
2.2. THE EVOLUTION OF ITO
In the following, in order to give an insight into the evolution of ITO, the history and the present of ITO will be presented briefly. Certainly, this presentation is indicative and auxiliary for comprehending where ITO is today and how it could develop in the future.
2.2.1. THE HISTORY OF ITO ITO as a business practice did not emerge recently, but can be traced back to the 1960s.1 At that time, the utilization of information technology was characterized by heavy, high priced computers which, because of their sensitivity in regard to "temperature, humidity and dust"2, required a specific, monitored environment.3 Since smaller companies neither had the financial capabilities nor the expertise to run these systems, they were highly dependent on large IT suppliers. During this era, successful companies, such as Ross Perot's Electronic Data Systems4 which seized their chance to benefit from the lack of affordable computers, were established. Apparently, at that time, sourcing out IT operations certainly was no free choice for most of the outsourcing companies, but still this era can be considered as being the beginning of ITO.5 The two following decades - the 1970s and the 1980s - were characterized by significant technological progress such as the development of the Intel 4004 - the world's first microprocessor.6 As a result of such far-reaching achievements, the userfriendliness of IT products increased and prices for hardware as well as standard software decreased significantly, so that virtually every company could consider and afford running its own IT.7 In the beginning, this newly gained accessibility combined with the perception of IT as being "a source of competitive advantage"8, led to companies' effort to operate and control all IT themselves. At that time, firms' decisions to run IT on their own were additionally strengthened by a lack of available IT suppliers.9
Foundations", p. 18 cp. Lee, J.; Huynh, M.; Kwok, R.; Pi, S. (2003), "IT Outsourcing Evolution - Past, Present, and Future", Communications of the ACM, May 2003, Volume 46, Issue 5, pp. 84-89, p. 84 2 Sparrow, E. (2003), p. 2 3 cp. ibid. 4 cp. http://www.eds.com/about/history (accessed 3rd April 2008) 5 cp. Sparrow, E. (2003), p. 2 6 cp. http://www.intel.com/museum/archives/4004.htm (accessed 3rd April 2008) 7 cp. Sparrow, E. (2003), p. 2 8 ibid. 9 cp. ibid., p. 3
1
10
However, in 1989, Eastman Kodak sourced out its IT operations "to IBM, DEC and Businessland" thereby laying the foundation for the perception of ITO as a pivotal practice for IT management1 and, as a result, for the magnitude of today's ITO market. The implementation of this business practice in a large company like Eastman Kodak was - within other firms - apprehended as a legitimization for sourcing out IT.2 Eastman Kodak's US$ 1 billion deal3 was a watershed in ITO history and today, the fact that a large number of organizations such as Continental Airlines and Xerox4 followed the example set by Eastman Kodak, is known as the "Kodak effect".5
2.2.2. ITO TODAY Today, the ITO market has reached an immense scope. According to Lacity et al., in 1989, the global ITO market had reached a modest level of US$ 4 billion.6 In 1990, the scope of global ITO had already more than doubled, accounting for US$ 9 billion.7 Four years later, in 1994, the global ITO market "exceeded US$49.5 billion"8 and, in 1999, according to estimations referred to by Lacity and Willcocks, the market had grown to US$ 100 billion. 9 Willcocks et al., for instance, state that "IT outsourcing global revenues"10 in 2002 were as high as US$ 154 billion.11 Apparently, estimations about the global ITO market size and growth diverge due to different definitions of ITO and different resources. However, the proportions of the estimations regarding the scope of the ITO market remain comparable and impressive, as well. ZDNet Asia referring to a study conducted by IT research and consulting organization Gartner12, reported that the global ITO market had reached US$ 180.5 billion, in 2003.13 Within this general scope, the European market has taken up a considerable position. According to Deutsche Bank Research, the European ITO market had a volume of US$ 36.2 billion14, in 2002,
1 2
cp. Lee, J.; Huynh, M.; Kwok, R.; Pi, S. (2003), p. 86 cp. Dibbern, J.; Goles, T.; Hirschheim, R.; Jayatilaka, B. (2004), p. 7 3 cp. ibid., p. 8 4 cp. Lacity, M.; Willcocks, L.; Feeny, D. (1997), "The Value of Selective IT Sourcing", Published in "Managing IT as a Strategic Resource", Editors: L. Willcocks, D. Feeny, G. Islei; Maidenhead: McGraw-Hill Publishing Company, pp. 277-305, p. 277 5 Dibbern, J.; Goles, T.; Hirschheim, R.; Jayatilaka, B. (2004), p. 7 6 cp. Lacity, M.; Willcocks, L.; Feeny, D. (1997) in L. Willcocks, D. Feeny, G. Islei; p. 277 7 cp. Lacity, M. & Willcocks, L. (2001), "Global Information Technology Outsourcing: In Search of Business Advantage", Chichester: John Wiley & Sons Ltd, p. 2 8 Lacity, M. et al. in Willcocks, L. et al. (1997), p. 277 9 cp. Lacity, M. & Willcocks, L. (2001), p. 2 10 Willcocks, L.; Hindle, J.; Feeny, D.; Lacity, M. (2004), "IT and Business Process Outsourcing: The Knowledge Potential", Information Systems Management, June 2004, Volume 21, Issue 3, pp. 7-15, p. 7 11 cp. ibid. 12 cp. http://www.gartner.com (accessed 4th April 2008) 13 cp. Choong, A. (2004), "Capgemini sells S'pore, M'sia operations to Frontline", ZDNet Asia, http://www.zdnetasia.com/news/hardware/0,39042972,39199280,00.htm (accessed 4th April 2008) 14 NB: € 38.3 billion, converted at an annual, average exchange rate (2002) as found on http://www.oanda.com/convert/fxaverage (accessed 14th May 2008 )
11
and a volume of US$ 49.2 billion1, in 2003.2 Within the European market, the German market is by all means one of the most important ones. In 2003, the German ITO market had an estimated volume of US$ 12.0 billion. 3 In other words, in 2003 the German ITO market represented about 25% of the entire European ITO market. This well depicts the importance ITO has within the European Community and especially, the relevance this topic has for the German economy and German companies, as well. Similar to the Eastman Kodak case mentioned above, recently there has been a major case, which created attention among the ITO community. In 2002, the financial service provider J.P. Morgan Chase sourced out its IT activities to IBM in a deal which was worth US$ 5 billion and thus, arrested the attention of the ITO world.4 In July 2004, J.P. Morgan Chase merged with Bank One and, as a result of Bank One's philosophy consisting in not outsourcing IT operations, finally decided to bring its outsourced IT back in-house.5 It seems as if this significant event could be an impulse for other companies' reflection regarding their own ITO operations and thus, indicate a future backsourcing trend. Certainly, keeping in mind the dimensions of today's ITO market, the relevance of backsourcing is perspicuous and therefore, the importance of involving backsourcing in this and future research projects is, as well.
2.3. ITO DIMENSIONS
2.3.1. MULTIDIMENSIONALITY OF ITO Nowadays, ITO literature offers many different ways of categorizing outsourcing operations. Defining to which specific ITO situations discussions of ITO and its risks refer is of great importance, because the various risks of ITO can be assigned to a variety of different situations. Therefore, in order to facilitate the clarification regarding the situations in which certain ITO risks could emerge, a model which
1
NB: € 43.5 billion, converted at an annual, average exchhange rate (2003) as found on http://www.oanda.com/convert/fxaverage (accessed 14t May 2008 ) cp. Deutsche Bank Research, Rollwagen, I. (2007), "Präsentation: Zukünftige Qualitätsanforderungen und Bildungslandschaften", Kongress „Offen für morgen"/Kongress „Bildung und Betreuung", Stuttgart, October 2007, http://www.dbresearch.de/PROD/DBR_INTERNET_DEPROD/PROD0000000000217016.pdf (accessed 8th April 2008) , p. 19 3 NB: € 10.6 billion, converted at an annual, average exchange rate (2003) as found on http://www.oanda.com/convert/fxaverage (accessed 14th May 2008 ); cp. Deutsche Bank Research, Allweyer, T.; Besthorn, T.; Schaaf, J. (2004), "IT-Outsourcing: Zwischen Hungerkur und Nouvelle Cuisine die gesamtwirtschaftliche Perspektive", economics, April 2004, No. 43, http://www.dbresearch.de/PROD/DBR_INTERNET_DE-PROD/PROD0000000000073793.pdf (accessed 8th April 2008), p. 7 4 cp. Tadelis, S. (2007), "The Innovative Organization: Creating Value Trough Outsourcing", California Management Review, Fall 2007, Vol. 50, No. 1, p. 265 5 cp. Ibid.
2
12
permits the definition of various dimensions of ITO seems to be reasonable. By means of the following model1 which was partially translated from German into English, Holger von Jouanne-Diedrich depicts the many dimensions of ITO quite well.2 Since in this model 'sourcing' is used interchangeably with the term 'outsourcing', this will apply to this work, as well.
Financial Dependency Location
Offshore-Outsourcing External Outsourcing Internal Outsourcing Nearshore-Outourcing
Degree of external Procurement
Total Outsourcing Selective Outsourcing Total Insourcing
ITO
Single-Sourcing Multi-Sourcing Insourcing Co-Sourcing Transitional Outsourcing
Number of Suppliers
Outsourcing Value-added Outsourcing Backsourcing
Strategic Aspects
Chronological Order
Figure 2: Multidimensionality of ITO; adapted from von Jouanne-Diedrich, H. (2004)3
In the following, the dimensions mapped in this illustration will be presented and thereupon, the scope for this research project will be delimited. The criteria will be defined according to relevant ITO literature.
2.3.1.1. Location This dimension refers to the geographical distance among the outsourcing clients and the suppliers. Offshore outsourcing, also known as "global outsourcing"4, refers to purchasing IT from suppliers which are located overseas.5 A prime example for this type of ITO is a company from the US sourcing out services such as software development to IT suppliers in India, which is known for being the leading country among all IT providing countries.6 Regarding ITO, approximately
1 2
cp. fig.2 cp. von Jouanne-Diedrich, H. (2004), "15 Jahre Outsourcing- Forschung: Systematisierung und Lessons Learned", Published in "Informationsmanagement: Konzepte und Strategien für die Praxis", Editors: R. Zarnekow, W. Brenner, H. Grohmann; Heidelberg: dpunkt.verlag GmbH, pp. 125-133, p. 127 3 cp. ibid. 4 Gottschalk, P. & Solli-Sæther, H. (2006), p. 136 5 cp. Willcocks, L & Lacity, M. in L. Willcocks & M. Lacity (1998), p. 4 6 cp. Gottschalk, P. & Solli-Sæther, H. (2006), pp. 137
13
"60-80 per cent of the global market"1 belongs to India. Firstly, this is due to the fact that India and several other offshore locations offer both an acceptable degree of political stability and lower labour costs than many other countries. Secondly, India and other offshore locations also have the expert knowledge and technological capabilities necessary to be perceived as being reliable IT suppliers. Nearshore outsourcing, on the other hand, refers to sourcing out IT to countries which are geographically close to the country in which the outsourcing companies are located. The advantages are often perceived as being similar to the ones gained from offshore outsourcing and complemented by the expectation of less communication costs and problems among ITO clients and IT suppliers.2 The latter assumption is mainly based on the fact that, due to the geographical proximity, the outsourcing companies hope to benefit from lower language barriers, less interpretative misunderstandings thanks to cultural closeness and a rather high level of personal accessibility.3 It seems as if these assumptions can be supported, because among countries within Europe there will certainly be less cultural differences than among European and Asian countries, for instance. An example for nearshoring would be a German company sourcing out to Poland.
2.3.1.2. Financial dependency This dimension addresses the financial dependency among the ITO clients and IT the suppliers. External outsourcing refers to contractual partnerships among separate entities.4 This means that the outsourced processes are confided to third party vendors providing the requested services.
Internal outsourcing refers to ITO partnerships including two separate companies which both are affiliated to the same corporate group.5 Obviously, such situations result in atypical supplier-client relationships, because both parties are influenced by common decision makers.
Spin-offs are a particular way of sourcing out IT operations. Spin-offs are new companies established out of former IT departments. The business purpose consists of providing both the founding companies and other, external companies with specific services, in this case IT provision. An example for the successful
1 2
Sparrow, E. (2003), p. 15 cp. Deutsche Bank Research, Meyer, T. (2006), "Offshoring an neuen Ufern: Nearshoring nach Mittel- und
Osteuropa", economics, July 2006, No. 58, http://whww.dbresearch.de/PROD/DBR_INTERNET_DEPROD/PROD0000000000200245.pdf (accessed 8t April 2008), p. 6 3 cp. ibid. 4 cp. von Jouanne-Diedrich, H. (2004), p. 128 5 cp. ibid.
14
realization of a spin-off is Lufthansa Systems which is a Deutsche Lufthansa spinoff.1 It seems to be obvious that the relation between ITO partners might differ depending on their financial dependency.
2.3.1.3. Degree of external procurement The degree of external procurement refers to the total amount of IT companies decide to source out. Total outsourcing implies that outsourcing companies place the responsibility for "at least 80% of their IS budgets"2 on external suppliers.
Selective outsourcing refers to sourcing out between 20 and 80% of the total IT to external partners.3 Since selective outsourcing implies that a considerable part of the IT tasks is not sourced out, this can be regarded as a more moderate approach than total outsourcing.
Total insourcing refers to situations in which companies decide to keep the main part of their IT in-house. More precisely, this means that "over 80% of the IS budget"4 are spent on internal IT supply.
2.3.1.4. Strategic aspects This dimension refers to the aim which originates the realization of ITO operations. Value-added outsourcing implies that ITO relationships represent more than mere client-supplier dependency, but instead are partnerships based on the competencies of the partners that are involved. The reason for this kind of collaboration is selling IT solutions to external customers.5 Furthermore, value- added outsourcing includes sharing profits and risks among the business partners.6
Transitional outsourcing stands for organizations' decisions to source out parts of their IT in order to free resources for the development and/or implementation of new technology. This kind of outsourcing is basically caused by the dynamics characterizing the IT market and the frequently resulting necessity to contemporaneously run different systems.7
1
NB: Today, Lufthansa Systems is one of world's largest IT service suppliers known in the aviation industries. For further information cp. http://www.lhsystems.com/resource/document/pdf/news/company_profile_en.pdf, (accessed 5th April 2008), p. 1 2 Lacity, M. & Hirschheim, R. (1995), p. 4 3 cp. von Jouanne-Diedrich, H. (2004), p. 128 4 Lacity, M. & Hirschheim, R. (1995), p. 4 5 cp. Lacity, M. & Willcocks, L. (2001), p. 19 6 cp. ibid. 7 cp. ibid., p. 10
15
Co-sourcing contracts are based on performance in terms of the ITO clients' organizational objectives. This means that the IT supplying companies are not simply paid for providing pre-fixed services, but according "to the effective alignment of IT assets and expenditures with business objectives".1 It seems to be evident, that this kind of outsourcing requires a sound collaboration among the contracting partners.
2.3.1.5. Chronological order Insourcing can be referred to as the analysis of outsourcing possibilities compared to internal IT provision and a resulting decision to keep IT in-house. 2 Of course, this decision implies the assumption that the quality of internal IT supply is at least equal to the quality external IT provision would generate.3 Insourcing, of course, refers to a situation in which companies decide to provide IT operations internally. Outsourcing is the next step companies can take in order to perform IT related tasks. One of the most frequent definitions of ITO is determined by Loh and Venkatraman who "define IT outsourcing as the significant contribution by external vendors of the physical and/or human resources associated with the entire or specific components of the IT infrastructure in the user organization". 4 Obviously, outsourcing implies that ITO companies rely on the IT suppliers' correct performance of outsourced tasks. Backsourcing is a term used to describe the case in which organizations decide to terminate established outsourcing partnerships in order to reintegrate outsourced IT. This means that companies involved in ITO decide to bring outsourced IT back in-house.5 Obviously, backsourcing represents the end of ITO relationships.
2.3.1.6. Number of suppliers Single-sourcing consists of the practice of committing all outsourced activities to just one vendor. Obviously, this means that the ITO relationship is characterized by a high level of dependency.
1 2
Lacity, M. & Willcocks, L. (2001), p. 28 cp. Hirschheim, R. & Lacity, M. (2000), "The Myths and Realities of Information Technology Insourcing", Communication of the ACM, February 2000, Vol. 43, No. 2, p. 100 3 cp. ibid. 4 Loh, L. & Venkatraman, N. (1992), "Diffusion of Information Technology Outsourcing: Influence Sources and the Kodak Effect", Information Systems Research, December 1992, Vol. 3, Issue 4, pp. 334-358, p. 336 5 cp. Sparrow, E. (2003), p. 223
16
Multi-sourcing, however, is characterized by outsourcing organizations' choices to rely on more than one supplier. Reasons for choosing a multi-sourcing strategy are the fear of being highly dependent on only one supplier and the high degree of specialization required in regard to different IT processes which are being sourced o ut .1
2.3.2. DELIMITATION OF RELEVANT ITO DIMENSIONS In the following, in order to create an adequate basis that ensures common understanding of the risks which will be under investigation, it will be outlined which dimensions will be considered in the further discussion and which will not, and why. The location of the supplier plays no significant role within the broader aim of this paper. Even though the geographical position of outsourcing suppliers certainly has a significant impact on the costs and, therefore, on many outsourcing decisions, the aim of this paper is not primarily connected with this analysis of location in connection with ITO and its risks. Thus, this dimension will not be considered in the following. The financial dependency among the ITO partners certainly has a significant influence on the relationship between them. Companies which belong to the same corporate group represent ITO relationships which are characterized by interdependency and this certainly has an influence on the perception of ITO risks. This work focuses on ITO risks which emerge when IT is entrusted to partners that cannot be influenced by means of a common administration, for instance. Therefore, the further discussion asks for a focus on external, that is to say unconnected, entities. Hence, all topics discussed below will apply to ITO operations involving ITO companies and external, unconnected IT suppliers. Concerning the degree of external procurement, outsourcing and selective outsourcing represent situations that will be considered in the following. The ITO risks which will be discussed below result from rather significant levels of external IT provision and therefore, in the following, the term outsourcing will comprise selective outsourcing, as well. Correspondingly, in the following, outsourcing will refer to an amount of outsourced IT characterized by a value of at least 20% in regard to the overall IT expenses.
1
cp. Sparrow, E. (2003), p. 159
17
Strategic choices underlying the creation of ITO relationships are not of particular interest for the further discussion, because they refer to the phase before IT is actually sourced out. Since the discussion of ITO risks will be focussed on ITO risks which appear during actual ITO operations, already existing ITO relationships will be assumed. The dimension regarding the chronological order will partly be taken into account in the further discussion. As ITO risks emerge when IT is being sourced out, outsourcing will be assumed as the starting point for the further discussion. Later on, backsourcing will also be taken into account in order to see whether it is a potential alternative for organizations threatened by the specific ITO risks under consideration. The number of suppliers - as long as they are external suppliers - is not of major interest for the following discussion. However, as one of the ITO risks discussed below - supplier lock-in - will ask for either single or few supplier situations the case of single-sourcing has to be considered. Since this particular setting is only needed in regard to the discussion of one ITO risk under consideration, multi- sourcing will be considered, as well. In order to provide the reader with a concluding overview of dimensions or rather parts of specific dimensions that will be considered in the following, the multidimensionality model presented above1 was modified. The modified model is represented in the following chart.2
1 2
cp. fig.2 cp. fig.3
18
Financial Dependency Location
Offshore-Outsourcing External Outsourcing Internal Outsourcing Nearshore-Outourcing
Degree of external Procurement
Total Outsourcing Selective Outsourcing Total Insourcing
ITO
Single-Sourcing Multi-Sourcing Insourcing Co-Sourcing Transitional Outsourcing
Number of Suppliers
Outsourcing
Value-added Outsourcing
Backsourcing
Strategic Aspects
Chronological Order
Figure13: Delimitation of considered ITO Dimensions; adapted from von Jouanne-Diedrich, H. (2004)
2.4. ITO - REASONS AND RISKS
The vast field of ITO contains many studies which focus on the revelation of advantages and disadvantages or rather reasons and risks perceived as being linked to ITO operations. In the following, aspects readers usually encounter when they deal with the pros and cons of ITO are represented. The reasons for and risks of ITO have been categorized according to their strategic, technological, economic or political nature and will be presented accordingly in the following.
2.4.1. REASONS FOR ITO Nowadays, a considerable amount of ITO literature primarily focuses on representing the advantages of and the reasons for ITO. Since the positive effects of ITO certainly act as a counterbalance to the ITO risks which will be addressed below, some of the most frequently mentioned reasons for ITO are presented in the following.
2.4.1.1. Strategic Reasons for ITO Among the reasons for ITO characterized as being of a strategic nature, there can frequently be found reasons related to outsourcing companies' chances to focus
1
cp. von Jouanne-Diedrich, H. (2004), p. 127
19
on their respective core businesses.1 This point refers to the fact that ITO firms obtain the chance to concentrate on activities which they are best at and which thus represent an advantage over competitors.2 Another frequently mentioned strategic reason for ITO is the facilitation of reorganization processes such as mergers and acquisitions.3 The core business of IT providers is IT and therefore, the services they supply are based on a high level of experience and expertise. As a result, IT providers are able to support reorganizations of companies quicker and more efficiently than internal IT departments are.4 The augmentation of flexibility associated with the manageability of IT resources is another element reflecting a strategic reason for ITO.5 This point refers to the reduced response time ITO companies have in case of changing capacity needs, for instance.6
2.4.1.2. Technological Reasons for ITO It is in the nature of things, that discussing ITO implicates the discussion of frequently mentioned technological reasons for and advantages of ITO. A major advantage obtained through IT outsourcing is the "access to leading edge technologies faster and less expensive than otherwise".7 This access requires a sound relationship among ITO clients and IT suppliers which, as a result, will enable their ITO clients to get in touch with other companies the IT suppliers work with.8 Another frequently mentioned technological reason for ITO is the increasing pace of internal IT developments. Companies which decide to source out IT have the chance to keep some IT operations, which are perceived as being related to the organizations' core capacities, in-house.9 Hence, the residual internal IT is focused on and in line with the companies' "core business mission".10 As a result, the rapidity with which new applications can be developed increases.
1 2 3
cp. Sparrow, E. (2003), p. 18 cp. ibid. cp. Sparrow, E. (2003), p. 21 cp. ibid. 4 cp. Jurison, J. in L. Willcocks & M. Lacity (1998), p. 188 5 cp. Sparrow, E. (2003), p. 26
6 7
Clark, T.; Zmud, R.; McCray, G. (1998), "The Outsourcing of Information Services: Transforming the Nature of Business in the Information Industry", Published in "Strategic Sourcing of Information Systems: Perspectives and Practices", Editors: L. Willcocks & M. Lacity; Chichester: John Wiley & Sons Ltd, pp. 4578, p. 62 8 cp. ibid. 9 cp. ibid., p. 61 10 ibid.
20
Finally, the reduction of technology related risk is a reason for ITO, because firms entrusting IT to external suppliers also pass on the risks IT operations bring about. 1 For instance, due to the dynamic character of the field of IT and the continuous technological advancements, an important risk associated with IT provision is "technological obsolescence".2 Evidently, by sourcing out their IT, companies can avoid meeting this kind of problems.
2.4.1.3. Economic Reasons for ITO The economic reasons for ITO are probably the most frequently found ones in ITO literature. Since the 'make or buy' decision underlying an outsourcing decision aims at the optimization of cost structures, a major advantage hoped for in ITO operations is cost reduction.3 The latter is expected to result from economies of scale which IT suppliers can achieve.4 The very economies of scale enable IT suppliers to generate services at lower costs than the internal IT departments of the ITO companies could.5 These lower costs are reflected in the prices offered by IT suppliers and hence, lead to cost savings on the side of the outsourcing companies.6 The improvement of cost control is another economic reason for ITO, because by stipulating contracts with defined performance levels requested from the vendor, the predictability of IT related costs is perceived to increase. 7 Additionally, IT costs turn from being fixed costs for IT assets into variable costs for external IT provision which can be modified according to current business demands.8 It is evident that companies which entrust their IT operations to professional service providers expect improved service and quality of IT services. 9 The improvements of quality and service which external providers can offer compared to internal IT departments are due to better accessibility to new technological achievements and due to the dedication - and financial necessity - to satisfy the ITO customers.10
1 2 3
cp. Clark, T.; Zmud, R.; McCray, G. in L. Willcocks & M. Lacity (1998), p. 62 ibid. cp. Jurison, J. in L. Willcocks & M. Lacity (1998), p. 188 4 cp. Sparrow, E. (2003), p. 25 5 cp. Jurison, J. in L. Willcocks & M. Lacity (1998), p. 188 cp. ibid. 6 cp. Sparrow, E. (2003), p. 25 7 cp. Clark, T.; Zmud, R.; McCray, G. in L. Willcocks & M. Lacity (1998), p. 61
8 9 10
cp. Sparrow, E. (2003), p. 22 cp. Clark, T.; Zmud, R.; McCray, G. in L. Willcocks & M. Lacity (1998), p. 61
21
2.4.1.4. Political Reasons for ITO As Lacity and Willcocks found out when they analyzed 145 interviews1, a political reason for ITO is that - within some sectors - ITO is accepted to such an extent that it can be understood "as a viable, irreversible trend"2 which each firm needs to follow. An example regarding this point was given above in conjunction with the ITO decision made by Eastman Kodak 3 which induced increasing acceptance and application of ITO all over industries. Another political reason for ITO is that managers often believe that evaluating the possibilities to outsource IT "demonstrates their willingness to subordinate the good of [the] IT department for the good of the overall business".4 Apparently, this behaviour aims at enhancing the managers' support within their respective organization and is not essentially related to an ITO decision which is motivated by genuine reasons. Rarely, a political reason for outsourcing may consist in governmental regulations such as enforced "market testing".5 This governmental regulation refers to the mandatory comparison between the provision through public services and the provision through external, that is to say private, suppliers. 6 A reason for this comparison is the economic valuation of ITO alternatives compared to internal IT provision.7
2.4.2. RISKS OF ITO For the purpose of providing a shared comprehension of the word, now a brief definition of the term risk will be given. Bahli and Rivard adopt "the notion of risk exposure, wherein the probability of occurrence of an undesirable outcome and the loss associated with it are taken into account".8 This definition is adequate to the following discussion, because it does not only refer to one negative outcome such as financial or rather economic loss, but to negative outcomes of any kind.
1
cp. Lacity, M. & Willcocks, L. (1998), "An empirical investigation of information technology sourcing practices: lessons from experience", MIS Quarterly, September 1998, Vol. 22, Issue 3, pp. 363-408, p. 363 2 ibid., "Table 2. Participant Expectations/Reasons", p. 369 3 cp. chapter 2.2.1. 4 Lacity, M. & Willcocks, L. (1998), "Table 2. Participant Expectations/Reasons", p. 369 5 ibid. 6 cp. Aulich, C. & Hein, J. (2005), "Whole-of-Government Approaches to Outsourcing and Market Testing by the Commonwealth Government", Australian Journal of Public Administration, Sep2005, Vol. 64, Issue 3, pp. 35-45, p. 36 7 cp. ibid. 8 Bahli, B. & Rivard, S. (2005), "Validating measures of information technology outsourcing risk factors" OMEGA - The International Journal of Management Science, Vol. 33, Issue 2, April 2005, pp. 175-187, p. 176
22
2.4.2.1. Strategic Risks of ITO Representing a major strategic decision, ITO holds a considerable number of risks which decision makers have to bear in mind. The enhanced complexity of external IT management compared to internal IT management is a strategic risk implied by ITO.1 According to Clark et al., ITO companies have to deal with "procurement and contract management"2 in order to guarantee that the suppliers' IT provision complies with the predefined performance levels.3 It is evident that the complexity of coordination entailed by ITO augments in case of IT tasks being subdivided among internal IT departments and external IT providers.4 Decision makers in charge have to keep in mind that such situations require unambiguous definitions regarding the respective areas of responsibility.5 Of course, such circumstances most likely lead to an enhancement of anticipated IT management costs.6
Another strategic ITO risk of ITO consists in the fact that ITO operations include IT which is closely linked to core activities of ITO companies and that hence, potential competitive advantages are negatively influenced.7 Obviously, this risk is of great importance, because it is strongly related to companies' competitive ability and thus, to their success. Another important risk of strategic nature entailed by ITO operations is supplier lockin.8 This risk refers to situations in which outsourcing companies are highly dependent on one or few IT suppliers. Such situations are critical due to two major difficulties they imply. Firstly, suppliers knowing that ITO clients have no other suppliers may become overconfident and, as a result, the quality of provided services is at risk of diminishing.9 Secondly, the ITO clients' provision is additionally threatened by "potential bankruptcies and other financial disasters"10 occurring to IT suppliers they are highly dependent on.
2.4.2.2. Technological Risks of ITO Without doubt, a major concern of ITO consists of the technological risks it entails. Sourcing out IT operations implies the risk of losing internal IT knowledge. This loss of IT knowledge is caused by the fact that the IT provided
1 2
cp. Clark, T.; Zmud, R.; McCray, G. in L. Willcocks & M. Lacity (1998), p. 68 ibid. 3 cp. ibid. cp. ibid. cp. 4 ibid. 5
6 7
cp. ibid. cp. Barthélemy, J. (2003), p. 88 8 cp. Jurison, J. in L. Willcocks & M. Lacity (1998), "Table 6.1 Potential Benefits of Outsourcing", p. 189 9 cp. Sparrow, E. (2003), p. 188 10 ibid.
23
by external IT suppliers is constantly altering due to permanent technological advancement and will therefore at some point no longer be comprehensible to the ITO companies.1 This matter of fact is often aggravated by the fact that there is no or very little transfer of newly gained IT knowledge from IT suppliers to their ITO clients.2 Another risk associated with ITO is the loss of innovative capacities.3 This loss is caused by the fact that IT suppliers primarily deal with providing requested services and not with the provision of "innovative application ideas".4 However, the latter could enhance the value of IT within ITO clients' organizations.5 Furthermore, risks connected with ITO are issues related to the security and confidentiality of information or rather data belonging to ITO companies.6 As outsourcing partnerships imply the exchange of critical information concerning the ITO clients, the suppliers gain access to customer, personnel and book- keeping data.7 Additionally, the IT clients lose and the suppliers attain "control over physical and electronic security" 8 of data. These aspects are strongly related to ITO clients' attitudes towards ITO management. A loss of control over outsourced IT certainly occurs in cases of insufficient competencies or neglected supplier management.9
2.4.2.3. Economic Risks of ITO Since ITO operations are often primarily aimed at reducing IT costs 10 and increasing service levels11, economic risks associated with ITO are of great importance. A frequently mentioned problem of ITO is the inadequate definition of determinants regarding the measurement of the performance of provided services. 12 The importance of this aspect is due to the fact that an adequate performance measurement is a necessity in order to guarantee the fulfilment of service levels stipulated in ITO contracts.13 Since the terms included in ITO contracts do not represent major subjects of this work, this aspect will not be deepened further.
1 2 3
cp. Clark, T.; Zmud, R.; McCray, G. in L. Willcocks & M. Lacity (1998), p. 67 cp. ibid. cp. Earl, M. (1996), "The risks of outsourcing IT", Sloan Management Review, Vol. 37, No. 3, pp. 26-32, as referred to in Gottschalk, P. & Solli-Sæther, H. (2006), p. 67 4 ibid. 5 cp. ibid. 6 cp. Sparrow, E. (2003), p. 32 7 cp. ibid. 8 ibid. 9 cp. Barthélemy, J. (2003), p. 92 10 cp. Sparrow, E. (2003), p. 25 11 cp. ibid., p. 22 12 cp. ibid., p. 187 13 cp. Cullen, S. & Willcocks, L. (2003), "Intelligent IT Outsourcing: Eight Building Blocks to Success", Oxford: Elsevier Butterworth-Heinemann, p. 184
24
Another economic risk is the suppliers' opportunistic behaviour as already mentioned above.1 As explained within the scope of the discussion of transaction cost theory, opportunism refers to "self-interest seeking with guile".2 This risk poses a threat to ITO operations when the number of potential suppliers is rather small.3 According to Williamson, such situations require the conclusion of adequate contracts so that potential opportunism is diminished.4 Again, as this is an argument connected to the conclusion of ITO contracts, this aspect will not be discussed any further. Hidden costs represent another economic risk associated with ITO. Hidden costs are costs which augment the anticipated costs and therefore, pose a threat to the economic efficiency of ITO operations. Frequently, these additional costs are caused by the utilization of services which were not originally included in the ITO contract.5 Other factors causing the appearance of unanticipated costs are the underestimation of expenses due to the setup and management of outsourced IT operations.6
2.4.2.4. Political Risks of ITO Compared to the other types of ITO risks mentioned above, political risks are rather infrequently discussed in ITO literature. An ITO risk of a political nature is related to the personnel of ITO companies. Employees often perceive that ITO decisions and even ITO considerations represent a lack of trust in their professional capabilities. As a result, organizations considering ITO will experience considerable problems "even before an actual outsourcing decision has been made".7 Another political ITO risk is based on the fact that current business environments are characterized by high dynamics. As a result, it is difficult to anticipate what the future holds in terms of both companies' organizational developments and general technological innovations.8 Another imaginable political risk of ITO consists of the general public's perception of ITO decisions. Today, crucial decisions made by major companies,
1 2
cp. chapter 2.1.1. Williamson, O. (1975), p. 26 3 cp. Williamson, O. (1975), p. 27 cp. ibid. 4 cp. Sparrow, E. (2003), pp. 202-203 5 cp. Earl, M. (1996), as referred to in Gottschalk, P. & Solli-Sæther, H. (2006), p. 66
6 7 8
Barthélemy, J. (2003), p. 91 cp. Sparrow, E. (2003), p. 198
25
especially the ones involving the diminution of personnel, are instantly reported by the media. It seems to be evident, that decisions involving the reduction of workplaces in order to source IT services from low wage countries negatively influences companies' internal and external image.
2.4.3. DELIMITATION OF RISKS After the presentation of some of the most frequently mentioned risks in recent ITO literature, now the presentation of the ITO risks which will be discussed indepth will follow. Political risks will not be considered any further, because they appear to mostly pertain to outsourcing itself and not necessarily to IT outsourcing. The ITO risks which will be discussed in the following and in the empirical part of this work are the risks of supplier lock-in, hidden costs and the loss of control over outsourced IT.
2.4.3.1. Supplier Lock-In The strategic risk under further consideration is supplier lock-in. As already mentioned above1, this risk refers to a situation characterized by a high level of dependency in regard to one supplier. This situation enhances the risk of the supplier becoming overconfident and hence, providing lower quality services. 2 Additionally, this situation implies that the ITO company is highly dependent on the existence of the providing company. Therefore, mismanagement occurring within the organization of the IT supplier has a considerable impact on the ITO company.3 Another undesirable scenario consists of a business rival's merger with or acquisition of the IT supplier.4 Evidently, these cases would increase competitor's chances to gain insight into strictly confidential data.5 The discussion on the aspect of confidentiality will be resumed later on. Transaction cost theory has already been discussed above6 and a transaction cost theory approach to the analysis of ITO risks used by Bahli and Rivard was chosen for the further discussion of supplier lock-in.7 According to Bahli and Rivard, the risk of supplier lock-in is affected by "asset specificity"8, a "restricted number of
1 2 3
cp. chapter 2.4.2.1. cp. Sparrow, E. (2003), p. 188 cp. ibid. cp. ibid. cp. ibid. 4 cp. chapter 2.1.1. 5 cp. Bahli, B. & Rivard, S. (2003) 6 ibid., p. 213
7 8
26
suppliers"1 and by the ITO "client's lack of expertise with outsourcing contracts".2 Asset specificity is an issue frequently found in connection with transaction cost theory based approaches to ITO.3 Within these approaches asset specificity is known as an enhancer of transaction costs.4 Asset specificity refers to investments in assets which are of particular interest in the scope of a specific contractual relation and which are of significantly less value without that particular contractual relation.5 Certainly, the higher the complexity of an organization's peculiarities is the higher is the risk on the supplier's side, if he is forced to invest in specific assets for the ITO client. Asset specificity refers to both investments in tangible and intangible assets. Especially in the constantly changing field of IT, knowledge is an aspect not to underestimate. From an IT supplier's point of view, knowledge especially gained in order to support a specific business client is often useless in regard to other clients.6From an ITO client's point of view the fact that specific investments are made by the IT supplier can represent an economic advantage, because the ITO client does not have to make certain investments. However, asset specificity may also represent an advantage for the IT supplier and a disadvantage for the ITO client, because once specific investments have been made, the ITO client might be averse to changing the provider and passing through a difficult implementation phase again.7 This means that the ITO client will scrutinize each consideration of supplier change and the supplier can be quite confident of keeping the client. The limited number of suppliers is a factor indicating a risky lock-in situation for ITO clients, because in terms of bargaining power this scenario leads to a stronger position for the IT suppliers.8 As there is "a lack of alternative sources of supply"9, the suppliers may show opportunistic behaviour and, as a result, the transaction costs increase.10 The last factor mentioned by Bahli and Rivard is the expertise ITO companies have in regard to ITO operations. Expertise stands for the ITO companies' professional skills and experience in the field of interest.11 This factor refers to
1 2
ibid., p. 214 ibid. 3 cp. Grover, V.; Teng, J.; Cheon, M. in L. Willcocks & M. Lacity (1998), p. 90 4 cp. ibid. 5 cp. Bahli, B. & Rivard, S. (2003), p. 214 6 cp. Aubert, B.; Rivard, S.; Patry, M. (2004), "A transaction cost model of IT outsourcing", Information & Management, September 2004, Vol. 41, Issue 7, pp. 921-932, p. 922 7 cp. Bahli, B. & Rivard, S. (2003), p. 214 8 cp. ibid. 9 ibid. 10 cp. ibid. 11 cp. ibid.
27
"the entire set of people, processes, tools, and systems that are needed to make the relationship work"1 and thus, to successfully perform ITO. Bahli and Rivard especially refer to customers' inaptness of stipulating ITO contracts which, for instance, ensure the customers' exit possibilities in case of weak performance by the supplier and clarify intellectual property rights in case of contract expiration or termination.2 As a result, ITO clients take the risk to get trapped in ITO contracts and have no chance of getting out of these without financial losses and noticeable losses of IT related knowledge. By this means, decisions regarding supplier changes or backsourcing are impeded considerably.
2.4.3.2. Hidden Costs The above mentioned economic risk in the form of hidden costs3 will be discussed in more detail now. Complying with the discussion on supplier lock-in, the transaction cost theory will play a decisive role within the discussion of hidden costs, as well. As already explained above, hidden costs are costs not anticipated from the very beginning, that is to say these costs are not anticipated while the contractual relations are being established, but these costs emerge during the actual ITO operations. Therefore, it is reasonable that Barthélemy, on the basis of transaction cost theory, subdivides hidden costs into the ones originating before ITO contracts are concluded and the ones originating after ITO contracts are concluded.4 "Search and contracting costs"5 are the unanticipated costs originating before the conclusion of ITO contracts.6 These imply all costs caused by searching for and negotiating with potential IT suppliers. 7 Additionally, the costs due to the necessity of being in compliance with the legal requirements relating to contract conclusions are included.8 Hidden costs emerging after the conclusion of ITO contracts are "vendor management costs".9 These costs include monitoring aimed at assuring that the vendors' performances meet the predefined service levels and problem solving in case of breach of these service levels.10 In addition, unanticipated costs can appear due to the underestimation of expenses regarding the setup of ITO operations.
1 2 3
Bahli, B. & Rivard, S. (2005), p. 179 cp. Bahli, B. & Rivard, S. (2003), p. 214 cp. chapter 2.4.2.3. 4 cp. Barthélemy, J. (2003), p. 93 ibid. 5 cp. ibid. cp. ibid. cp. 6 ibid.
7 8 9 10
ibid. cp. ibid.
28
Setup costs can be caused by a "parallel running"1 of systems as a backup during the implementation phase of new systems, for instance. 2 Furthermore, unanticipated costs can emerge when internal or external conditions change, because this could necessitate costly renegotiations of originally stipulated contracts.3 According to Barthélemy, the complexity of an organization's peculiarities is positively correlated with the amount of hidden costs.4 Sourcing out activities specific to the own organization leads to an increased difficulty to reintegrate these activities, that is to say to bring them back in-house. However, the difficulties implied by the specificity of outsourced IT operations do not only enhance the complexity of bringing these operations back in-house, but do also augment the dependency on the supplier.5 As a result, the risk of hidden costs due to the peculiarity of outsourced activities could be accompanied by a lock-in scenario as aforementioned.6 However, authors such as Sparrow suggest that the costs related to an ITO operation are "much more closely scrutinized than internal costs"7 which an internal IT department would cause. Hence, the transparency of externally emerging costs in combination with costs in excess of the cost prognosis may lead to backsourcing considerations.8 Summing up, on the one hand, asset specificity increases the difficulty of backsourcing and on the other hand, external IT costs being scrutinized more than internal IT costs may lead to backsourcing considerations. Also using a transaction cost theory approach to ITO risks, Bahli and Rivard name three influencing aspects leading to hidden costs or rather "unexpected transition and management costs: (1) the client's lack of expertise with the outsourced activity, (2) the client's lack of expertise with outsourcing and (3) the degree of relatedness of the outsourced activity".9 As already explained above, the factors regarding the lack of expertise in IT operations and in outsourcing most likely result in the conclusion of inadequate ITO contracts and hence, the occurrence of anticipated costs increases. 10 Additionally, as terms and conditions of exit possibilities are often disregarded by IT outsourcers with little expertise, an inappropriate contract enhances the difficulties met in case of supplier change or backsourcing decisions.11
1 2 3
Earl, M. (1996), as referred to in Gottschalk, P. & Solli-Sæther, H. (2006), p. 66 cp. ibid. cp. Barthélemy, J. (2003), p. 93 4 cp. ibid. 5 cp. ibid. 6 cp. ibid. 7 Sparrow, E. (2003), p. 202 8 cp. ibid., pp. 202-203 9 Bahli, B. & Rivard, S. (2003), p. 214 10 cp. ibid. 11 cp. ibid.
29
Relatedness refers to activities which are interdependent and which therefore, cannot be processed independently.1 For instance, interdependency could consist of the necessity to finish one task before the following task can take place. 2 The very interdependency can apply to ITO operations intertwined with other operations which are either outsourced as well or performed in-house.3 Evidently, such cases entail the necessity to coordinate these activities so that neither of these negatively influences the performance of the respective other.4 The coordination of such interdependent operations is crucial and entails considerable efforts causing ITO management costs which often represent unanticipated costs.5 Obviously, the hidden costs of ITO deteriorate the anticipated success and cost savings of ITO. As a result, it seems to be evident that an extensive amount of unanticipated costs could also lead to backsourcing considerations.
2.4.3.3. Loss of Control over outsourced IT Certainly, it is inevitable to take into account technological risks when discussing potential ITO risks. Therefore, in the following, two of the above mentioned technological ITO risks will be considered. Both the risk of losing internally generated IT knowledge and the risks due to data security and confidentiality can be assigned to risks caused by the loss of control over outsourced IT. IT, or rather developing and applying IT, is gaining in importance as a part of organizational knowledge which is often recognized as representing the basis for the creation of a "sustainable competitive advantage".6 The latter aspect was mentioned above in the context of resource theories7 and will be resumed now. As already explained, resource-based theory assumes that resources fulfilling the prerequisites of heterogeneity and immobility might lead to competitive advantages. 8 Heterogeneity refers to the difference among resources belonging to competing firms and immobility refers to the inability to access resources belonging to a competitor. It seems as if the issue of heterogeneity is connectable with the loss of internal IT knowledge. As in ITO, IT knowledge is no longer acquired internally and newly gained IT knowledge is oftentimes not passed on from the IT supplier to the ITO
1 2 3
cp. ibid. cp. Bahli, B. & Rivard, S. (2003), p. 214 cp. ibid., p. 215 cp. ibid. cp. 4 ibid. 5 Clark, T.; Zmud, R.; McCray, G. in L. Willcocks & M. Lacity (1998), pp. 66-67
6 7 8
cp. chapter 2.1.2. cp. Barney, J. (1991), p. 105
30
client1, the future heterogeneity of competitors' resources in terms of IT knowledge is no longer assured. Unlike internal IT departments, IT service providers usually focus on providing the clients with requested services, but not on creating new IT knowledge2 which could lead to competitive advantages. Furthermore, it seems as if the issue of immobility is connectable with data security and confidentiality, because these aspects are of great importance in order to hinder competitors from gaining access to internal knowledge. The very knowledge is - as already mentioned above - essential for the creation of a "sustainable competitive advantage".3 As most of the companies try to achieve competitive advantages, the discussion of internal IT knowledge, data security and confidentiality which all influence the achievability of these competitive advantages certainly is of great importance.
2.5. SUMMARY OF THE THEORETICAL BACKGROUND
Within the theoretical background of this thesis, transaction cost theory and resource theories were presented and an insight into the evolution of ITO was given. The various dimensions of ITO were illustrated and explained. It has been defined which particular dimensions will be assumed for the further discussion and why. Furthermore, frequently mentioned reasons for and risks of ITO were presented according to their strategic, technological, economic or political nature. Hereupon, the risks of supplier lock-in, hidden costs and the loss of control over outsourced IT were discussed according to above mentioned ITO theories. After all, the risks were assigned to the dimensions under consideration in order to specify in which situations these risks appear.
2.6. RESEARCH DELIMITATION
The following chart4 illustrates the considered ITO risks and the respective ITO theories utilized in order to discuss them. Furthermore, the risks are assigned to the various dimensions of ITO in order to determine the situations assumed for the further discussion of the risks.
1 2
cp. Clark, T.; Zmud, R.; McCray, G. in Willcocks, M. & Lacity, M. (1998), p. 67 cp. Earl, M. (1996), as referred to in Gottschalk, P. & Solli-Sæther, H. (2006), p. 67 3 Clark, T.; Zmud, R.; McCray, G. in L. Willcocks & M. Lacity (1998), pp. 66-67 4 cp. fig.4
31
Figure 4: ITO risks, dimensional characteristics and applied ITO theories; own elaboration
In the following, the determination of the ITO dimensions will be explained briefly. Firstly, the location of the ITO partners is irrelevant in regard to the risks under consideration, because these can appear in all ITO operations, independent of the geographical distance between the ITO partners. Since the topic of this paper is ITO and its risks, the financial relation among the ITO company and the IT supplier should be characterized by independency. Since ITO as it is discussed within this paper assumes that companies' decisions to source out IT are not influenced by intra-group constraints, the relationship considered in the following will be a regular clientsupplier relationship between unconnected entities. As the discussion under way aims at revealing the presence of or rather awareness in regard to specific ITO risks within ITO organizations, the degree of external procurement has to permit a valid analysis. The latter requires a significant level of external procurement, that is to say that at least of 20% the total IT expenses have to apply to external IT provision. Since the strategic aspects of the multidimensionality model refer to the aims causing the realization of ITO operations, this dimension will not play a role in the following. This results from the fact that the point of departure for the further discussion is an already existing ITO situation within which specific ITO risks can emerge. As the ITO situation is the point of departure for the discussion of the ITO risks under consideration, the dimension concerning the chronological order of ITO has to be outsourcing. Not all risks under discussion do require a specific number of suppliers, but the risk of supplier lock-in assumes situations characterized by only one or few available IT suppliers. The discussion of the ITO risks under consideration occurred via transaction cost theory and resource-based theory which were presented above.1 Within this discussion, the main factors influencing the risks according to the applied theories were presented.2 A summary of these factors influencing the risks of supplier lock-in, hidden costs and the loss of control over outsourced IT are given below.3
1 2 3
cp. chapter 2.1.1. and chapter 2.1.2. cp. chapter 2.4.3.1., chapter 2.4.3.2. and chapter 2.4.3.3. cp. fig.5
32
RISK Supplier Lock-in
Applied ITO Theory Asset specificity Transaction cost theory
Influencing factors
Limited number of available suppliers ITO clients' lack of expertise with ITO and ITO contracts Vendor management costs Complexity of organizational peculiarities ITO clients' lack of expertise with the outsourced IT and outsourcing Relatedness of outsourced IT IT knowledge
Hidden Costs
Transaction cost theory
Loss of Control over outsourced IT
Resource-based theory
Innovative ability
Data security and confidentiality Figure 5: ITO risks and influencing factors derived from applied ITO theories
Due to the fact that all these risks pose a threat to the strategic and economic expectations ITO operations typically entail, this should leave no doubt about the relevance of concentrating on these particular risks. As mentioned above, these ITO risks have been discussed by other authors, but this study is expected to give new insights into the actual occurrence and awareness of supplier lock-in, hidden costs and the loss of control over outsourced IT. Furthermore, reasonable measures companies can take to face these risks and the role these risks play within backsourcing considerations shall be revealed.1
1
cp. the research questions formulated in chapter 1.1.
33
3. METHODOLOGY
The theoretical background of this work has provided the reader with an appropriate basis necessary for the correct comprehension of both the ITO risks under consideration and the research questions posed. In the following, the applied methodology, which was utilized to respond to the research questions, will be presented. Furthermore, the procedures implemented within this research project will be explained. This chapter will also contain a description regarding the data collection and a discussion on the research quality of this study.
3.1. RESEARCH PURPOSE
Starting the work on this paper, the idea was to write about IT outsourcing. After a first familiarization with the topic by working through current literature on ITO, it was considered to write a paper on ITO with a particular focus on backsourcing. However, literature on backsourcing is hardly existent and the available information regarding backsourcing mainly consists of articles presenting major backsourcing decisions such as the J.P. Morgan Chase case mentioned above.1 After realizing that the current status of literature on backsourcing does not permit an adequate development of a theoretical background and a discussion mainly focused on backsourcing, the main focus of this work had to be reconsidered. Since backsourcing represents a decision to end an existing outsourcing relationship and to bring outsourced IT back in-house, this certainly can be understood as a result of unsatisfying ITO. Since negative outcomes of ITO are certainly influenced by ITO risks, it was decided to concentrate on these. The decision was taken to start by explaining various ITO concepts necessary to finally, be able to discuss specific ITO risks in an appropriate manner. However, as backsourcing still is regarded as being an interesting topic, it was decided to connect this topic to the risks under consideration. This combination resulted in the formulation of the fourth research question. The primary aim of this research is the exposure of information on the perceptions of ITO companies regarding the ITO risks of supplier lock-in, hidden costs and the loss of control over outsourced IT as well as the determination of reasonable measures. As the risks under consideration pose a threat to the successful process of ITO operations, the analysis of their appearance certainly is of great importance to practitioners involved in and theorists interested in ITO alike.
1
cp. chapter 2.2.2.
34
3.2. RESEARCH METHOD
The research questions under discussion are decisive for choosing an adequate research method. Firstly, the researcher has to decide whether to conduct a qualitative or a quantitative research. Qualitative research, being "designed to help organisational decision-making, focusing on understanding the nature of phenomena and their meaning, rather than their incidence"1 seems to be the right approach in order to respond to the above mentioned research questions. The "in- depth examination of small-scale samples or small numbers of observations"2 as well as "unstructured interviewing guides which are responsive to context"3 are typical characteristics of qualitative research. Since the responses to the formulated research questions require situations in which the interviewer has the chance to dwell on aspects which appear to be crucial for the topics' discussion and to ask the interviewees for further explanations concerning certain answers, the decision to conduct telephone or face-to-face interviews was taken. Furthermore, as misunderstandings caused by language barriers were to be excluded, the decision to merely conduct interviews with respondents working for German companies was taken. Since I am from Germany and a native speaker, misunderstandings caused by language barriers can be excluded to a great extent. As my current place of residence does not permit face-to-face interviews with German respondents, the decision to conduct telephone interviews was taken. It was planned to tape the conversations and afterwards, put these down in writing.
3.3. RESEARCH DESIGN
According to Yin's 2 x 2 matrix describing "Basic Types of Designs for Case Studies"4, case studies can assume four different shapes. According to this categorization, case studies are on the one hand whether "holistic" 5 or "embedded"6 and on the other hand whether "single-case designs"7 or "multiple case designs".8 The research questions under consideration require interviews with individuals responsible for or rather involved in ITO operations. Therefore, in this case a holistic design is given, because "no logical subunits can be defined"9 in regard to the above mentioned individuals. According to Yin's other
1 2
http://www.aqr.org.uk (accessed 20th April 2008) ibid. 3 ibid. 4 Yin, R. (2003), "Case Study Research: Design and Methods", 3rd Edition, Thousand Oaks: Sage Publications, Inc., "Figure 2.4", p. 40 5 ibid. 6 ibid. 7 ibid. 8 ibid. 9 ibid., p. 45
35
distinction, the research project under consideration will be characterized by a multiple-case design, which "may be preferred over single-case designs".1 This preference can be explained by the fact that multiple-case designs include "the possibility of direct replication".2 The latter refers to the possibility of deducing equal results from different cases. Hence, the perceived value of the results obtained from this study will significantly gain in quality.3
3.3.1. DATA COLLECTION The aim of this research being "to elicit views and opinions from the participants"4 regarding specific risks entailed by the ITO operations their company recently is or was involved in, the appropriate way to collect data is conducting interviews. Since "there is little theory available to guide predictions"5 concerning the particular research questions under consideration, these are difficult to answer and thus, demonstrate the exploratory nature of this study. A semi-structured interview as mentioned by Hair et al.6 provides the researcher with the necessary flexibility "to ask related, unanticipated questions that were not originally included".7 This flexibility was a major reason for the decision to utilize a semi-structured interview. Certainly, this kind of interview increases the chances to reveal unforeseeable information and hence, will improve the quality of the results of this research project. Planning to conduct interviews, researchers should be conscious of some crucial aspects concerning the interviewer and the interviewees. These will be presented in the following.
3.3.1.1. The Interviewer Certainly, qualitative studies require a higher personal involvement of the researcher than quantitative studies. The interviewer takes an active part in a face- toface or telephone interview as implied in this study and therefore, he has to be cautious and sensitive in order to obtain valid results. Being the interviewer in charge, I am well aware of the influence I might have on the respondents when conducting interviews. I understand that an interviewer should be characterized by flexibility and the ability to adapt to the interviewee. An adequate knowledge in
1 2 3
Yin, R. (2003), p. 53 ibid. cp. ibid. 4 Creswell, J. (2003), "Research Design: Qualitative, Quantitative, and Mixed Methods Approaches", 2nd Edition, Thousand Oaks: Sage Publications, Inc.,p. 188 5 Hair, J.; Babin, B.; Money, A.; Samouel, P. (2003), "Essentials of Business Research Methods", New York: John Wiley & Sons, Inc., p. 57 6 cp. ibid., p. 135 7 ibid.
36
the concerned topic under investigation and not having any preconceptions are other requirements which I am well aware of.1 Furthermore, I am well aware of the fact that the results of a qualitative study are to a noticeable extent dependent on the researcher's interpretative abilities. In other words, "qualitative research is interpretative research, with the inquirer typically involved in a sustained and intensive experience with participants".2 After all, the interviewer has to be aware of his crucial role and the responsibility it entails.
3.3.1.2. The Interviewees Without doubt, the interviewees play an important role within the topic of data collection. When choosing the interviewees, the researcher has to be aware of the effects his choices might have on the outcome of the entire research project. If the interviewer knows the interviewee and the respective organization, this could have positive as well as negative effects on the interview results. On the one hand, a negative effect this occurrence could have is the potential prepossession of the interviewer. In such a situation the interviewer could think that he knows which answers he will get in advance and, as a result, the revelation of important information could be hindered.3 On the other hand, the same situation could have a positive impact on the results of a study. "In the context of social groups, Adler and Adler mention 'two sets of realities about their activities: one presented to outsiders and the other reserved for insiders'".4 Certainly, the attempt to answer above mentioned research questions should be accompanied by information frequently reserved for insiders. Hence, knowing the interviewee and the respective organization in advance could enhance the researcher's chances to reveal relevant information. Within this work, the aim was to find an appropriate balance for dealing with these pros and cons of knowing the interview partners in advance. The aim also was to conduct interviews with interviewees most likely to divulge significant information. Therefore, I decided to include one interviewee which I already knew, so that I could be confident about the fact that interviewing him would reveal important insider information.5 In order not to be confronted with above mentioned problems connected with interviewing known persons, I decided that
1 2
cp. Yin, R. (2003), p. 59 Creswell, J. (2003), p. 184 3 cp. Flick, U. (2002), "An Introduction to Qualitative Research", 2nd Edition, Thousand Oaks: Sage Publications, Inc., p. 58 4 Adler, P.A. & Adler, P. (1987), as referred to in Flick, U. (2002), p. 58 5 NB: We worked together for about two years.
37
the other interviewees had to be strangers. However, for the purpose of increasing my chances of receiving important insider information, the other three interviewees were recommended to me by some personal contacts of mine. Hence, I expected the interviewees - found with the help of acquaintances - to be well- disposed to answer to my questions and to reveal valuable information. In order to respond to the research questions mentioned above, not only ITO companies, but also IT suppliers, were interviewed. Including different perspectives regarding the risks under discussion certainly increases the quality of results obtained from the interviews and hence, the chances of deducing meaningful overall results. Summing up, the final interview partners were composed of one former colleague of mine as well as two strangers representing the ITO clients' side and two other strangers representing the IT suppliers' perspective. Since one of the interviews with ITO clients revealed rather little relevant information, it was not included in the empirical part of this work. As a result, the empirical part of this work includes two interviews with ITO clients and two interviews with IT suppliers.
3.3.1.3. The Interview Guide After the final interviewees informed me about their willingness to cooperate, an interview guide was sent to them.1 Furthermore, they were asked to decide on a suitable appointment for the conduction of the announced telephone interview and to inform me about it. The interview guide includes a preface which informs the interviewees about the fact that the answers to the presented questions do not have to be given in written form, but are simply thought as an outline allowing the interviewees to prepare for the actual telephone interviews. Within the preface, the possibility to remain anonymous and the affirmation of respecting the data confidentiality are mentioned. Since the group of interviewees consists of both ITO customers and IT suppliers, two slightly differing interview guides had to be utilized. The interview guides consist of 26 main questions which are subdivided into five sections.2 In addition, there are subordinate questions to some of these main questions targeted at deepening the responses to the main questions.
1 2
cp. Appendix B1 and Appendix B2 cp. fig.6
38
Figure 6: Overview of Questions included in the Interview Guide
The first six questions are general questions concerning the interviewees, the organization and the extent to which ITO is utilized. The following section includes five questions which deal with problems related to supplier lock-in situations and one final question asking for the measures which have been taken within the respondents' companies to deal with supplier lock-in. This final question asks for an explanation of current measures and for the interviewees' suggestions in regard to adequate measures which could be implemented in order to deal with the problems under consideration. The next segment includes questions regarding the risk of hidden costs and their appearance. There are four main questions and one final question in this segment. Again, the final question asks for the explanation of measures which are currently taken within the respondents' organizations and for the interviewees' recommendations regarding appropriate risk mitigating measures which could be implemented. In the following section, the loss of control over outsourced IT represents the topic for five main questions and one final question. Once again, the final question demands the illustration of existing measures and asks for the interviewees' suggestions concerning adequate measures which could be taken in order to deal with the issues under consideration. The last segment contains three main questions which recapitalize the importance of the risks under discussion and asks for their effect on potential backsourcing decisions. The interview guide for the IT suppliers generally corresponds to the interview guide designed for the ITO clients. However, in order to benefit from the IT suppliers' point of view, some of the questions were modified. Some formulations were changed and subordinate questions were added. A partial reformulation was necessary, because this work aims at revealing the presence of specific ITO risks within ITO companies. Thus, the questions for the IT suppliers ask for the way the suppliers' clients perceive the risks under consideration. Nevertheless, in order to tap the full potential of the interviews with IT suppliers, some questions additionally ask for the way the ITO suppliers themselves perceive the risks under
39
consideration. That is to say, the IT suppliers are asked whether - from their point of view - the regarded risks should be recognized as such by ITO clients or not. Before sending the interview guide to the final interviewees, it was sent to a friend of mine who works for an IT supplier. He received the preliminary version of the interview guide in order to help me uncover questions which were formulated ambiguously or too complicated. After this first step, two of the main questions, which appeared to be rather difficult to understand, were reformulated. The second step consisted of sending the modified interview guide to this person once again. Hereupon, a pilot interview was conducted with this person. This telephone interview took about 45 minutes and was recorded. Afterwards, the recording was utilized to find out at which points of the conversation further explanations could be necessary. By this means, an adequate preparation for the actual interviews was facilitated.
3.3.2. STRENGTHS A potential strength of this research project consists in the fact that telephone interviews permit the adjustment of questions during the conversation. The flexibility of this measure is very beneficial when conducting exploratory studies, because the latter often require the addition or modification of questions during the interviews. Furthermore, recording the telephone interviews gives me the chance to focus on listening to the interviewees and on formulating further questions, because making notes during the conversation becomes unnecessary. This surely represents one of this study's strengths. The successful realization of the interviews is also supported by the fact that the interviewees are all from Germany and native speakers. Since the interviewer is from Germany and a native speaker as well misunderstandings caused by language barriers can be excluded to a great extent. An additional strength of this study is the fact that the chosen interviewees consist of both clients and suppliers involved in ITO. Including these different perspectives certainly improves the chances of obtaining multilateral information and thus, definitely has a positive effect on the quality of the final results of this work.
3.3.3. WEAKNESSES Since the empirical part of this work is based on telephone interviews, the effects of utilizing this kind of interview compared to a face-to-face interview have to be mentioned. Obviously, a potential weakness consists in the fact that telephone interviews do not give the interviewer the chance to interpret and react to the 40
interviewees' gestures and facial expressions which can act as indicators for the interviewees' attitudes towards certain issues. However, due to the fact that the geographical distance between interviewer and interviewees is high, face-to-face interviews are not realizable. Not having the chance to analyze the interviewees' behaviour as it would be possible in face-to-face interviews, the possibility of missing out important information during the conduction of the telephone interviews has to be minimized. In order to verify the correctness and unambiguousness of answers given during the telephone interviews, I will repeat ambiguous answers and - if necessary - ask for clarification in order to obtain reliable results. Certainly, the limited period of time available to accomplish this work could be perceived as a weakness, because it can affect the choice and the number of interviewees. Nevertheless, as mentioned above, the interviewees were chosen with the primary aim to reveal relevant information from different points of view. Therefore, the interviewees would most likely be the same, even if more time to conduct this study was given. Since no further interviewees were needed, the number of interviewees was not negatively influenced by the limited period of time available to accomplish this work. The limited number of interviewees is reasonable, because this is a qualitative study of exploratory nature and thus, the aim is not to find statistical evidence for any kind of fact, but to gain new, deeper insights into the field of the ITO risks under consideration.
3.4. DATA PRESENTATION AND DATA ANALYSIS
The fourth chapter of this thesis includes the data presentation. Firstly, general information regarding the companies under consideration is represented. The general information consists of data collected during the interviews. Additionally, in order to get a general idea of the companies under consideration, the companies' homepages were visited. Secondly, the interview results for each respondent are presented according to the fields of interest: supplier lock-in, hidden costs, the loss of control over outsourced IT and recapitulating thoughts including backsourcing potentials. Since the respondents are employed at ITO companies as well as IT suppliers, the presentation of results includes different points of view regarding the specific risks under consideration. Within the fifth chapter of this work, the gathered data is combined and arranged according to the research questions mentioned above. That is to say, the data analysis mainly consists of the responses to the research questions formulated above. The very responses to the research questions include the presentation of 41
reasonable measures companies can take in order to face the risks under consideration. For the purpose of giving an apt review of these measures, the response to each research question concludes with summarizing illustrations of the measures companies can take in order to face the respective ITO risk. Additionally, the effects these measures have are represented in the illustrations. Moreover, the measures were subdivided into internal and external measures, since this facilitates the manageability of the results. After the separate presentation of the responses to each research question, the summary of the results obtained is presented. Within this summary, the charts utilized to sum up the measures to take against each risk are summarized and represent an overview of measures to take against the ITO risks under discussion.
3.5. QUALITY OF RESEARCH DESIGN
For the purpose of evaluating the quality of the research design, the researcher has to check the case study's construct validity, internal validity, external validity as well as its reliability.1 In the following, these topics will be addressed separately and linked to this thesis.
3.5.1. CONSTRUCT VALIDITY In order to fulfil the requirements of construct validity, the researcher can make use of various tactics. The decision for a multiple-case study instead of a single- case study is one of these tactics, which is implemented in this research and which ameliorates the construct validity.2 Furthermore, to achieve construct validity, the measures utilized to gather information regarding the original research problem have to be appropriate.3 The questions included in the interview guide4 are based on and derived from the discussion of the specific ITO risks under consideration given in the theoretical background of this work.5 Therefore, the appropriateness of the questions used for the interviews should not be in doubt. Moreover, after the interview results were put into writing and translated into English, they were sent to the interviewees in order to verify the correctness of the translations and of the reproduction of given answers. The interviewees were asked to inform me in case of incorrectly reproduced answers or additional comments they wanted to be added to their original statements. According to Yin, the construct validity of a qualitative study ameliorates by this kind of review.6 Yin states that the creation
1 2 3
cp. Yin, R. (2003), p. 34 cp. ibid. cp. ibid., pp. 34-35 4 cp. Appendix B2 and Appendix B2 5 cp. chapter 2.4.3. 6 cp. Yin, R. (2003), p. 159
42
of a "chain of evidence"1, that is to say that the results have to be deduced in a way that appears to be logic and traceable for the reader, enhances the construct validity of a case study. This issue will be approached within the empirical part of this work. The gathered interview results will be presented in a manner that permits the reader to follow all consecutive steps leading to the final results of this study.
3.5.2. INTERNAL VALIDITY As "internal validity is only a concern for causal (or explanatory) case studies" 2 this issue does not have to be considered in each case study. Since this research can generally be characterized as exploratory, this point could possibly be disregarded. However, given that the fourth research question refers to the ITO risks under consideration and their influence on backsourcing considerations and that this certainly can be understood as a causal relation, internal validity will be considered, as well. The issue of internal validity refers to the fact that deductions made have to be secured. Any causal relation declared has to be definite, that means that the researcher has to exclude that other - unconsidered - factors may have influenced a deduced result. In order to assure internal validity, my questions dealing with causal relations are formulated properly and unambiguously. Additionally, for the purpose of guaranteeing this unambiguousness, I will stress which factors are to be regarded within the response of these questions during the conduction of the telephone interviews.
3.5.3. EXTERNAL VALIDITY External validity "deals with the problem of knowing whether a study's findings are generalizable beyond the immediate case study".3 Due to the exploratory nature of this study, this work does not lay claim to finding results that are valid for every case of ITO. Instead, the purpose of this work is the revelation of significant information that enhances the awareness and understanding of phenomena or rather risks frequently occurring in ITO operations. The findings of this work are supposed to represent the current occurrence of the ITO risks under discussion and the measures implied for dealing with these risks. The aim of this study is not and cannot be finding results which can be generalized to every case of ITO. According to Yin, the generalizability of case study results is frequently doubted by critics and thus, the aim should not be to generalize findings to other case studies, but "to generalize findings to 'theory'".4 Agreeing to this statement,
1 2
Yin, R. (2003), Fig. 2.3 "Case Study Tactics for Four Design Tests", p. 34 ibid., p. 36 3 ibid., p. 37 4 ibid., "BOX 7: How Case Studies Can Be Generalized to Theory", p. 38
43
the intent of this study is to find relevant information which enriches theory and hence, the understanding of the specific ITO risks under consideration. As a result, the findings of this work may not be generalizable to a large extent, but will certainly be auxiliary to decision makers who currently are or plan to be involved in ITO.
3.5.4. RELIABILITY A satisfying level of reliability is achieved by documenting the procedures so that a third party could repeat the study and would "arrive at the same findings and conclusions".1 Thus, all relevant documents are attached to the Appendix of this work. The Appendix segment includes the email I wrote in order to present myself and my research project2 as well as the interview guides which were sent to the interviewees once they confirmed their cooperativeness.3 As these documents were originally written in German, they were translated into English - so as to make them understandable to a larger readership - and attached in the Appendix, as well.
1 2 3
Yin, R. (2003), p. 37 cp. Appendix A1 and Appendix A2 cp. Appendix B1 and Appendix B2
44
4. DATA PRESENTATION
In the following, the results obtained from the telephone interviews will be presented. This chapter is merely dedicated to the data presentation whereas the next chapter will contain the data analysis. Firstly, a brief presentation of the participating companies and the respective interviewees will be given. These brief case study presentations will also include information regarding the status quo of ITO within the companies under investigation. Secondly, the presentation of information obtained will be given. This presentation will be structured according to the composition of the utilized interview guide, that is to say, the responses given will be illustrated in four parts: supplier lock-in, hidden costs, loss of control over outsourced IT and recapitulating thoughts including backsourcing potentials. The responses given from each interviewee will be presented separately. Since the companies' and the interviewees' wish to remain anonymous, they were renamed. The companies representing ITO clients have been named Company C1 and Company C2 and the companies representing IT suppliers have been named Company S1 and Company S2. The interviewees have been renamed according to their respective employer: Interviewee C1, Interviewee C2, Interviewee S1 and Interviewee S2.
4.1. GENERAL INFORMATION
4.1.1. COMPANY C1 Company C1 was founded in 1948. Its core business consists of the development, production and sale of products in the sector of electrical connectivity, functional electronics and communication electronics. The company takes the German legal form of a 'GmbH & Co. KG' which can be translated into 'limited partnership with a limited liability company as the partner with personal liability'.1 Company C1 is part of a holding and is situated in North Rhine-Westphalia. The total amount of personnel of Company C1 accounts for about 3,600 employees in over 70 countries. In the fiscal year of 2007, the worldwide turnover of Company C1 reached about €503 million. The central IT department of Company C1 is responsible for the IT of all companies incorporated in the holding. Today, the entire IT department consists of 58 employees. However, 23 of the latter are
1
For further information cp. http://www.frankfurt-main.ihk.de/english/business/start-up/idem/kg/index.html (accessed 15th May 2008)
45
engaged in a division merely dedicated to internal SAP1 support and development. Within this division, Interviewee C1 is the head of department in charge and reports directly to the Chief Information Officer (CIO) of the company. Interviewee C1 started working for the company under consideration in 2000. In 2003, the company sourced out 25% of its total IT. Today, the outsourced IT amounts for approximately 50% of the total IT of Company C1 and Interviewee C1 is regularly in touch with about 15 external IT suppliers. However, the entire firm regularly engages about 50 external IT suppliers.
4.1.2. COMPANY C2 Company C2 was founded in 1959. The core business of this company consists of selling stationary and portable devices necessary for the measurement of combustible and toxic gases. Company C2 takes the legal form of a 'Gesellschaft mit beschränkter Haftung' ('GmbH') which can be translated into 'limited liability company'.2 The company under consideration is situated in North Rhine- Westphalia and the total amount of personnel accounts for 30 employees. The annual turnover of Company C2 accounts for approximately €5 million to €6 million. In 2006, a company from the US acquired 100% of a French company which, in turn, currently holds a stake of 75% in Company C2. Thus, today 75% of Company C2 indirectly is in possession of a company from the US. Hence, major strategic decisions within Company C2 necessitate an approval from the very US company. Within Company C2, there is no actual IT department, but only one employee who is in charge of online maintenance and observation of customers' portable devices. Secondarily, this employee is also in charge of minor tasks regarding the internal IT such as linking new printers to the existing network. Interviewee C2 started working for the company under consideration in 1986. Today, he is the Supply Chain Manager of Company C2 and responsible for the outsourced IT. Currently, Company C2 sources out approximately 95% of the total IT to one external IT supplier.
1
NB: SAP represents the world's leading provider of business software. For further information cp. http://www.sap.com/about/index.epx (accessed 27th April 2008) 2 For further information cp. http://www.frankfurt-main.ihk.de/english/business/startup/idem/gmbh/index.html (accessed 15th May 2008)
46
4.1.3. COMPANY S1 Company S1 is an IT service provider founded in 1997. Company S1 takes the German legal form of a 'Gesellschaft mit beschränkter Haftung' ('GmbH') which can be translated into 'limited liability company'.1 The company is situated in North RhineWestphalia. The personnel of Company S1 consist of the CEO and one employee. Services offered by Company S1 are strongly related to IT knowledge and manpower. Today, the annual turnover of Company S1 accounts for approximately €400,000 to €500,000. Interviewee S1 is founder and CEO of Company S1. The customer base of Company S1 mainly consists of small and medium-sized enterprises which primarily source out system administrative activities to Company S1. The company under consideration regularly acts as an IT supplier for approximately 25-30 clients. The average amount of IT these companies source out to Company S1 accounts for approximately 80%. The clients of Company S1 either have no internal IT department or an internal IT department consisting of one employee to whom IT management is a secondary task.
4.1.4. COMPANY S2 Company S2 is an IT service provider founded in 1998. The company is a 'Gesellschaft bürgerlichen Rechts' ('GbR') which can be translated into 'company constituted under civil law'.2 Company S2 offers software solutions, business solutions and services related to a specific enterprise resource planning system. Company S2 is situated in North Rhine-Westphalia and its personnel consists of six employees. Today, the annual turnover of Company S2 amounts to a total of approximately €500,000. Company S2 was founded by Interviewee S2 and his brother. Today, they both act as managing partners. According to Interviewee S2, the clientele of Company S2 consists of approximately 60 small and medium-sized enterprises. Some of those enterprises, especially the small ones engaging up to ten employees, source out up to 98% of their total IT to Company S2. On average, the clients engaging more than ten employees source out approximately 50%-60% of their total IT to Company S2. Most of the clients either have no internal IT department or IT departments which consist of one employee to whom managing the IT is a
1
For further information cp. http://www.frankfurt-main.ihk.de/english/business/startup/idem/gmbh/index.html (accessed 15th May 2008) 2 For further information cp. http://www.frankfurt-main.ihk.de/english/business/start-up/idem/gbr/index.html (accessed 15th May 2008)
47
secondary task. However, only very few of the ITO customers of Company S2 have internal IT departments consisting of one or more employees.
4.2 SUPPLIER LOCK-IN
4.2.1. COMPANY C1 For some parts of the IT which Company C1 sources out there are only a few IT suppliers available. Therefore, Interviewee C1 states that supplier opportunism does not only represent an imaginable ITO risk he is aware of, but a circumstance Company C1 actually experiences. According to Interviewee C1, especially one of the IT suppliers he works with has a unique selling point resulting in noticeable opportunistic behaviour such as repeated remarks referring to Company C1's dependence on this supplier. He states that such lock-in situations lead to a deterioration of the quality of provided IT and also to an elongation of time needed to complete outsourced tasks. As a result, costs associated with outsourced IT are most likely to be high. Interviewee C1 states that IT plays an important role within Company C1, but still the risk of supplier opportunism does not pose a threat to the existence of Company C1. Nonetheless, Interviewee C1 states that a high level of dependence on merely one IT supplier poses a significant threat to the success of ITO. Furthermore, the interviewee affirms the importance of IT suppliers' financial success, because suppliers that cannot persist in economic terms could represent a noticeable risk to ITO companies. However, the interviewee claims that within Company C1 this risk is currently perceived as being rather low, but that continuous observation of the financial conditions of suppliers certainly is important. Regarding asset specificity, the interviewee states that this factor does not have a major influence on both considerations regarding supplier changes or backsourcing and supplier lock-in situations. He explains that hardware is easily replaceable and that the only problematic asset when deciding to switch supplier or to bring IT back in-house would be knowledge. Interviewee C1 underlines that knowledge plays a decisive role in ITO. According to Interviewee C1, Company C1 takes measures in order to face the risk of supplier lock-in. Firstly, IT suppliers and their success at the market are under permanent observation. By this means, as soon as a supplier appears to have economic difficulties, Company C1 can reduce the level of cooperation with the
48
very supplier. Secondly, standardization is an important measure, because utilizing standard processes permits less complicated supplier changes or backsourcing operations. Since standard IT is offered by a bigger number of IT suppliers than very particular IT, the risk of being highly dependent on one or few suppliers can be reduced. As a result, Company C1 can avoid situations in which IT suppliers gain exaggerated self-confidence which could lead to opportunism. Furthermore, Interviewee C1 states that a clear documentation is essential concerning the risk of being highly dependent on IT suppliers. He explains that ITO necessitates an unambiguous documentation of processes, sequences and competencies in order to gain clarity regarding internal and external responsibilities. According to Interviewee C1, knowing what the external suppliers actually do is a basic prerequisite for the reduction of dependence on the suppliers and for the successful realization of future transition projects such as supplier changes or backsourcing operations. A further measure taken within Company C1 is aimed at reducing the self-confidence of the IT suppliers. Company C1 regularly renegotiates existing contracts and indicates that the possibility of supplier change is not unimaginable. By this means, the risk of exaggerated self-confidence and opportunism on the part of the suppliers is reduced.
4.2.2. COMPANY C2 The IT sourced out by Company C2 could be provided by many IT suppliers at the market. Even though there is only one IT supplier regularly working for Company C2, Interviewee C2 affirms that changing the IT supplier would represent a minor problem, because the outsourced IT does only consists of standard software and standard products. Therefore, asset specificity, opportunistic behaviour and overconfidence on the side of the IT supplier do not pose major threats to Company C2. Interviewee C2 states that he observes the IT supplier's success at the market. By this means, he gains knowledge about the supplier's financial condition and can recognize whether a future cooperation is probable and reasonable or not. However, since Company C2 highly relies on standard IT, even a potential bankruptcy of the IT supplier in charge does not represent a major concern, because potential supplier changes are perceived as being rather unproblematic. Regarding asset specificity, Interviewee C2 also states that the IT supplier in charge has not made any specific investments for Company C2. In such a situation, he affirms, contractual stipulations regarding the transition of assets would be necessary and the dependency on the supplier would certainly increase.
49
Interviewee C2 explains that the only measure taken regarding the avoidance of high dependency on an external IT supplier was the decision to utilize standard IT. Interviewee C2 states that an additional measure could consist of specific training for the one employee of Company C2 who is responsible for performing minor, IT related tasks. However, he explains that performing bigger parts of the IT internally would certainly require a distinct and unambiguous segmentation of responsibilities between internal and external IT provision.
4.2.3. COMPANY S1 The IT services provided by Company S1 are offered by many other IT suppliers, as well. Therefore, Interviewee S1 considers the risk of supplier lock-in as being rather low for the ITO customers of Company S1. However, Interviewee S1 states that some of the ITO clients had already experienced ITO relationships which were characterized by high dependency before they started working with Company S1. Interviewee S1 does not see any risk in the point of asset specificity for the clients of Company S1, because his company is not involved in services which require specific investments. However, Interviewee S1 states that the aspect of asset specificity certainly enhances the ITO clients' dependency on IT suppliers. Interviewee S1 claims that companies sourcing out to only one service provider should ensure not to get too dependent on the latter. According to Interviewee S1, it is reasonable to regularly cross check the costperformance ratio of the current IT suppliers and compare it to the one of alternative IT suppliers. By this means, ITO clients can make sure whether the present terms are in line with the current market situation or not. Furthermore, this comparison of alternatives reduces risks entailed by suppliers' potential bankruptcy, because the clients are always informed about potential alternatives. Moreover, Interviewee S1 states that the documentation of IT is an important measure to take in order not to get too dependent on external IT suppliers. He explains that ITO clients need to assure that these documentations are provided by their IT suppliers, because these documentations noticeably simplify supplier changes and backsourcing operations. By this means, the risk of supplier lock-in is reduced.
4.2.4. COMPANY S2 Some IT related services offered by Company S2 are only offered by a few IT suppliers. Interviewee S2 states that vendor opportunism caused by little competition is quite imaginable. He explains that IT service providers with little 50
competition have significant bargaining power and that some suppliers take advantage of such situations. Due to the huge dimensions of the IT market, IT suppliers cannot know and offer all potential products currently existing at the market. Interviewee S2 explains that some suppliers with little competition ignore the fact that they have limitations in terms of their product portfolio and sell suboptimal solutions or services to their clients. Interviewee S2 states that, unfortunately, many customers do not deal with potential problem solutions, but only focus on the simple fact that problems are being solved. Hence, ITO clients highly depending on one IT supplier frequently do not recognize that they obtain IT solutions involving products from their IT supplier's product portfolio, even though there could be better solutions for the client. Many of the customers seem to be aware of the fact that sourcing out big parts of their IT to Company S2 entails that they are dependent on the future existence of Company S2. Some of the bigger companies Company S2 works for regularly receive information regarding the creditworthiness of Company S2 and some of the smaller clients call every now and then in order to gain information on the current economic success of their IT supplier. Interviewee S2 states that such information certainly makes sense in order to check whether a current IT supplier will persist in the future. Regarding asset specificity, Interviewee S2 explains that his company usually tries to avoid specific investments related to one customer. Company S2 concentrates on products and services which can be offered to as many customers as possible. Furthermore, the interviewee affirms that specific investments certainly enhance ITO customers' dependency on their IT suppliers. Customers of Company S2 take very few measures in order to face the risk of supplier lock-in. Interviewee S2 states that in order to diminish the risk of becoming too dependent on a single IT supplier, outsourcing companies could consider a multisourcing strategy. However, he affirms that a multi-sourcing strategy entails a high level of necessary coordination and the segregation of duties among the IT suppliers in charge. Interviewee S2 also states that documentation is of great importance in order to facilitate supplier changes or backsourcing. Additionally, he mentions the necessity of having a responsible contact within an ITO company. This contact should supervise, control and know the current ITO operations. Interviewee S2 suggests that this responsible employee should also create and maintain an IT manual including all relevant data in a way that is comprehensible for internal decision makers with little IT knowledge. As a result, the internal IT knowledge will increase, the risk of supplier lock-in will decrease and supplier changes or backsourcing decisions will be facilitated. 51
4.3. HIDDEN COSTS
4.3.1. COMPANY C1 In 2003, Company C1 sourced out 25% of its IT and, at that time, the level of internal IT knowledge was quite high. This significant part of the IT was primarily sourced out, because the decision makers perceived tasks related to the IT infrastructure such as server administration and network management as not being core competences of Company C1. This ITO operation was not only characterized by a high level of internal IT knowledge, but - since this event represented the first major outsourcing operation undertaken by Company C1 - also by a low level of experience with outsourcing. Hence, it was not completely clear which issues need to be regarded when ITO contracts are concluded and subsequently become effective. Company C1 experienced unanticipated costs due to monitoring, negotiations regarding the fulfilment of stipulated service levels and due to the underestimation of setup costs. Interviewee C1 mentions that maintenance is a factor which incessantly increases in complexity and causes additional, unanticipated costs, as well. Today, even though Company C1 had to face all of these unanticipated costs, there is no tendency to bring outsourced IT back in-house, because the overall evaluation of current ITO operations is rather positive. Measures taken within Company C1 included the creation of a department for service and demand level management as well as the definition of specific responsibility assignments. In addition, procedures regarding monitoring, reporting and status requests of ITO operations were defined. Concerning the ITO contracts, Company C1 called in external consultants to check all contracts as well as included service level agreements.
4.3.2. COMPANY C2 Interviewee C2 states that until 2003 one employee of Company C2 dealt with approximately 80% of the total IT and only every now and then external IT suppliers were engaged. In 2003, this employee left the company and, since no other employee had sufficient IT knowledge to replace him, the 80% of IT primarily processed internally were sourced out. Interviewee C2 explains that Company C2 had some experience regarding IT and outsourcing, but that the rather big dimension of this ITO operation was new to Company C2. Therefore,
52
not all costs could be anticipated. The unanticipated costs that appeared mainly consisted of costs due to monitoring and negotiations. According to Interviewee C2, measures aimed at reducing the risk of facing unanticipated costs were barely taken. Interviewee C2 explains that in case of contractual stipulation of ITO operations, external consultants are called in to give advice and check the contracts.
4.3.3. COMPANY S1 According to Interviewee S1, about 50%-60% of his clients have a low degree of expertise regarding the IT they source out and regarding outsourcing, as well. Interviewee S1 states that mainly organizations of bigger dimensions monitor their outsourced IT whereas smaller companies frequently do not. According to Interviewee S1, monitoring outsourced IT is of great importance, because in the beginning of ITO relationships the interconnectedness of IT processes is frequently disregarded or underestimated. As a result, frequently unanticipated costs are caused by the necessity to coordinate internal IT processes and outsourced IT processes which are interconnected. Furthermore, setup costs are often being underestimated, as well. Interviewee S1 affirms that the appearance of unanticipated costs is likely to lead to more unanticipated costs due to conflicts and renegotiations. For the purpose of protecting themselves from being exposed to unanticipated costs, Interviewee S1 suggests to budget all expenses dedicated to IT. This budget should include maintenance costs as well as important events such as new hardware purchases and software updates which need to be implemented. By this means, clients do not have to face unanticipated expenses for larger acquisitions all at once. He also suggests for customers to assign priorities to the outsourced IT tasks and to concentrate on monitoring parts of IT characterized as being highly important to the ITO company.
4.3.4. COMPANY S2 Interviewee S2 states that the customers of Company S2 mainly have little IT knowledge and little outsourcing experience. Interviewee S2 explains that many clients of Company S2 do not exactly know what they actually need, but that this matter of fact does not keep them from having quite concrete expectations regarding the price for the outsourced IT tasks. Therefore, ITO customers often have to face unanticipated costs for monitoring, renegotiating and setup costs 53
which they primarily underestimate. Moreover, unanticipated costs emerge because of poor internal organization of IT which leads to uncoordinated workflows. Interviewee S2 states that costs also appear due to unanticipated interconnectedness of outsourced IT processes and IT processes which are kept internally. In general, the customers of Company S2 only take very few measures regarding the risk of appearance of unanticipated costs. Some customers call in external consultants when ITO contracts are to be concluded in order to guarantee the sufficiency of the contracts and stipulated terms. However, sometimes ITO clients only ask Interviewee S2 or other employees of Company S2 for advice regarding the ITO contracts. Concerning ITO contracts, he also mentions that customers should consider the stipulation of short-term ITO contracts. He explains that these are rather expensive on the one side, but permit a faster reorientation and adaptation in case of crucial IT changes on the other side. A measure that some clients of Company S2 take consists of reorganizing their internal IT. By this means, they hope to reduce avoidable coordination costs. Again, a responsible employee who concentrates on the coordination of ITO operations would be an appropriate measure to take. Interviewee S2 states that the most effective measure to avoid the appearance of unanticipated costs consists of formulating enquiries as specific as possible. By this means, the risk of facing unanticipated costs is reduced considerably.
4.4. LOSS OF CONTROL OVER OUTSOURCED IT
4.4.1. COMPANY C1 Within Company C1, IT is generally perceived as being an important part of organizational knowledge. The fact that all internal processes are not only influenced, but also supported by IT is well known. The relevance of IT can also be recognized in the organizational classification of IT within Company C1: The CIO directly reports to the CEO of the company. IT suppliers working with Company C1 mainly focus on fulfilling their contractually stipulated tasks, but some suppliers also make suggestions regarding innovations and inform Company C1 about the present state-of-the-art of IT. Interviewee C1 states that external IT suppliers cannot guarantee innovative abilities of a company and thus, they should primarily fulfil their contractually stipulated tasks. Furthermore he explains that expecting external suppliers to guarantee innovation would not be appropriate and would additionally lead to
54
high costs. Within the business strategy of Company C1, SAP application support is defined as being an internal competency. Thus, helpful suggestions can be made from external partners, but innovation is a task that is to be performed internally. Interviewee C1 explains that this is reasonable, because external IT suppliers cannot gain the same insights into the overall concept of an organization as an internal IT department can. Company C1 takes some measures to minimize the loss of control over outsourced IT. Regarding the internal IT, authorization is controlled regularly in order to guarantee an appropriate internal IT organization. ITO contracts and especially terms guaranteeing data security are scrutinized. Additionally, external IT audits are utilized in order to check applied practices and documentations. Interviewee C1 affirms that data are to be protected and represent one of the most precious assets companies have. However, he also states that data security and confidentiality are no topics of major concern within Company C1, because risks regarding these topics are minimized by contractual stipulations.
4.4.2. COMPANY C2 Interviewee C2 states that, within Company C2, IT is generally not perceived as being an important part of organizational knowledge. Contrariwise, Interviewee C2 underlines that, in his opinion, IT is and should be regarded as an important part of organizational knowledge. Within Company C2, external IT provision is perceived as guaranteeing the innovative ability of IT just as well as internal IT provision. However, Interviewee C2 states that engaging an additional employee for the purpose of running the IT of Company C2 internally is not perceived as being economically justifiable, because this extra employee - only managing the internal IT - would most likely not be occupied constantly. Thus, an internal IT department is not perceived as being a valid alternative compared to the current external IT provision. Interviewee C2 also mentions that major decisions concerning the structure of Company C2 would require the approval of the company holding the majority of Company C2. Interviewee C2 affirms that data security and confidentiality certainly represent considerable risks of ITO. According to Interviewee C2, the risk of loss of control over outsourced IT cannot be faced effectively. That is to say, the risks of loss of IT knowledge and of data abuse cannot be entirely excluded. Interviewee C2 states that future measures regarding the risk of losing control over outsourced IT could consist of raising the awareness of the personnel of Company C2 for the importance of IT and for the influence it has on the success of an organization. Furthermore, he explains that 55
contractual stipulations regarding data security and confidentiality certainly are important, but that an ITO relationship requires a high level of trust, as well. Interviewee C2 concluded by referring to the fact that within rather small companies the decision of engaging an internal IT department is considerably influenced by the fixed costs such departments entail.
4.4.3. COMPANY S1 According to Interviewee S1, many organizations regard the technological realization of IT as being too complicated and as not being one of their core competencies. Thus, especially rather small companies which either cannot afford an internal IT department or do not want to disregard their core business source out great parts of their IT. Only a few clients of Company S1 regularly ask for more than the contractually stipulated services, that is to say they ask for support regarding the innovation of IT which could lead to competitive advantages. However, most clients of Company S1 regard the innovative ability of their IT as being secured by external IT provision. Interviewee S1 states that the very innovative ability offered by an external IT supplier is superior to the one an internal IT department could generate. He states that the variety of clients of Company S1 stimulates lateral thinking, that is to say the possibility to implement solutions already utilized within the organizations of other customers. Of course, Interviewee S1 affirms, this kind of knowledge transfer is only utilized by Company S1 if the concerned IT clients are not working in the same sector. Interviewee S1 claims that, besides not having the above mentioned advantage of lateral thinking, another negative attribute of internal IT departments is that they tend to become blinded by daily routines. Regarding data security, Interviewee S1 states that the clients of Company S1 often avoid to source out data, but that current trends of the ITO market seem to lead to increasing quantities of outsourced data. Thus, he adds, the risk of data abuse or data theft increases, as well. Interviewee S1 affirms that IT suppliers often have almost unrestricted access to data and that therefore, a high level of trust among IT suppliers and their clients is essential. According to Interviewee S1, at the best, a client company internally guarantees a first level support. This means that there is at least one employee who is not only entrusted with managing IT related issues as secondary tasks, but who is allowed to spend a specific amount of his working time with these issues. By this means, smaller problems can be solved internally in a fast, efficient and unconventional manner. In case of demands becoming too excessive, the external supplier can be called in to provide second level support. Interviewee S1 states that a possible 56
outcome of this approach is helping the ITO clients to help themselves in case of reappearance of problems. Moreover, he affirms that merely relying on external IT providers is rather costly. Interviewee S1 suggests that neutral IT consultants should be involved during the negotiations of ITO contracts. These consultants should scrutinize whether all necessary terms are stipulated, so that risks due to the loss of control over outsourced IT are minimized.
4.4.4. COMPANY S2 According to Interviewee S2, many companies sourcing out IT to Company S2 do only recognize the importance of IT when they experience problems with it. Company S2 does not only focus on the delivery of contractually stipulated services, but does also make suggestions regarding technological innovation. One reason for giving these suggestions is self-interest consisting of the need to sell products and make a profit. Additionally, informing clients about innovations should enhance the customer satisfaction, because customers obtain the chance to gain competitive advantages through technological innovation. Interviewee S2 explains that suggestions for innovation made by external IT suppliers are frequently scrutinized more critically than suggestions made by internal IT departments. Therefore, it might be easier for internal IT departments to get approval for the implementation of innovation. However, Interviewee S2 also states that IT suppliers have got to be informed on the current state-of-the-art of IT to stay competitive. Since internal IT departments are most likely to be less informed on the current state-of-the-art of IT, the advantage of an external IT supplier is having access to a bigger variety of available IT products and solutions. In addition, he mentions that another advantage ITO clients obtain from external provision is that it certainly is easier to change an external IT supplier than to replace an entire, internal IT department. The perception of data security and confidentiality as important ITO risks varies noticeably among the clients of Company S2. Interviewee S2 explains that these issues deserve to be considered more, because not all IT suppliers respect data security and confidentiality. Since data security and confidentiality are considerable risks of ITO, outsourcing companies should have trustful relationships with their IT suppliers. Interviewee S2 suggests that outsourcing companies should guarantee a sufficient level of internal IT knowledge to be able to comprehend the ITO operations provided by the IT supplier and not to lose the control over outsourced IT. He states that the data security dilemma of ITO consists of the fact that external IT provision necessitates IT suppliers' access to data and thus, companies expose themselves to the risk of data abuse. The only measures customers can take are 57
either not to source out sensitive data or to stipulate compensations in case of data abuse. Nonetheless, the actual loss of data cannot entirely be excluded in ITO.
4.5. RECAPITULATING THOUGHTS AND BACKSOURCING POTENTIALS
4.5.1. COMPANY C1 Summing up, Interviewee C1 states that the risk factors under discussion pose noteworthy threats to ITO companies. According to him, especially monitoring IT suppliers, the conservation of the innovative ability of a company's IT and the necessity to scrutinize which operations need to remain in-house pose major challenges to ITO companies. Certainly, the non-observance of these points leads to considerable problems such as high costs, the supply of inaccurate services and the collaboration with unreliable partners. Furthermore, Interviewee C1 affirms that companies involved in ITO need to take measures in regard to the risks under consideration. ITO contracts concluded by Company C1 usually include terms regarding regular and irregular contract termination as well as the transition of material and immaterial assets. Regarding a potential backsourcing decision, Interviewee C1 states that this is a difficult topic to address. He explains that the problems under consideration could certainly lead to backsourcing tendencies and that he recently increased the number of employees within his department instead of sourcing out specific IT tasks. On the one hand, since internal IT demands increase, he could imagine bringing parts of outsourced IT back in-house. On the other hand, he mentions political reasons such as management plans regarding the total number of employees and the overall company strategy which have a significant influence on backsourcing considerations. He adds that, unfortunately, ITO decisions made by companies are often primarily based on the aim to turn fixed costs into variable costs. Interviewee C1 states that within his business environment he perceives that there is an increasing number of companies which reintegrate formerly outsourced IT. However, he also gives an example for successful ITO operations as they should be according to him. Last year, he realized a project by sourcing it out to Eastern Europe and perceived it as a huge success. He describes this ITO operation as a short-term relationship with confined, simple tasks which were performed at very low costs. According to Interviewee C1, ITO and backsourcing decisions differ for each single case. Certainly, demanded service levels and the complexity of outsourced tasks have a direct influence on ITO costs and decisions. After all, Interviewee C1 states that ITO companies have to remain capable of acting even without the services supplied by external IT suppliers and
58
that companies should not run the risk of being totally dependent on external IT provision.
4.5.2. COMPANY C2 Interviewee C2 states that the issues under discussion certainly represent major risks entailed by ITO operations. Regarding Company C2 he mentions that the rather simplistic structure of the IT and the utilization of standard products certainly mitigate the potential harm the risks under discussion could do. In case of contractual stipulation of ITO relationships, terms regarding the termination of the ITO relationship and the transition of assets are included. However, Interviewee C2 again states that within Company C2 above mentioned financial reasons and the corporate structure are reasons for not creating an internal IT department. Furthermore, he explains that within Company C2 the costperformance ratio is perceived as being a major benefit of external IT provision. Interviewee C2 states that for IT suppliers IT is a core competence and that adequately replacing external IT provision with an internal IT department would require a considerable amount of investments and training for the internal IT department's personnel.
4.5.3. COMPANY S1 According to Interviewee S1, hidden costs do only represent a minor risk compared to the other risks under consideration. He justifies this statement by explaining that additional costs can be negotiated and explained in case of dissension. Interviewee S1 states that, among the risk factors under discussion, the loss of control over outsourced IT and especially data certainly represents a major risk of ITO. He adds that the importance of this risk is even enhanced since there is little awareness of this risk within organizations of ITO clients. Since Company S1 strictly avoids investments in specific assets for ITO clients by directly selling assets to the clients, there is no need to stipulate the transition of investments at the termination of ITO relationships. Obviously, this enhances the facility of potential IT supplier changes or backsourcing decisions. According to Interviewee S1, backsourcing certainly is a considerable alternative for many ITO organizations. Especially, companies which source out sensitive operations such as the storage of data and which are highly dependent on external IT suppliers are most likely to consider backsourcing. This can be explained by the fact that in these situations companies are highly dependent on the permanent accessibility of 59
the IT supplier or the Internet access' operability, for instance. In such situations an unavailability of the IT supplier jeopardizes the ITO company's ability to work. Internal IT provision, of course, regarding these factors, has major advantages like immediate accessibility and hence, short response time. Interviewee S1 states that within each company the maintenance or rather protection of the internal business processes' capacity to act should be given top priority. Thus, according to him, at least core IT tasks should be performed internally.
4.5.4. COMPANY S2 Summing up, Interviewee S2 states that the topics under discussion pose significant risks to ITO clients. In his opinion, many of these risks could be avoided by enhancing internal IT knowledge and the awareness of the importance of IT. Whenever this is necessary, Company S2 stipulates the transition of specific material and immaterial investments at the termination of ITO relationships. Since a basic documentation is always saved on the servers of the ITO clients, potential supplier changes or backsourcing operations are facilitated significantly. Regarding backsourcing potentials Interviewee S2 states that internal IT departments can certainly realize bigger projects in a more convenient way than external IT suppliers can. He explains that external IT suppliers can realize bigger projects as well, but that this often necessitates much effort and time resulting in high costs for the ITO company. Therefore, in case of major project realization, the costs of internal IT departments are most likely to be lower than the ones for external IT provision. However, Interviewee S2 states that companies of certain dimensions cannot perform all their IT related tasks on their own, because today's IT implies many specific tasks which require services offered by different, specialized IT suppliers.
60
5. DATA ANALYSIS
In the following, the data presented in the former chapter will be analyzed. In conformance with the utilized interview guide and the data presentation, the data analysis will also be presented in four parts: supplier lock-in, hidden costs, loss of control over outsourced IT and recapitulating thoughts including backsourcing potentials. Each part represents the response to one of the research questions under discussion.
5.1. SUPPLIER LOCK-IN
1. What is the occurrence of the risk of supplier lock-in in ITO companies? a) Which reasonable measures can ITO companies take in order to mitigate this risk? According to the transaction cost theory approach to the analysis of ITO risks, presented in chapter 2.4.3.1., factors influencing the risk of supplier lock-in are asset specificity, a limited number of available suppliers and ITO clients' lack of expertise and experience in regard to ITO and ITO contracts. All respondents state that asset specificity certainly enhances the dependency of ITO clients on IT suppliers. However, none of the respondents perceives to currently be in such a situation and Interviewee C1 even states that asset specificity of hardware does not represent a major ITO risk, because in case of supplier changes it can simply be replaced. The other respondents have similar opinions. However, Interviewee C1 admits that IT suppliers might have IT knowledge which ITO companies do not have. Thus, IT knowledge appears to be an asset which is rather difficult to replace. Therefore, a dependency on IT suppliers seems to be related more to IT knowledge than to specific material assets. All other respondents do not perceive the specificity of assets as a threat, because the IT applied within their companies mainly consists of standard products and services. Utilizing standard IT wherever applicable certainly is a reasonable measure to take. By this means, ITO companies can guarantee a greater number of potential IT suppliers. As a result, companies have the chance to regularly check the costperformance ratio of their current IT supplier and compare it to alternative IT suppliers. Another chance obtained through the greater number of available IT
61
suppliers is the chance to apply a multi-sourcing strategy.1 However, applying a multi-sourcing strategy necessitates an unambiguous delimitation of tasks in order to avoid interferences among the IT suppliers in charge. Such interferences can lead to the decrease of quality of provided IT and the increase of time necessary for the completion of tasks. Thus, the costs related to the external IT provision increase. In order to avoid these costly interferences among IT suppliers, a multi- sourcing strategy necessitates a considerable amount of coordination which, in turn, leads to coordination costs. Therefore, it seems as if a multi-sourcing strategy is only beneficial if the coordination costs it entails do not exceed the costs the opportunistic behaviour of a single supplier would cause. Interviewee C1 and Interviewee S2 have experienced situations characterized by a limited number of available IT suppliers offering specific IT products and services. Company C1 is currently involved in an ITO relationship with an IT supplier that has a unique selling point which results in noticeable opportunistic behaviour. As a result, the quality of outsourced IT diminishes, the time needed to complete tasks increases and the costs for the outsourced IT tasks increase. Interviewee S2 is sure about the fact that a limited number of available suppliers leads to an increase of the bargaining power of the suppliers and that, as a result, some suppliers take advantage of this situation by offering suboptimal solutions to their customers which are highly dependent on them. Again, the utilization of standard IT wherever applicable is a sensible measure to take, because it guarantees a greater number of potential IT suppliers. As a result, the risk of supplier opportunism is mitigated and supplier changes are simplified conspicuously. However, adaptations of internal business processes might be necessary in order to conform to the implemented standard IT. It is evident that the extensiveness of these adaptations is different for each company, because specific business processes are rather unique. However, these adaptations should not negatively influence the efficiency of the business processes. Another reasonable measure in regard to a restricted number of available suppliers consists of reducing the self-confidence of the IT suppliers in charge by regularly renegotiating existing ITO contracts. By this means, ITO clients indicate that the possibility of supplier change is not completely unimaginable and reduce the risk of exaggerated self-confidence and opportunism on the part of the IT suppliers.
1
cp. chapter 2.3.1.6.
62
Company C1 and Company C2 both source out rather big parts of their IT.1 When they started to source out their IT, both companies had little experience in regard to outsourcing operations of these dimensions. According to Interviewee S1 and Interviewee S2, their ITO clients mostly have little experience with outsourcing, too. When they started sourcing out significant parts of their respective IT, Company C1 had a rather high and Company C2 had a rather low level of internal IT knowledge. More than half of the ITO clients of Company S1 and hardly all customers of Company S2 have a low degree of internal IT knowledge, as well. Obviously, this fact results in a high dependency on external IT providers. This dependency concerns the honesty of the IT suppliers and the appropriateness of applied IT solutions. Evidently, this dependency requires that ITO clients trust their IT suppliers to a great extent. There are measures ITO clients can take in order to face the low degree of internal IT knowledge which results in a high level of dependency on external IT provision. In companies where IT is internally being managed as a secondary task by an employee, decision makers should consider turning IT into a primary task. Companies involved in ITO should at least have one employee that is responsible for both the internal and the outsourced IT. The very responsible employee should supervise, control and know the current ITO operations. Thus, ITO companies do not have to simply rely on and have trust in external IT suppliers, but preserve or resume an overview of the outsourced IT. As suggested by Interviewee S2, a responsible employee dealing with the ITO operations should also create and maintain an IT manual including all relevant data. This manual should be written in a simplified way, so that even internal decision makers with little IT knowledge can understand it. By this means, decision makers will gain deeper insights into the extensiveness of ITO operations. As a result, decisions regarding ITO and supplier changes or backsourcing will not only be facilitated noticeably, but the quality of these decisions will increase, as well. All interviewees agree on the fact that supplier lock-in situations are highly risky and should be avoided when IT is being sourced out. They all confirm that supplier lock-in situations are most likely to appear when there is only a little number of IT suppliers available to perform specific tasks. In such situations the appearance of supplier opportunism is quite imaginable. For instance, opportunistic behaviour can consist in the exploitation of bargaining power or of non-compliance with agreements such as appointed consulting capacities. Another negative effect resulting from high dependency on one IT supplier is the fact that
1
cp. chapter 4.1.1. and chapter 4.1.2.; Company C1: 50% of the total IT is being sourced out. Company C2: 95% of the total IT is being sourced out.
63
ITO clients face significant problems in case of being in an ITO relationship with an IT supplier that has economic difficulties. Generally, companies can take measures in order to face the risk of supplier lock- in. For instance, IT suppliers of Company C1 are under permanent observation, so that Company C1 stays informed about the economic success of its suppliers. By this means, as soon as IT suppliers appear to have economic difficulties, Company C1 can reduce the level of cooperation and thus, the risk of negative outcomes on the part of Company C1 is reduced. Observing the economic situation of the IT suppliers in charge certainly is a reasonable measure to take, because it enables ITO clients to react to impending business failures of IT suppliers. Furthermore, in order to face the risk of high dependency on one IT supplier, ITO clients should recognize the importance of keeping outsourced IT as transparent as possible. The unambiguous documentation of processes, sequences and competencies is crucial. Documentations should comprise the delimitation of internal and external responsibilities. This delimitation enables a reasonable coordination of internal IT and outsourced IT. At the best, documentations include all information a new IT supplier would need to take over. Hence, documentation of IT is a basic prerequisite for the successful realization of future transition projects such as supplier changes or backsourcing operations. Within the following figures, the above mentioned measures, which can be taken in order to face the risk of supplier lock-in, are summarized. The measures are subdivided into measures which can be taken within an organization and measures which can be taken in connection with external partners. Furthermore, the direct and subsequent effects these measures have are represented. The following figure1 contains measures which can be taken within ITO companies.
INTERNAL MEASURES EFFECT (1) EFFECT (2) The risk of opportunism is reduced; Multi-sourcing is enabled The risk of opportunism is reduced Decision making is facilitated
Apply standard IT
More suppliers available Internal IT knowledge Establish responsible ITO contact enables the supervision and (with IT as a primary task) control of ITO operations Deeper insights into ITO Maintain simplified manual operations are obtained Figure 7: Supplier Lock-in: Internal measures
1
cp. fig.7
64
Within the following figure1 measures which can be taken in connection with external partners are summarized. Again, the effects these measures cause are presented.
EXTERNAL MEASURES Observe the financial situation of IT suppliers Take charge of documentation by IT suppliers Figure 8: Supplier Lock-in: External measures EFFECT Appropriate reactions are enabled Supplier changes and/or backsourcing are facilitated
5.2. HIDDEN COSTS
2. What is the occurrence of the risk of hidden costs in ITO companies? a) Which reasonable measures can ITO companies take in order to mitigate this risk?
According to the transaction cost theory approaches to unanticipated costs presented in chapter 2.4.3.2., after ITO contract conclusions, factors influencing the risk of hidden costs are vendor management, the complexity of organizational peculiarities, the lack of ITO clients' expertise with the outsourced IT and outsourcing, as well as the relatedness of outsourced IT.
The interviewed ITO clients state that they had rather little expertise regarding outsourcing when they started sourcing out significant parts of their respective IT. At the beginning of their respective ITO operations, Company C1 had some and Company C2 had very little IT knowledge. The interviewed IT suppliers state that most of their clients have little expertise and experience in regard to both the outsourced IT and outsourcing. All interviewees confirm the appearance of at least some of the unanticipated costs related to vendor management, that is to say costs related to monitoring, renegotiations and the underestimation of setup costs. Since ITO contracts concluded by companies with little expertise concerning the outsourced IT and/or outsourcing are presumably incomplete, unanticipated costs related to renegotiations and contractual additions are most likely to emerge. It seems as if ITO clients frequently have to face unanticipated costs for monitoring and setup costs which they primarily underestimate, as well.
A measure that companies with little knowledge about the outsourced IT and outsourcing should take regarding the conclusion of ITO contracts consists of calling in external consultants. The very consultants should not only have
1
cp. fig.8
65
expertise regarding the conclusion of outsourcing contracts, but also regarding the IT which is planned to be sourced out. Otherwise, even engaging external consultants might not guarantee complete ITO contracts and the resulting reduction of emergence of unanticipated costs. Another measure companies can take regarding ITO contracts consists of the stipulation of short-term ITO contracts. On the one hand, these are rather expensive and certainly more expensive than long-term contracts. On the other hand, short-term contracts frequently are characterized by the stipulation of fixed prices excluding all additional costs. Often, these contracts include round-the-clock services and guaranteed substitution of defective hardware within 48 hours. Moreover, compared to long-term contracts, short-term contracts permit faster adaptations such as supplier changes or backsourcing operations in case of crucial changes within the ITO companies or within the field of IT.
Once ITO contracts are concluded, companies need to take measures to face the risk of unanticipated costs. Outsourcing companies need to create internal departments dedicated to managing the outsourced IT and define responsibility assignments regarding specific topics. For instance, Company C1 created a department for service and demand level management as soon as a big part of the IT was sourced out. It seems to be evident that the creation of internal departments in charge of ITO management turns unanticipated costs for monitoring and renegotiating into calculated, fixed costs. Additionally, procedures regarding monitoring, reporting and status requests have to be defined so that the tasks performed by the internal departments in charge of ITO management are as accurate as possible.
Furthermore, it seems as if unanticipated costs appearing after the conclusion of ITO contracts are often caused by poor internal knowledge and organization of IT. Frequently, unanticipated costs appear because a lack of internal IT knowledge does not allow deeper insights into the entire extent and complexity of ITO operations. Evidently, this lack of deeper insight leads to situations in which IT suppliers receive inappropriate information or misinformation regarding the planned ITO operations. As a result, it is rather difficult for IT suppliers to realistically estimate the extensiveness and costs of ITO operations. Thus, primarily concluded contracts often need additions which cause unanticipated costs on the part of the ITO clients. It seems as if a lack of internal IT knowledge does also result in difficulties concerning monitoring, because not all cost factors entailed by ITO operations can 66
be comprehended by ITO clients. Hence, clients with little IT knowledge can frequently only check whether tasks have been completed or not, but cannot check all of the underlying cost factors. In such situations, ITO clients are highly dependent on the honesty of their IT suppliers and have to totally trust them. However, ITO companies which monitor the activities of their IT suppliers need to ask themselves how much monitoring is economically justifiable. Certainly, engaging internal personnel to monitor all activities of external IT suppliers leads to high costs. As a result, the costs for internal departments dealing with the management of all outsourced IT might reach dimensions comparable to the costs internal IT provision would cause. Thus, companies need to assign priorities to the outsourced IT tasks and focus on merely monitoring tasks which are defined as being of major importance to the respective ITO company. According to Interviewee S1, organizations of bigger dimensions frequently monitor their outsourced IT whereas smaller companies seldom do. Certainly, these differing practices are based on the availability of financial resources. However, smaller companies which cannot afford the creation of internal departments merely dealing with outsourced IT should at least consider to entrust one employee with the coordination of all external IT provision. This employee should reduce the risk of facing unanticipated costs by preparing a budget which contains all predictable, future expenses for hardware purchases, software updates and maintenance costs. In the field of ITO, especially maintenance requires a significant amount of coordination effort, because IT is continuously becoming more sophisticated and incessantly increases in complexity. Therefore, an employee responsible for the management of outsourced IT appears to be indispensable, even for smaller companies. Furthermore, if this employee has more than just basic IT knowledge this can result in a diminishment of unanticipated costs which can be caused when IT suppliers are misinformed about the attributes of planned ITO operations. This results from the fact that a responsible employee with more than just basic IT knowledge can specify his enquiries. Firstly, when specific enquiries are made, IT suppliers have fewer chances to deliver IT which is inadequate. As already explained, when ITO customers cannot specify and understand the factors underlying an ITO operation, IT suppliers might behave opportunistically and try to implement own products or services even though there would be better solutions for the customer. Secondly, specific enquiries enable the IT suppliers to make offers which are more precise. Hence, the emergence of unanticipated costs is reduced on the part of the ITO customers.
67
Interestingly, as in the case of Company C2, unanticipated coordination costs due to the logical or technological interconnectedness of outsourced IT and internally kept IT do not appear, when companies opt for a total outsourcing approach. 1 Coordination efforts might be reduced to a minimum in such situations, but the amount of outsourced IT certainly reaches dimensions in which reasonable, necessary monitoring becomes quite extensive and costly. Additionally, only keeping a little amount of the IT in-house leads to a high level of dependency on external IT provision and, as already discussed above, increases the risk of supplier lock-in. Summing up, total outsourcing reduces the appearance of some unanticipated costs, but results in higher monitoring costs and a high level of dependency on external IT providers. Hence, total outsourcing cannot be considered as being a reasonable measure to take in order to reduce the risk of appearance of unanticipated costs. Mainly depending on external IT provision and not being able to maintain the ability to work without external partners certainly represents an undesirable, strategic risk for ITO companies. This aspect will be resumed below. The following figures summarize the above mentioned measures which can be taken in order to face the risk of hidden costs. The measures are subdivided into measures which can be taken within an organization and measures which can be taken in regard to external partners. Furthermore, the direct and subsequent effects these measures have are represented. The following figure2 contains measures which can be taken within ITO companies in order to reduce the risk of emergence of hidden costs.
INTERNAL MEASURES EFFECT (1) Establish responsible ITO Unanticipated costs for contact (with IT as a monitoring and renegotiating primary task) turn into fixed costs Establish responsible ITO contact (with more than just IT suppliers receive enquiries basic IT knowledge) which are more precise Figure 9: Hidden Costs: Internal measures EFFECT (2)
The risk of opportunistic behaviour is reduced; Offers made by IT suppliers are more precise
Within the following figure3 external measures which can be taken in order to face the risk of hidden costs are summarized. Again, the direct and subsequent effects these measures have are presented. Total outsourcing as a measure is included in this chart, but, as already explained above, does not represent a reasonable measure to take.
1 2 3
cp. chapter 2.3.1.3. cp. fig.9 cp. fig.10
68
EXTERNAL MEASURES
EFFECT (1)
EFFECT (2)
Unanticipated costs for monitoring and renegotiating turn into fixed costs; Supplier changes and/or backsourcing Conclude short-term ITO are realizable quicker contracts The risk of concluding incomplete ITO contracts is Call in consultants for ITO reduced contract conclusions (Hardly no coordination costs; but high dependency on external provision) (Total Outsourcing) Figure 10: Hidden Costs: External measures
Less unanticipated costs appear
(High monitoring costs)
5.3. LOSS OF CONTROL OVER OUTSOURCED IT
3. What is the occurrence of the risk of loss of control over outsourced IT in ITO companies? a) Which reasonable measures can ITO companies take in order to mitigate this risk? Within chapter 2.4.3.3., resource-based theory was utilized to approach the risk of loss of control over outsourced IT. In the following, IT knowledge, data security and confidentiality are under investigation. IT, as a part of organizational knowledge, continuously gains in importance, because organizational knowledge is frequently perceived as representing the basis for the creation of competitive advantages. Heterogeneity, the difference among resources belonging to competing firms, and immobility, the inability to access resources belonging to a competitor, are the basic prerequisites resources need to fulfil in order to lead to competitive advantages. Heterogeneity in this case refers to IT knowledge and innovative ability whereas immobility refers to data security and confidentiality. Only within Company C1 which is a big company engaging 3,600 employees worldwide, IT is perceived as being an important part of organizational knowledge which does not only influence, but also support all processes within an organization. Statements of Interviewee C2 and the interviewed IT suppliers show that ITO companies frequently do not regard IT as being an important part of organizational knowledge, but that it should be regarded as such. It seems as if within many companies there is a lack of awareness regarding the fact that IT has a significant influence on the creation of competitive advantages. All too often, IT is perceived as merely being a tool and therefore, only attracts attention when problems occur.
69
It seems as if smaller companies tend to regard the innovative ability of IT as being secured by external IT providers whereas bigger companies do not. Frequently, smaller companies do not to have enough financial resources to guarantee that internal personnel keep up with the dynamic field of IT. Thus, external IT provision appears to be advantageous, because external IT suppliers possess expert knowledge which smaller companies are most likely not to have, because of their restricted financial resources. Besides the financial aspect which can lead to ITO, IT suppliers have the chance to conceive of solutions derived from solutions found for other ITO clients. Concerning the innovative ability of IT, this possibility of lateral thinking certainly is an advantageous criterion in favour of external IT provision, because ITO clients can benefit from IT suppliers' experiences. External IT providers should certainly make suggestions regarding innovation of current IT within the organizations of their clients, but, as Interviewee C1 states, external IT suppliers cannot guarantee the innovative abilities of their ITO clients and thus, they should principally fulfil their contractually stipulated tasks. Moreover, as Interviewee C1 underlines, turning suggestions into useful innovations as well as elaborating and integrating processes into the proper business context are tasks which have to be fulfilled by internal IT departments. Obviously, since internal business processes are strongly interconnected and highly complex, individual components of processes are difficult to detach. Furthermore, since internal IT departments have the advantage of being a part of the company they provide with IT, they gain deeper insights into business processes and coherences than external IT providers. Expecting external IT providers to gain similar insights would certainly require a considerable amount of time and thus, would lead to high costs. Consequently, expecting external IT suppliers to guarantee the innovative ability of IT is not appropriate and additionally leads to high costs. It seems as if the complexity of processes increases with the company size and thus, gaining an insight into internal business processes increases in complexity, as well. Regarding data security and confidentiality all respondents agree about the fact that these are issues of major importance in the field of ITO. However, many ITO companies do not realize which risks they take when external IT suppliers gain access to their data. Frequently, IT suppliers have unrestricted access to data and, as Interviewee S2 affirms, not all IT suppliers respect data security and confidentiality. Thus, the loss of control over outsourced IT and data certainly represents a risk which deserves to be considered attentively. It seems as if ITO clients only have two choices regarding this risk. Firstly, they can decide not to source out sensitive data. Secondly, when concluding ITO contracts, ITO clients 70
can stipulate compensations regarding cases of data abuse. Nonetheless, these compensations do only become effective in case of actual data loss and cannot prevent data abuse. Since data represents an intangible asset, it is imaginable that outsourcing companies do not even notice cases of data abuse. As a result, it seems as if besides not sourcing out IT and sensitive data there is no measure companies can take to entirely exclude the loss of data in the context of ITO. It is in the nature of things that ITO entails the risk of data abuse or rather data theft. In order to deal with the latter a company has to decide on how much time and effort are economically justifiable to monitor and control ITO operations which include sensitive data. Therefore, the element of trust appears to be of major importance in ITO relationships. Especially the interviewed IT suppliers affirm that trust is an indispensable requisite for ITO relationships. Interviewee C2 also states that ITO companies need to have trustful relationships with their IT suppliers, because risks of data abuse cannot be excluded entirely. Furthermore, it seems as if internal data security and confidentiality are topics which are frequently disregarded in ITO companies. Within many organizations there seems to be a lack of sensitization concerning the importance of IT, data security and confidentiality. Data security should begin with internal measuresaimed at the organization and control of data. By this means, companies can reduce data theft by employees - which appears to be a topic as important as external data abuse - and can improve the overall data security. In order to do so, companies need to regularly check rights of access and sensitize the internal personnel for the crucial importance of data and its influence on the success of a company. Furthermore, it is reasonable to call in external partners to perform audits in order to check applied practices and documentations. As Interviewee S1 confirms, an internally organized IT implies data security and thus, minimizes economic risks. The very economic risks refer to today's world of work which is characterized by a high dependency on IT. Consequently, IT problems have a negative impact on the work flow which, in turn, leads to economic losses. Summing up, ITO clients need to guarantee the heterogeneity, that is to say the innovative ability, of their IT not only by relying on external partners. Instead, ITO companies need to utilize their expert knowledge about their own organization to apply innovations in a way which allows gaining best possible competitive advantages. Internally, data security and confidentiality can be improved by organizing and controlling access authorizations. Externally, in ITO, the risk of data abuse is not excludable and therefore, the choice of IT suppliers should be scrutinized. Since IT suppliers gain access to sensitive data, they should be trusted in to a great extent. Furthermore, contractual stipulations guaranteeing 71
compensations in case of data abuse should be accompanied by external experts. However, it is crucial to bear in mind that these compensations guarantee financial compensation in case of data abuse, but do not prevent the actual data abuse. The following figures summarize the above mentioned measures which can be taken in order to face the risk of loss of control over outsourced IT. The measures are subdivided into measures which can be taken within ITO companies and measures which can be taken regarding external partners. Moreover, the direct and subsequent effects these measures have are presented. The following figure 1 summarizes which internal measures can be taken in order to face the risk of loss of control over outsourced IT.
INTERNAL MEASURES EFFECT (1) Deeper insights into business Define innovative ability processes and coherences are gained of IT as an internal task Sensitize personnel for the relevance of IT and data Internal data security is improved EFFECT (2) Innovative ability of IT is improved External data security is improved
Regularly check access External data security is authorizations Internal data security is improved improved Figure 11: Loss of Control over outsourced IT: Internal measures
Within the following figure2 external measures which can be taken in order to face the risk of hidden costs are summarized. Again, the direct and subsequent effects these measures cause are presented.
EXTERNAL MEASURES Stipulate compensation agreements EFFECT No prevention of data abuse, but compensation
Regularly call in external partners for internal IT audits Applied practices and documentations are scrutinized Figure 12: Loss of Control over outsourced IT: External measures
5.4. RECAPITULATING THOUGHTS AND BACKSOURCING POTENTIALS
4. How do the risks under consideration influence backsourcing considerations of ITO companies? All respondents agree on the fact that the risks under discussion have a great influence on ITO. It seems to be obvious, that ITO companies need to be active, not reactive, in regard to the risks under consideration. Thus, companies involved
1 2
cp. fig.11 cp. fig.12
72
in ITO should consider the measures mentioned above in order to avoid the negative outcomes these risks can lead to. As Interviewee C1 affirms, Company C1 would certainly be in a much less advantageous situation today if the applied measures would not have been taken. It also seems as if the risks under consideration all have a significant influence on backsourcing considerations. However, backsourcing decisions are certainly not merely based on the ITO risks under discussion, but on a combination of various factors. Nevertheless, the ITO risks under consideration certainly have a considerable influence on backsourcing considerations of ITO companies. Obviously, for companies which cannot afford internal IT departments, backsourcing is not perceived as being an alternative to ITO. For instance, within Company C2, backsourcing is perceived as representing an unrealizable option, because it would not be economically justifiable to establish an internal IT department that deals with all the IT of Company C2. Since IT represents a core competency for IT suppliers, but not for most of the ITO clients, the attempt to establish an internal IT department with similar competencies would certainly entail costly investments and specific training for the personnel of the IT department. Hence, the cost-performance ratio certainly impedes considerations of large-scale inhouse IT provision within smaller companies. Furthermore, mainly relying and depending on external IT provision entails risks such as supplier lock- in and reduces the chances of bringing outsourced IT back in-house, because in such situations internal IT knowledge presumably is low. After all, since organizational growth is, sooner or later, most likely to lead to the necessity of running at least core parts of the IT in-house, even smaller companies should avoid a high level of dependence on external IT provision. Therefore, companies of smaller size should consider selective outsourcing, that is to say they should perform parts of the IT on their own. The IT operations processed inside should be managed by an internal IT department which, according to requirements and financial situations, could even consist of merely one employee. The important task of such an internal IT department consists of first level support, internal IT management, ITO relationship management and the preservation of IT knowledge at a level which is sufficient to run supplier changes or backsourcing operations. Since all respondents state that the transition of specific material and immaterial investments in case of the termination of ITO relationships are usually stipulated in ITO contracts, this does not appear to restrain companies from bringing outsourced IT back in-house. Furthermore, there seems to be an appropriate awareness about the importance of documentations which, as already explained 73
above, noticeably facilitate potential supplier changes or backsourcing operations. Therefore, these issues do not seem to hinder companies from considering backsourcing as an alternative to ITO. Especially companies which source out sensitive data and/or are highly dependent on external IT provision should consider backsourcing. Not only are data security and confidentiality issues which require high levels of trust. Companies which are highly dependent on external IT provision are also highly dependent on the permanent accessibility of their IT suppliers and of their outsourced data. The trouble is that, in such situations, an unavailability of IT suppliers jeopardizes the ITO companies' ability to work and thus, most likely leads to noticeable economic loss. In regard to this issue, internal IT provision has, compared to external IT provision, the major advantage of immediate accessibility and hence, short response time. Certainly, as Interviewee S1 affirms, within each company the maintenance and protection of the internal business processes' capacity to act should be given top priority. Thus, since trustworthiness and accessibility of external IT providers are not controllable, at least core IT processes influencing the ITO companies' capacity to act should be managed internally. It is evident, that running processes internally does not prevent the appearance of problematic situations, but at least external risks can be reduced noticeably. Moreover, it seems as if major projects which require deeper insight into business processes and coherences should preferably be performed by internal IT departments, because external providers most likely need a considerable amount of time and effort to gain the same insights and perform the same tasks. As a result, costs for external provision are most likely to be high. However, smaller projects consisting of simple IT tasks, without involvement of sensitive data and only requiring short-term contractual relationships represent IT operations which can certainly be sourced out with rather little concern in regard to the ITO risks under consideration. However, the possibility of bringing outsourced IT back in- house is not only affected by the complexity of tasks, but also by the demanded service levels and whether these can be achieved internally or not. The complexity of IT tasks seems to grow proportionally with the organizational size. This is affirmed by Interviewee S2, who explains that increasing organizational dimensions lead to increasingly specific requests which, in turn, result in the necessity to collaborate with several, specialized IT suppliers. That is to say, bigger companies have more complex IT structures than smaller companies. Consequently, within bigger organizations there are more sophisticated IT tasks to be performed. As a result, bigger companies are most likely to have difficulties performing all IT tasks on their own. Hence, it seems as if the amount of complex 74
tasks within bigger companies necessitates the collaboration with specialized, external IT suppliers which can perform these tasks. Since not all IT can be performed internally and not all IT should be sourced out for various, above mentioned reasons, selective outsourcing appears to be the right approach for bigger companies, as well. In the end, ITO companies primarily need to guarantee that they stay capable of acting without being totally dependent on external IT provision. Organizational success, which is certainly influenced by IT, should primarily originate within a company and not be totally dependent on external partners.
5.5. SUMMARY AND CONCLUSION
As already presented above, ITO companies regard the risks under discussion as important factors which significantly influence ITO and its success. Several internal and external measures which can be taken in order to face the risks of supplier lockin, hidden costs and the loss of control over outsourced IT were presented above. For the purpose of giving an overview over the discussed measures, they are all summarized in the figure below.1
1
cp. fig.13
75
INTERNAL MEASURES
EFFECT (1)
EFFECT (2) The risk of opportunism is reduced; Multi-sourcing is enabled The risk of opportunism is reduced Decision making is facilitated
Apply standard IT Supplier lock-in Establish responsible ITO contact (with IT as a primary task) Maintain simplified manual EXTERNAL MEASURES Observe the financial situation of IT suppliers Take charge of documentation by IT suppliers INTERNAL MEASURES Establish responsible ITO contact (with IT as a primary task) Establish responsible ITO contact (with more than just basic IT knowledge) EXTERNAL MEASURES
More suppliers available Internal IT knowledge enables the supervision and control of ITO operations Deeper insights into ITO operations are obtained EFFECT Appropriate reactions are enabled Supplier changes and/or backsourcing are facilitated EFFECT (1) Unanticipated costs for monitoring and renegotiating turn into fixed costs IT suppliers receive enquiries which are more precise EFFECT (1) Unanticipated costs for monitoring and renegotiating turn into fixed costs; Supplier changes and/or backsourcing are realizable quicker The risk of concluding incomplete ITO contracts is reduced (Hardly no coordination costs; but high dependency on external provision) EFFECT (1)
EFFECT (2)
Hidden costs
The risk of opportunistic behaviour is reduced; Offers made by IT suppliers are more precise EFFECT (2)
Conclude short-term ITO contracts Call in consultants for ITO contract conclusion
Less unanticipated costs ap p ear
(Total Outsourcing) INTERNAL MEASURES Loss of control over outsourced IT Define innovative ability of IT as an internal task Sensitize personnel for the relevance of IT and data Regularly check access authorizations EXTERNAL MEASURES
(High monitoring costs) EFFECT (2)
Deeper insights into business processes and coherences are Innovative ability of IT is obtained improved Internal data security is improved Internal data security is improved EFFECT External data security is improved External data security is improved
Stipulate compensation No prevention of data abuse, agreements but compensation Regularly call in external Applied practices and documentations are partners for internal IT scrutinized audits Figure 13: ITO Risks: Measures and their effects
After all, it became apparent that all ITO risks under discussion are perceived as being of considerable importance to ITO companies and that - among the risks 76
under consideration - the risk of hidden costs is not perceived as being the most important one. This is rather remarkable, because ITO basically represents a 'make or buy' decision and hence, generally the economic aspects of ITO are the ones primarily considered. Obviously, within ITO, economic aspects are not more important than strategic or technological aspects. Furthermore, it became apparent that the occurrence of supplier lock-in represents an important ITO risk, even though asset specificity is not perceived as posing a major threat leading to supplier lock-in, because investments in material assets are easily replaceable. In fact, the actual dependency on IT suppliers is rather created by the length of stipulated ITO contracts as with specific, material assets procured by IT suppliers. However, IT knowledge represents an intangible asset which might be difficult to replace and thus, increases the risk of high dependency on external IT provision. A restricted number of available suppliers certainly leads to vendor opportunism resulting in decreasing quality of performed tasks, increasing time required to fulfil tasks and finally, to high costs. Apparently, a low level of expertise with ITO also leads to an increase of the risk of supplier lock-in. Many companies involved in ITO seem to be aware of the threat supplier lock-in represents, but there certainly is a need to approach this risk more intensely. Companies can take internal and external measures to face the risk of supplier lock-in. On the one hand, companies can take measures which are aimed at the improvement of the internal organization such as the application of standard IT or the definition of responsible ITO contact persons. On the other hand, companies in ITO relationships can take measures which are not aimed at improving ITO operations by internal modifications, but by actions targeted at the external of a company such as the observance of the financial situations of IT providers. Hidden or rather unanticipated costs represent an ITO risk which appears rather often. Frequently, the appearance of hidden costs is caused by a lack of IT knowledge existing within ITO organizations. Firstly, this lack of IT knowledge results in incomplete contracts which, in turn, cause the emergence of unanticipated costs. The latter mainly consist of vendor management costs such as costs for monitoring and renegotiations. Secondly, the lack of IT knowledge within ITO companies results in the inaptness to recognize the entire extent of planned ITO operations. As a result, information given to external suppliers is most likely to be incomplete and lead to improper offers. Furthermore, little internal IT knowledge increases the dependency on external IT suppliers and constrains the ability of monitoring the correctness of performed tasks. Thus, ITO clients with little IT knowledge are highly dependent on the honesty of the IT suppliers in charge and simply have to trust them. Obviously, such situations can 77
lead to opportunistic behaviour which, in turn, leads to the emergence of unanticipated costs. In order to face the risk of hidden costs, companies involved in ITO can take internal and external measures. An internal measure can consist of creating a responsible person which manages all IT and ITO whereas an external measure can consist of calling in external consultants to assist in the conclusion of ITO contracts. Apparently, the loss of control over outsourced IT represents a crucial risk of ITO. The importance of IT as a part of organizational knowledge which can result in competitive advantages does not seem to be a fact the majority of companies is aware of. Certainly, this lack of awareness regarding the relevance of IT and of internal IT knowledge can especially be found in small companies. These also seem to perceive the innovative ability of IT as being guaranteed through external IT provision. However, the influence the financial situations of ITO companies have on this perception is not to be underestimated. It is evident that the choice for external IT provision is intensified by limited financial resources. Sourcing out sensitive data definitely leads to the risk of data abuse or rather data theft. Regarding these threats, ITO companies can either decide not to source out sensitive data or completely rely on the trustworthiness and honesty of external IT suppliers. ITO clients can take internal and external measures to face the risk of loss of control over outsourced IT. Within organizations, the sensitization of employees for the relevance of IT and data can represent effective measures. An external measure can consist of the stipulation of compensation agreements, which do not hinder data abuse, but at least guarantee financial compensation. All reasonable measures ITO companies can take in order to face the risks of supplier lock-in, hidden costs and the loss of control over outsourced IT presented above are summarized below.1 This figure does not include the effects of the measures, but gives an overview over all reasonable, internal and external measures assigned to the respective ITO risks they belong to.
1
cp. fig.14
78
RISK Supplier Lock-in
INTERNAL MEASURES Apply standard IT
EXTERNAL MEASURES Observe the financial situation of IT suppliers
Establish responsible ITO contact (with Take charge of documentation by IT IT as a primary task) suppliers Maintain simplified ITO documentation/manual Establish responsible ITO contact (with IT as a primary task)
Hidden Costs
Conclude short-term ITO contracts
Establish responsible ITO contact (with Call in consultants for ITO contract more than just basic IT knowledge) conclusion (Total Outsourcing) Define innovative ability of IT as an internal task Stipulate compensation agreements
Loss of Control over outsourced IT
Sensitize personnel for the relevance of Regularly call in external partners for IT and data internal IT audits
Regularly check access authorizations Figure 14: ITO Risks: Internal and external measures
After all, it became apparent that all risks under consideration play decisive roles in regard to backsourcing considerations. Certainly, small companies with limited financial resources are in less advantageous situations than companies which are financially strong, but still even small companies should not take the risks entailed by total outsourcing. Instead of taking these risks companies should consider selective outsourcing. That is to say, an adequate amount of IT - at least core tasks such as first level support and reasonable ITO management - should be guaranteed internally. By this means, future backsourcing operations are facilitated considerably. Furthermore, it became apparent that the transition of material assets and the documentation of provided IT do not represent major problems in regard to backsourcing decisions. It seems as if especially companies which source out sensitive data and/or are highly dependent on external IT provision should consider to bring parts of the outsourced IT back in-house. Companies of rather big dimensions are likely to have complex structures with interconnected business processes which lead to a dilemma. On the one hand, projects which require deeper insights into the specific, complex structure of organizations are most likely to be performed better and more cost-efficient when they are confided to internal IT providers. On the other hand, organizational growth seems to result in an increase of the complexity of IT tasks which need to be fulfilled. As a result, this increasing complexity leads to an increasing necessity to work with specialized, external IT suppliers. Since 79
each case of ITO is characterized by different peculiarities, backsourcing decisions can most likely not be made based on the analysis of a few factors, but need to be scrutinized with regard to the peculiarities of the respective organization under consideration. However, the points mentioned above certainly represent an auxiliary starting point for discussions on backsourcing considerations. Without doubt, ITO companies should primarily aim at guaranteeing their capability of acting without being significantly dependent on external IT provision. By this means, companies which conserve their independency are solely responsible for the efficient utilization of IT. As a result, the influence IT has on the organizational success will primarily originate from internal achievements and is not highly dependent on external partners. Therefore, ITO companies should scrutinize whether it is reasonable to bring parts of their outsourced IT back in-house or not.
80
6. THEORETICAL CONTRIBUTION
6.1. ACHIEVEMENT OF AIMS
The aim of this thesis was the revelation of significant information regarding the prevailing perceptions ITO clients have in regard to the ITO risks of supplier lock-in, hidden costs and the loss of control over outsourced IT. Within the theoretical background, the evolution of ITO and some of the most frequent ITO theories were presented. Moreover, in order to appropriately present in which kind of ITO operations the risks under discussion are most likely to appear, a multidimensional approach was chosen to present the various dimensions of ITO. Furthermore, reasons for and risks of ITO were presented according to their strategic, economic, technological or political nature. Thereupon, the risks selected for further examination were presented and discussed according to transaction cost theory or resource-based theory. Additionally, the dimensions of ITO which are characteristic for the risks under discussion were identified. Since the aim of this thesis was the exposure of relevant information on the prevailing perceptions ITO clients have in regard to supplier lock-in, hidden costs and the loss of control over outsourced IT, primary data was collected. This primary data collection aimed at the revelation of significant information. The very information was obtained by conducting telephone interviews with both ITO clients and IT suppliers and by analyzing these interviews in an extensive way. Furthermore, this work aimed at examining reasonable measures to take with regard to the risks under consideration. These measures were presented according to the respective ITO risk they belong to and the effects these measures have were explained. Additionally, the measures were subdivided into internal and external measures, so that an overview of the presented measures was facilitated. Finally, the influence of the risks under consideration on potential backsourcing considerations was examined.
6.2. PROPOSALS FOR FUTURE RESEARCH
In the following, topics which could be of interest for future research will be addressed. During the realization of this thesis, it became apparent that there are several issues which certainly are worth studying in order to deepen or rather widen the topic of ITO and its risks addressed in this work. Further research in this field of interest is expected to reveal information of considerable importance to companies currently involved in or planning to be involved in ITO.
81
First of all, since the conducted study is a qualitative study of exploratory nature, it would certainly be reasonable to conduct an empirical research aiming at the revelation of statistical evidence for the results found within this study. By this means, the value of the results obtained within this study could be increased. During the data analysis it became apparent that the size of a company has an influence on the complexity of internal IT processes. Since this complexity seems to result in an increasing need for external IT provision, it would certainly be interesting to investigate the actual significance of these coherences in regard to ITO risks and backsourcing considerations. As the loss of control over outsourced IT seems to be related to the existing level of trust among ITO partners, this could be another interesting topic for future research. Especially the risk of data abuse represents a risk which is strongly connected with the aspect of trust. Studies regarding this topic would certainly be of great value to companies involved in ITO, because there seems to be no way of entirely excluding the risk of data abuse and thus, the element of trust appears to be of great importance. One more way of deepening this work could consist of studying the same risks, but with other applied ITO theories. Furthermore, the dimensional characteristics defined for this study could be modified.1 For instance, the effect of a limited number of IT suppliers on the risk of hidden costs or the effect of the location of the IT suppliers on the risk of supplier lock-in could be studied. Such studies could reveal interesting information for companies which plan to source out parts of their IT and want to minimize the occurrence of these specific risks within their ITO operations.
1
cp. fig.4, chapter 2.6.
82
REFERENCES
Adler, P.A. & Adler, P. (1987), "Membership Roles in Field Research", Beverly Hills: Sage, as referred to in Flick, U. (2002) Aubert, B.; Rivard, S.; Patry, M. (2004), "A transaction cost model of IT outsourcing", Information & Management, September 2004, Vol. 41, Issue 7, pp. 921-932 Aulich, C. & Hein, J. (2005), "Whole-of-Government Approaches to Outsourcing and Market Testing by the Commonwealth Government", Australian Journal of Public Administration, Sep2005, Vol. 64, Issue 3, pp. 35-45 Bahli, B. & Rivard, S. (2003), "The information technology outsourcing risk: a transaction cost and agency theory-based perspective", Journal of Information Technology, September 2003, Vol. 18, Issue 3, pp. 211-221 Bahli, B. & Rivard, S. (2005), "Validating measures of information technology outsourcing risk factors" OMEGA - The International Journal of Management Science, Vol. 33, Issue 2, April 2005, pp. 175-187 Barney, J. (1991), "Firm Resources and Sustained Competitive Advantage", Journal of Management, 1991, Vol. 17, No. 1, pp. 99-120 Barthélemy, J. (2003), "The seven deadly sins of outsourcing", Academy of Management Executive, May 2003, Vol. 17, No. 2, pp. 87-98 Clark, T.; Zmud, R.; McCray, G. (1998), "The Outsourcing of Information Services: Transforming the Nature of Business in the Information Industry", Published in "Strategic Sourcing of Information Systems: Perspectives and Practices", Editors: L. Willcocks & M. Lacity; Chichester: John Wiley & Sons Ltd, pp. 45-78 Coase, R. (1937), "The Nature of the Firm", Economica, New Series, November 1937, Vol. 4, No. 16, pp. 386-405 Creswell, J. (2003), "Research Dnesign: Qualitative, Quantitative, and Mixed Methods Approaches", 2 d Edition, Thousand Oaks: Sage Publications, Inc. Cullen, S. & Willcocks, L. (2003), "Intelligent IT Outsourcing: Eight Building Blocks to Success", Oxford: Elsevier Butterworth-Heinemann Deutsche Bank Research, Allweyer, T.; Besthorn, T.; Schaaf, J. (2004), "IT-Outsourcing: Zwischen Hungerkur und Nouvelle Cuisine - die gesamtwirtschaftliche Perspektive", economics, April 2004, No. 43, http://www.dbresearch.de/PROD/DBR_INTERNET_DEPROD/PROD0000000000073793.pdf,thFound on http://www.dbresearch.de, (accessed 8 April 2008)
Deutsche Bank Research, Meyer, T. (2006), "Offshoring an neuen Ufern: Nearshoring nach Mittelund Osteuropa", economics, July 2006, No. 58, http://www.dbresearch.de/PROD/DBR_INTERNET_DEPROD/PROD0000000000200245.pdf,thFound on http://www.dbresearch.de, (accessed 8 April 2008) Deutsche Bank Research, Rollwagen, I. (2007), "Präsentation: Zukünftige Qualitätsanforderungen und Bildungslandschaften", Kongress „Offen für morgen"/Kongress „Bildung und Betreuung", Stuttgart, October 2007, http://www.dbresearch.de/PROD/DBR_INTERNET_DEPROD/PROD0000000000217016.pdf,thFound on http://www.dbresearch.de, (accessed 8 April 2008) Dibbern, J.; Goles, T.; Hirschheim, R.; Jayatilaka, B. (2004), "Information Systems Outsourcing: A Survey and Analysis of the Literature", The DATA BASE for Advances in Information Systems, Fall 2004, Vol. 35, No. 4, pp. 6-102 Earl, M. (1996), "The risks of outsourcing IT", Sloan Management Review, Vol. 37, No. 3, pp. 26-32, as referred to in Gottschalk, P. & Solli-Sæther, H. (2006) Flick, U. (2002), "An Introduction to Qualitative Research", 2nd Edition, Thousand Oaks: Sage Publications, Inc. Gottschalk, P. & Solli-Sæther, H. (2006), "Managing Successful IT Outsourcing Relationships", Hershey: IRM Press Grover, V.; Teng, J.; Cheon, M. (1998), "Towards a Theoretically-based Contingency Model of Information Systems Outsourcing", Published in "Strategic Sourcing of Information Systems: Perspectives and Practices", Editors: L. Willcocks & M. Lacity; Chichester: John Wiley & Sons Ltd, pp. 79-101 Hair, J.; Babin, B.; Money, A.; Samouel, P. (2003), "Essentials of Business Research Methods", New York: John Wiley & Sons, Inc. Hirschheim, R. & Lacity, M. (2000), "The Myths and Realities of Information Technology Insourcing", Communication of the ACM, February 2000, Vol. 43, No. 2, pp. 99-107 Jurison, J. (1998), "A Risk-Return Model for Information Technology Outsourcing Decisions", Published in "Strategic Sourcing of Information Systems: Perspectives and Practices", Editors: L. Willcocks & M. Lacity; Chichester: John Wiley & Sons Ltd, pp. 187-204 Kotter, J. (1979), "Managing External Dependence", The Academy of Management Review, 1979, Vol. 4, No. 1, pp. 87-92
II
Lacity, M. C. & Hirschheim, R. (1995), "Beyond the Information Systems Outsourcing Bandwagon - The Insourcing Response", Chichester: John Wiley & Sons Ltd Lacity, M.; Willcocks, L.; Feeny, D. (1997), "The Value of Selective IT Sourcing", Published in "Managing IT as a Strategic Resource", Editors: L. Willcocks, D. Feeny, G. Islei; Maidenhead: McGraw-Hill Publishing Company, pp. 277-305 Lacity, M. & Willcocks, L. (1998), "An empirical investigation of information technology sourcing practices: lessons from experience", MIS Quarterly, September 1998, Vol. 22, Issue 3, pp. 363-408 Lacity, M. & Willcocks, L. (2001), "Global Information Technology Outsourcing: In Search of Business Advantage", Chichester: John Wiley & Sons Ltd Lee, J.; Huynh, M.; Kwok, R.; Pi, S. (2003), "IT Outsourcing Evolution - Past, Present, and Future", Communications of the ACM, May 2003, Volume 46, Issue 5, pp. 84-89 Loh, L. & Venkatraman, N. (1992), "Diffusion of Information Technology Outsourcing: Influence Sources and the Kodak Effect", Information Systems Research, December 1992, Vol. 3, Issue 4, pp. 334-358 McLaughlin, D. & Peppard, J. (2006), "IT Backsourcing: From 'Make or Buy' to 'Bringing it Back In-house'", Proceedings of the 14th European Conference on Information Systems, Gotenberg, Sweden, June, 2006 Sparrow, E. (2003), "Successful IT Outsourcing: From Choosing a Provider to Managing the Project", (Practitioner series), London: Springer-Verlag Tadelis, S. (2007), "The Innovative Organization: Creating Value Trough Outsourcing", California Management Review, Fall 2007, Vol. 50, No. 1, pp. 261-277 Von Jouanne-Diedrich, H. (2004), "15 Jahre Outsourcing- Forschung: Systematisierung und Lessons Learned", Published in "Informationsmanagement: Konzepte und Strategien für die Praxis", Editors: R. Zarnekow, W. Brenner, H. Grohmann; Heidelberg: dpunkt.verlag GmbH, pp. 125-133 Weakland, T. (2005), DiamondCluster International, Inc., "DiamondCluster 2005 Global IT Outsourcing Study", Spring 2005, http://www.diamondconsultants.com/PublicSite/ideas/perspectives/downlo ads/Diamond2005OutsourcingStudy.pdf, Found otn http://www.diamondconsultants.com, (accessed 8 h April 2008) Willcocks, L & Lacity, M. (1998), "The Sourcing and Outsourcing of IS: Shock of the New?", Published in "Strategic Sourcing of Information Systems: Perspectives and Practices", Editors: L. Willcocks & M. Lacity; Chichester: John Wiley & Sons Ltd, pp. 1-41 III
Willcocks, L.; Hindle, J.; Feeny, D.; Lacity, M. (2004), "IT and Business Process Outsourcing: The Knowledge Potential", Information Systems Management, June 2004, Volume 21, Issue 3, pp. 7-15 Williamson, O. (1975), "Markets and Hierarchies: Analysis and Antitrust Implications - A Study in the Economics of Internal Organization", New York: The Free Press Yin, R. (2003), "Case Study Research: Design and Methods", 3rd Edition, Thousand Oaks: Sage Publications, Inc.
INTERNET SOURCES
Chamber of Commerce and Industry, Frankfurt am Main http://www.frankfurt-main.ihk.de/englhish/business/startup/idem/gbr/index.html, (accessed 15t May 2008) Chamber of Commerce and Industry, Frankfurt am Main http://www.frankfurt-main.ihk.de/english/business/startup/idem/gmbh/index.html, (accessed 15th May 2008) Chamber of Commerce and Industry, Frankfurt am Main http://www.frankfurt-main.ihk.de/enghlish/business/startup/idem/kg/index.html, (accessed 15t May 2008) Choong, A. (2004), "Capgemini sells S'pore, M'sia operations to Frontline", ZDNet Asiah, http://www.zdnetasia.com/news/hardware/0,39042972,39199280,00.htm, (accessed 4t April 2008) Electronic Data Systems Corporation http://www.eds.com/about/history, (accessed 3rd April 2008) Gartner, Inc. http://www.gartner.com, (accessed 4th April 2008) Intel Corporation http://www.intel.com/museum/archives/4004.htm, (accessed 3rd April 2008) J.P. Morgan Chase & Co. http://www.jpmorganchase.comh/cm/cs?pagename=Chase/Href&urlname=j pmc/about/history, (accessed 5t April 2008) Lufthansa Systems AG http://www.lhsystemts.com/resource/document/pdf/news/company_profile _en.pdf, (accessed 5 h April 2008) OANDA Corporation http://www.oanda.com/convert/fxaverage, (accessed 14th May 2008) IV
V
APPENDICES
APPENDIX A1: GERMAN CORRESPONDENCE
Sehr geehrte Damen und Herren, mein Name ist Domenico Blyth und ich studiere in meinem letzten Studienjahr im Europäischen Studiengang Wirtschaft der Fachhochschule Aachen. Im Rahmen dieses Studiengangs besuche ich zurzeit die Mid Sweden University in Östersund und schreibe an meiner Master Thesis. Bei dieser können Sie mir hoffentlich ein wenig weiterhelfen. Das Thema meiner Arbeit sind Risikofaktoren, die die Auslagerung interner IT Prozesse an externe Partner, mit sich bringt. Für den empirischen Teil meiner Arbeit benötige ich nun Aussagen von Verantwortlichen zu Erfahrungen und Umgang mit einigen dieser Risikofaktoren. Ich wäre Ihnen sehr dankbar, wenn Sie mich bei der Realisierung meiner Arbeit unterstützen würden. Ich möchte daher erfragen, ob die Möglichkeit bestünde, die für externe IT Beschaffung verantwortliche Person Ihres Unternehmens telefonisch zu interviewen. Dieses Interview würde zu einem von Ihnen frei gewählten Termin zwischen dem 21. und dem 30. April stattfinden. Es würde circa 30 Minuten dauern und weder Fragen zu konkreten Kosten noch zu technischen Einzelheiten beinhalten. Die Fragen sind eher organisatorischer und strategischer Art. Das Unternehmen eines Interviewpartners sollte lediglich folgende Voraussetzunge erfüllen: 1. ein großer Teil - mindestens 20% - der IT Ausgaben des Unternehmens sollten für externe Beschaffung von IT Diensten bestimmt sein und 2. die Beschaffung sollte von unverbundenen Unternehmen erfolgen. In Vorfreude auf eine zeitnahe Antwort danke ich Ihnen im Voraus für Ihre Unterstützung. Mit freundlichen Grüßen, DomenicoBlyth
VI
APPENDIX A2: ENGLISH CORRESPONDENCE
Dear Sir or Madam, my name is Domenico Blyth and I am attending the European Business Programme at Aachen University of Applied Sciences. Within this programme I am currently studying at Mid Sweden University in Östersund. I am now working on my Master Thesis and hope for your assistance regarding this work. The work deals with risk factors which appear in IT outsourcing to external partners. For the empirical part of my work, I need persons in charge of IT outsourcing to make statements on experiences with and management of some risk factors. I would be very grateful, if you would decide to support the realization of my work. Therefore, I would like to ask whether it is possible to conduct a telephone interview with the employee responsible for the external IT procurement of your company. The very interview would be conducted on a date of your choice between the 21st and the 30th of April. It would take about 30 minutes and would neither contain questions on specific costs nor questions on technological details. The questions are of organizational and strategic nature. The company of an interview partner should merely comply with following requirements: 1. a great part - at least 20% - of all IT expenses of the company should be spent for external IT service provision and 2. the IT provision should be carried out by unconnected companies. In anticipation of a quick reply, I thank you in advance for your assistance. Yours sincerely, DomenicoBlyth
VII
VIII
Allgemeine Fragen zur Person und zum Unternehmen: 1. Welche Position nehmen Sie in Ihrem Unternehmen ein? 2. Seit wann sind Sie in diesem Unternehmen beschäftigt? 3. Wie viele Mitarbeiter beschäftigt Ihr Unternehmen? 4. Wie viele Mitarbeiter beschäftigt Ihre interne IT Abteilung? 5. Wie viel Prozent der IT lagert Ihr Unternehmen an externe Dienstleister aus (circa)? 6. Wie viele IT Dienstleister sind regelmäßig in Ihrem Auftrag tätig? Fragen zu „Lock -in", d.h. Risiken entstehend durch ein hohes Maß an Abhängigkeit in Bezug auf einen oder wenige IT Dienstleister: 7. Gibt es für die von Ihnen ausgelagerten Prozesse nur wenige Anbieter am Markt? a) Führt dies dazu bzw. könnte dies dazu führen, dass der IT Dienstleister opportunistisches Verhalten zeigt, da es nur wenige Alternativen zu ihm gibt? 8. Stellt die Tatsache, dass ein IT Dienstleister zu selbstsicher werden und die Qualität der für Sie erbrachten Leistungen dadurch abnimmt, ein Risiko für Sie dar? 9. Stellt die Tatsache, dass Ihr Unternehmen vom finanziellen Bestehen des IT Dienstleisters abhängig ist, ein Risiko für Sie dar? 10. Stellt die Tatsache, dass Ihr IT Dienstleister durch eines Ihrer Konkurrenzunternehmen gekauft werden und Ihre Daten offen legen könnte, ein Risiko für Sie dar? 11. Erschweren bestimmte Investitionen, die ihr IT Dienstleister speziell zur Erfüllung seiner Aufgaben gegenüber Ihrem Unternehmen getätigt hat, die Möglichkeiten eines Anbieterwechsels bzw. die Wiedereingliederung ausgelagerter IT? 12. Wurden in Ihrem Unternehmen in Bezug auf die genannten Risiken Maßnahmen ergriffen? a) Wenn ja, welche? / Wenn nein, warum nicht? b) Welche Maßnahmen wären Ihrer Meinung nach sinnvoll?
IX
Fragen zu „unvorhergesehenen Kosten", d.h. Kosten, die nicht von vornherein geplant waren, sondern erst nach der tatsächlichen Auslagerung der IT hinzugekommen sind: (Im Folgenden sind „Kosten" gleichzusetzen mit „verwaltungstechnischem Aufwand".) 13. Hatte Ihr Unternehmen wenig Erfahrung bzw. Fachwissen in Bezug auf die auszulagernden IT Prozesse einerseits und Outsourcing im Allgemeinen andererseits? 14. Sind folgende zusätzliche Kosten im Lieferanten-Management angefallen? a) Kosten für Überwachung, d.h. um zu garantieren, dass vertraglich festgelegte Leistungen tatsächlich erbracht wurden? b) Kosten für Verhandlungen, wenn Leistungen nicht ordnungsgemäß erbracht wurden? c) Setup Kosten, die unterschätzt wurden? d) Kosten für Neuverhandlungen, da sich ursprünglich geschlossene Verträge als unvollständig herausgestellt haben? 15. Sind Probleme aufgetreten, weil es eine logische bzw. technische Verbundenheit zwischen ausgelagerten und intern verbliebenen Prozessen gibt? a) Führte die notwendige Koordination zusammenhängender Prozesse zu unvorhergesehenen Kosten? 16. Sind andere unvorhergesehene Kosten angefallen? 17. Wurden in Ihrem Unternehmen in Bezug auf die genannten Risiken Maßnahmen ergriffen? a) Wenn ja, welche? / Wenn nein, warum nicht? b) Welche Maßnahmen wären Ihrer Meinung nach sinnvoll? Fragen zu „Kontrollverlust über ausgelagerte IT", d.h. Kontrollverlust überintern generiertes IT Wissen bzw. IT Kenntnisse, Datensicherheit und Vertraulichkeit: 18. Wird IT innerhalb Ihres Unternehmens als wichtiger Bestandteil organisatorischen Wissens wahrgenommen, welcher zu einem Wettbewerbsvorteil führen kann?
X
19. Konzentriert sich Ihr IT Dienstleister nur auf die Erbringung vertraglich vereinbarter Leistungen oder gibt er auch Anregungen bzw. setzt sich für Neuerungen ein, die in Ihrem Unternehmen zu einem Wettbewerbsvorteil führen könnten? 20. Ist durch einen externen Versorger die Innovationsfähigkeit der IT (und daraus möglicherweise entstehende Wettbewerbsvorteile) gesichert? 21. Stellen ausgelagerte IT bzw. Daten ein Sicherheitsrisiko für Ihr Unternehmen dar? a) Wenn ja, welcher Art? / Wenn nein, warum nicht? 22. Stellt die Tatsache, dass Ihr IT Dienstleister Zugriff auf vertrauliche, interne Kunden- bzw. Geschäftsdaten hat, ein Risiko für Sie dar? a) Wenn ja, welcher Art? / Wenn nein, warum nicht? 23. Wurden in Ihrem Unternehmen in Bezug auf die genannten Risiken Maßnahmen ergriffen? a) Wenn ja, welche? / Wenn nein, warum nicht? b) Welche Maßnahmen wären Ihrer Meinung nach sinnvoll? Fragen zur zusammenfassenden Meinung bezüglich oben genannter Risiken und zu Möglichkeiten der Wiedereingliederung ausgelagerter IT: 24. Stellen die Themen, die hier zur Diskussion stehen, im Allgemeinen bedeutende Risiken für Ihr Unternehmen dar? a) Warum? / Warum nicht? 25. Wurden adäquate Konditionen im Falle einer regulären bzw. irregulären Beendigung des Vertragsverhältnisses vereinbart? a) Wurde der Übergang immateriellen und materiellen Anlagevermögens geregelt? 26. Könnten diese oder andere Probleme innerhalb Ihres Unternehmens zu Erwägungen führen, IT Prozesse wieder einzugliedern? a) Warum? / Warum nicht?
Vielen Dank für Ihre Mithilfe.
XI
XII
Allgemeine Fragen zur Person und zum Unternehmen: 1. Welche Position nehmen Sie in Ihrem Unternehmen ein? 2. Seit wann besteht Ihr Unternehmen? 3. Wie viele Mitarbeiter beschäftigt Ihr Unternehmen? 4. Wie viele Mitarbeiter beschäftigen die internen IT Abteilungen Ihrer Kunden (circa)? 5. Wie viel Prozent der IT lagern Ihre Kunden an Ihr Unternehmen aus (circa)? 6. Für wie viele Unternehmen sind Sie regelmäßig als externer IT Dienstleister tätig (circa)? Fragen zu „Lock -in", d.h. Risiken entstehend durch ein hohes Maß an Abhängigkeit in Bezug auf einen oder wenige IT Dienstleister: 7. Gibt es für die an Sie ausgelagerten IT Prozesse nur wenige Anbieter am Markt? a) Könnte eine solche Situation Ihrer Meinung nach dazu führen, dass IT Dienstleister opportunistisches Verhalten zeigen, da es nur wenige Alternativen für den Kunden gibt? 8. Stellt die Tatsache, dass ein IT Dienstleister in einer solchen Situation zu selbstsicher wird und die Qualität der für den Kunden erbrachten Leistungen dadurch abnimmt, aus Kundensicht ein Risiko dar? a) Sollte sie dies Ihrer Meinung nach? 9. Stellt die Tatsache, dass Ihre Kunden vom finanziellen Bestehen des IT Dienstleisters abhängig sind, aus Kundensicht ein Risiko dar? a) Sollte sie dies Ihrer Meinung nach? 10. Stellt die Tatsache, dass Ihr Unternehmen durch ein Konkurrenzunternehmen eines Kunden gekauft werden und Daten dadurch offen gelegt werden könnten, aus Kundensicht ein Risiko dar? a) Sollte sie dies Ihrer Meinung nach? 11. Erschweren bestimmte Investitionen, die Sie als IT Dienstleister speziell zur Erfüllung Ihrer Aufgaben gegenüber einem bestimmten Kunden getätigt haben, die Möglichkeiten des Kunden bezüglich eines Anbieterwechsels bzw. einer Wiedereingliederung ausgelagerter IT?
XIII
12. Haben Ihre Kunden in Bezug auf die genannten Risiken Maßnahmen ergriffen? a) Wenn ja, welche? / Wenn nein, warum nicht? b) Welche Maßnahmen wären Ihrer Meinung nach sinnvoll? Fragen zu „unvorhergesehenen Kosten", d.h. Kosten, die nicht von vornhereingeplant waren, sondern erst nach der tatsächlichen Auslagerung der IT hinzugekommen sind: (Im Folgenden sind „Kosten" gleichzusetzen mit „verwaltungstechnischem Aufwand".) 13. Haben Ihre Kunden wenig Erfahrung bzw. Fachwissen in Bezug auf die ausgelagerten IT Prozesse einerseits und in Bezug auf Outsourcing im Allgemeinen andererseits? 14. Fallen bei Ihren Kunden folgende unvorhergesehenen Kosten an? a) Kosten für Überwachung, d.h. um zu garantieren, dass vertraglich festgelegte Leistungen tatsächlich erbracht werden? b) Kosten für Verhandlungen, wenn Leistungen nicht ordnungsgemäß erbracht werden? c) Setup Kosten, die unterschätzt werden? d) Kosten für Neuverhandlungen, da sich ursprünglich geschlossene Verträge als unvollständig herausstellen? 15. Treten bei Ihren Kunden Probleme auf, weil es eine logische bzw. technische Verbundenheit zwischen ausgelagerten und intern verbliebenen Prozessen gibt? a) Führt die notwendige Koordination zusammenhängender Prozesse zu unvorhergesehenen Kosten? 16. Fallen bei Ihren Kunden andere unvorhergesehene Kosten an? 17. Haben Ihre Kunden in Bezug auf die genannten Risiken Maßnahmen ergriffen? a) Wenn ja, welche? / Wenn nein, warum nicht? b) Welche Maßnahmen wären Ihrer Meinung nach sinnvoll? Fragen zu „Kontrollverlust über ausgelagerte IT", d.h. Kontrollverlust überintern generiertes IT Wissen bzw. IT Kenntnisse, Datensicherheit und Vertraulichkeit:
XIV
18. Wird IT innerhalb der Unternehmen Ihrer Kunden als wichtiger Bestandteil organisatorischen Wissens wahrgenommen, der zu einem Wettbewerbsvorteil führen kann? a) Sollte sie dies Ihrer Meinung nach? 19. Konzentrieren Sie, als IT Dienstleister, sich nur auf die Erbringung vertraglich vereinbarter Leistungen oder geben Sie auch Anregungen bzw. setzen sich für Neuerungen ein, die im Unternehmen eines Kunden zu einem Wettbewerbsvorteil führen könnten? 20. Halten Ihre Kunden die Innovationsfähigkeit der IT eines Unternehmens durch einen externen IT Versorger für gesichert? a) Halten Sie diese für gesichert? 21. Stellen ausgelagerte IT bzw. Daten aus Kundensicht ein Sicherheitsrisiko dar? a) Wenn ja, welcher Art? / Wenn nein, warum nicht? b) Sollten sie dies Ihrer Meinung nach? 22. Stellt die Tatsache, dass Sie als IT Dienstleister Zugriff auf vertrauliche, interne Kunden- bzw. Geschäftsdaten haben, aus Kundensicht ein Risiko dar? a) Wenn ja, welcher Art? / Wenn nein, warum nicht? b) Sollte sie dies Ihrer Meinung nach? 23. Haben Ihre Kunden in Bezug auf die genannten Risiken Maßnahmen ergriffen? a) Wenn ja, welche? / Wenn nein, warum nicht? b) Welche Maßnahmen wären Ihrer Meinung nach sinnvoll? Fragen zur zusammenfassenden Meinung bezüglich oben genannter Risiken und zu Möglichkeiten der Wiedereingliederung ausgelagerter IT: 24. Stellen die Probleme, die hier zur Diskussion stehen, aus Kundensicht im Allgemeinen bedeutende Risiken dar? a) Warum? / Warum nicht? b) Sollten sie dies Ihrer Meinung nach? 25. Vereinbaren Sie mit Ihren Kunden adäquate Konditionen im Falle einer regulären bzw. irregulären Beendigung eines Vertragsverhältnisses? a) Werden Übergänge immateriellen und materiellen Anlagevermögens geregelt? XV
26. Führen die genannten Risiken innerhalb der Unternehmen Ihrer Kunden zu Erwägungen, ausgelagerte IT wieder einzugliedern? a) Warum? / Warum nicht? b) Sollten sie dies Ihrer Meinung nach?
Vielen Dank für Ihre Mithilfe.
XVI
XVII
General questions regarding the interviewee and the company: 1. Which position do you hold within the company? 2. How long have you been working fort his company? 3. How many employees work for your company? 4. How many employees work for your internal IT department? 5. How many percent of your company's IT is being sourced out to external suppliers? 6. How many IT suppliers are regularly engaged on behalf of your company? Questions regarding "Lock-in", i.e. Risks emerging from a high level of dependency in regard to one or few IT suppliers: 7. Are there only few IT suppliers at the market who can provide the kind of IT processes you source out? a) Does this or rather could this lead to a situation in which an IT supplier shows opportunistic behaviour, because there are only few alternatives to him? 8. Does the fact that an IT supplier could become too self-confident and that, as a result, the quality of provided services could decrease, represent a risk to you? 9. Does the fact that your firm is dependent on the IT supplier's existence pose a risk to you? 10. Does the fact that your IT supplier could be bought by a business rival of yours and hence, reveal your data to the latter, pose a risk to you? 11. Do your IT supplier's investments in assets which are of particular interest for the completion of his tasks regarding your company, exacerbate the potentialities of changing the supplier or bringing outsourced IT back in-house? 12. Have any measures been taken within you company regarding above mentioned risks? a) If yes, which? / If not, why not? b) Which measures would be reasonable from your point of view?
XVIII
Questions regarding "hidden costs", i.e. costs which were not planned right from the start, but supervened after IT has actually been sourced out: (In the following, the term "costs" is synonymous with "administrative effort".) 13. Did your company have little experience and expertise in regard to the IT processes to be outsourced, on the one hand, and outsourcing itself, on the other hand? 14. Did following additional costs appear in vendor management? a) Costs for monitoring, i.e. in order to guarantee that the vendor's performance meets the predefined service levels? b) Costs for negotiations, i.e. problem solving in case of breach of stabilized service levels? c) Costs for setup, which were underestimated? d) Costs for renegotiations, in the case of agreements originally entered into turn out to be incomplete? 15. Did problems appear, because there is a logical or rather technological connectedness among processes that were outsourced and processes that were kept in-house? a) Did the necessary coordination of interconnected processes lead to unanticipated costs? 16. Did other unanticipated costs occur? 17. Have any measures been taken within you company regarding above mentioned risks? a) If yes, which? / If not, why not? b) Which measures would be reasonable from your point of view? Questions regarding "loss of control over outsourced IT", i.e. loss of control over internally generated IT knowledge, data security and confidentiality: 18. Does your company apprehend IT as an important part of organizational knowledge which could lead to a competitive advantage? 19. Does your IT supplier only concentrate on providing your company with requested services or does he also give helpful suggestions for the creation of new IT knowledge which could lead to a competitive advantage? XIX
20. Is the innovative ability regarding IT assured through an external IT supplier? 21. Does outsourced IT or data represent a security risk for your company? a) If yes, why? / If not, why not? 22. Does the fact that your external IT supplier has access to confidential, internal customer and business data pose a risk to you? a) If yes, why? / If not, why not? 23. Have any measures been taken within you company regarding above mentioned risks? a) If yes, which? / If not, why not? b) Which measures would be reasonable from your point of view? Recapitulating questions and backsourcing potentials of outsourced IT: 24. Do the topics under discussion represent considerable risks for your company, in general? a) Why? / Why not? 25. Have adequate terms been stipulated in case of regular or irregular contract termination? a) Has the transition of immaterial and material assets been stipulated? 26. Could the risks under consideration lead to your company's considerations of bringing outsourced IT back in-house? a) Why? / Why not?
Thank you very much for your assistance.
XX
XXI
General questions regarding the interviewee and the company: 1. Which position do you hold within the company? 2. How long have you been working fort his company? 3. How many employees work for your company? 4. How many employees work for your internal IT department? 5. How many percent of your company's IT is being sourced out to external suppliers? 6. How many IT suppliers are regularly engaged on behalf of your company? Questions regarding "Lock-in", i.e. Risks emerging from a high level of dependency in regard to one or few IT suppliers: 7. Are there only few IT suppliers at the market who can provide the kind of IT processes companies source out to your company? a) Does this or rather could this lead to a situation in which an IT supplier shows opportunistic behaviour, because there are only few alternatives to him? 8. Does the fact that an IT supplier could become too self-confident and that this could lead to a decreasing quality of provided services represent a risk to ITO clients? a) Do you think that it should? 9. Does the fact that your clients are dependent on their IT supplier's existence pose a risk to them? a) Do you think that it should? 10. Does the fact that your company could be bought by business rivals of your clients and hence, reveal data to the latter, pose a risk to your clients? a) Do you think that it should? 11. Do your investments in assets which are of particular interest for the completion of tasks regarding specific clients, exacerbate the clients' potentialities of changing the supplier or bringing outsourced IT back in-house? 12. Have any measures been taken within you company regarding above mentioned risks? a) If yes, which? / If not, why not? b) Which measures would be reasonable from your point of view? XXII
Questions regarding "hidden costs", i.e. costs which were not planned right from the start, but supervened after IT has actually been sourced out: (In the following, the term "costs" is synonymous with "administrative effort".) 13. Do your clients have little experience and expertise in regard to the IT processes to be outsourced, on the one hand, and outsourcing itself, on the other hand? 14. Did following additional costs appear on the part of your clients? a) Costs for monitoring, i.e. in order to guarantee that the vendor's performance meets the predefined service levels? b) Costs for negotiations, i.e. problem solving in case of breach of stabilized service levels? c) Costs for setup, which were underestimated? d) Costs for renegotiations, in the case of agreements originally entered into turn out to be incomplete? 15. Do problems appear on the part of your clients, because there is a logical or rather technological connectedness among processes that were outsourced and processes that were kept in-house? a) Does the necessary coordination of interconnected processes lead to unanticipated costs? 16. Do other unanticipated costs occur? 17. Have any measures been taken within you company regarding above mentioned risks? a) If yes, which? / If not, why not? b) Which measures would be reasonable from your point of view? Questions regarding "loss of control over outsourced IT", i.e. loss of control over internally generated IT knowledge, data security and confidentiality: 18. Do your clients apprehend IT as an important part of organizational knowledge which could lead to a competitive advantage? a) Do you think that they should?
XXIII
19. Do you, as an IT supplier, only concentrate on providing stipulated services or do you also give helpful suggestions for the creation of new IT knowledge which could lead to a competitive advantage for your clients? 20. Do your clients perceive the innovative ability of IT as being assured through an external IT supplier? a) Do you think that it is? 21. Do your clients perceive outsourced IT or data as being a security risk? a) If yes, why? / If not, why not? b) Do you think that they should? 22. Does the fact that you, as an external IT supplier, have access to confidential, internal customer and business data pose a risk to your clients? a) If yes, why? / If not, why not? b) Do you think that it should? 23. Do your clients take any measures regarding above mentioned risks? a) If yes, which? / If not, why not? b) Which measures would be reasonable from your point of view? Recapitulating questions and backsourcing potentials of outsourced IT: 24. Do the topics under discussion represent considerable risks for ITO clients, in general? a) Why? / Why not? b) Do you think that they should? 25. Do you stipulate adequate terms in case of regular or irregular contract termination? a) Do you stipulate the transition of immaterial and material assets? 26. Could the risks under consideration lead to your clients' considerations of bringing outsourced IT back in-house? a) Why? / Why not? b) Do you think that they should?
Thank you very much for your assistance.
XXIV
doc_803376351.docx