The global risk factor
BY MALCOLM WHEATLEY PHOTO BY DOMINIC SANSONI
Thushara Wijewardena, PMP, Exilesoft, Colombo, Sri Lanka
IN December 2008, three of the four undersea telecommunications cables running between Italy and Egypt were cut. The damage—thought to be caused by a ship dragging its anchor— occurred about 140 kilometers (87 miles) off the coast of the isle of Sicily, but the effects were felt thousands of kilometers away. At a stroke, 65 percent of the telecom traffic to India suffered disruption, and services to Singapore, Malaysia, Saudi Arabia, Egypt, Taiwan and Pakistan were also severely affected.
While engineers scrambled to redirect voice and data traffic over emergency routes, companies across much of Asia struggled to make telephone calls and access the Internet. At one point, up to 60 percent of India's 50 million Internet users were affected—and even the country's banks and stock exchange experienced problems.
For project managers striving to stretch budgets and shrink schedules by outsourcing parts of projects to overseas partners, such disruption has added one more hazard to an already lengthy list. Yet undeniably, overseas outsourcing has become big business. India, for example, is home to a US$11 billion outsourcing industry that includes giants such as Wipro and Tata Consultancy Services, each employing tens of thousands of people. And multisourcing takes the process one step further, divvying up several parts of a project simultaneously, with each chunk allocated to a different vendor.
The appeal is obvious. Handing work over to skilled partners in lower-cost economies helps project dollars go further and can slice time off the schedule.
Less obvious are the risks to those projects.
These are not just the conventional risks such as poor quality control or project governance. Project managers farming out work to subcontractors have grown accustomed to factoring those risks in. But they're on much less familiar ground when it comes to figuring out the less conventional risks to a project—from political and economic turbulence to terrorism and massive infrastructure outages. The December 2008 telecom outage, for instance, was the second time in just a year that the cable in question had been damaged, interrupting the flow of voice and data traffic. For projects dependent on outsourcing partners’ constant, reliable access to Internet and voice communications, the dangers are obvious.
Take the time to carefully consider what should be outsourced—and what shouldn't be—and what risks are attached to outsourcing it.
—Stan Lepeak, EquaTerra, Houston, Texas, USA
Companies are keeping their options open when it comes to choosing where to send their project work. India has long dominated the offshore market—but that may be changing as other outsourcing players around the globe angle for a piece of the action.
Part of it comes down to simple economics. In the quest to control costs, companies are making cuts in just about every area, and outsourcing is no exception.
But India has also been forced to contend with some other issues, including rising salaries, the terrorist attacks in Mumbai and the high-profile implosion of outsourcing giant Satyam in the wake of accounting fraud allegations.
A whopping 61 percent of 221 IT decision-makers surveyed said they have concerns about or wouldn't work with Indian services companies, according to an InformationWeek study done after the Satyam scandal broke.
And more than half (56 percent) of respondents said they believed less in Indian outsourcers’ value proposition than they did two years ago. The biggest shortcoming? Fifty-five percent of respondents reported their Indian service providers fell short of expectations in delivering projects quickly.
Research firm IDC reduced its forecast for IT spending growth in Asia/Pacific (excluding Japan), with the overall uptick now expected to be only 1.4 percent, down from the earlier estimate of four percent. Specifically, IT spending in China is expected to increase 6.5 percent, down from 9.1 percent, while India's boost has been cut to 5.7 percent from 10 percent.
Spending shortages aside, India is also still confronting the fallout from the terrorist strikes of last November.
“While the attacks in Mumbai did not target the outsourcing industry, we know that companies that have captive operations or outsourcing providers in India took note of the potential for disruption to their operations,” Arno Franz, partner and Asia-Pacific president at TPI told ZD Net Asia. Yet no other country “presents a serious threat as a key outsourcing destination,” he said.
“China is still very much an emerging destination, while it is debatable whether any other single country has the breadth and depth of skills, experience and infrastructure to seriously challenge India's position,” Mr. Franz explained.
While the attacks in Mumbai did not target the outsourcing industry, we know that companies that have captive operations or outsourcing providers in India took note of the potential for disruption to their operations.
—Arno Franz at TPI to ZD Net Asia
That doesn't mean other nations won't try. This year's Gartner's 30 Leading Locations for Offshore Services found that India and China still lead the pack, but there were credible alternatives around the globe.
“Countries such as Mexico, Poland and Vietnam have continued to strengthen their position against leading alternatives, while others have forced their way into the top 30,” says Ian Marriott, research vice president at Gartner. “These countries will be seeking to take advantage of the opportunity created by the increased focus that many organizations now have on cost optimization, as a result of the current economic crisis.”
The four countries that left the list this year were Northern Ireland, Sri Lanka, Turkey and Uruguay. The new entrants were Egypt, Morocco, Panama and Thailand. Strong interest in nearshore locations was a key factor, with language skills, cultural compatibility, time zone and travel time cited as key considerations. French companies, for instance, are increasingly outsourcing to Morocco, where they have access to a French-speaking workforce, and many U.S. firms are moving work to Latin America, where time-zone challenges can be reduced.
Companies can—and do—bring work back home, of course. In the wake of recurring delays to its 787 Dreamliner passenger jet, U.S.-based Boeing is looking to wrangle back work previously shipped around the world to companies in Britain, France, Germany, South Korea, Japan, Sweden and Italy, just to name a few.
“We will probably do more of the design and even some of the major production for the next new airplanes ourselves as opposed to having it all out with the partners,” Michael Denton, Boeing vice president of engineering, told The Associated Press in October 2008.
And IBM announced its two latest global service delivery centers aren't in Bangalore or Mumbai. Big Blue picked two spots on their home turf: East Lansing, Michigan and Dubuque, Iowa.
In another twist, Indian companies are now setting up in the United States. Wipro Technologies launched service delivery centers in Georgia and Michigan. And Infosys Technologies and Tata Consultancy Services have invested millions to open up shop in the United States.
Best practice is to get the rules and prices [for disruption] into the original contract, well in advance of any emergency happening.
—Chris Tiernan, Grosvenor Consultancy Services, Twickenham, Middlesex, England
As project sourcing increasingly stretches across national boundaries, legal systems, cultures and suppliers, project managers need new ways to mitigate all those risks.
Before companies start sending off work, they need to do their homework to select the right country for the job at hand— and then have a backup option, too.
“If I'm dealing with mission-critical systems or aspects of a project, I'm going to want my main supplier to be in a cost-efficient jurisdiction where performance standards are high,” says John Enstone, a London, Englandbased partner at international law firm Faegre & Benson. “I'd then want my fallback position to be in a jurisdiction that was completely different, and not subject to any of the same political, cultural or technical risks as the first jurisdiction.”
And, what's more, project managers shouldn't just automatically outsource. Some work is best left in-house, adds Stan Lepeak, managing director of global research at advisory firm EquaTerra, Houston, Texas, USA. “Take the time to carefully consider what should be outsourced—and what shouldn't be—and what risks are attached to outsourcing it,” he says.
Take the dangers associated with data and intellectual property protection, for instance. This might not be a concern when outsourcing projects to economies with well-established legal systems modeled on Western lines, explains Mr. Lepeak. But it can become more problematic in the context of countries such as China, where the law affords far less protection of intellectual property.
At a tactical level, policies such as requiring background checks of an outsourcing partner's employees can help to minimize the risk. But at a strategic level, he adds, a smarter move might be to allocate work involving particularly sensitive data to specific countries or partners with an established record of handling such information securely.
”[Outsourcing wisely] takes time, and it takes effort, and not an inconsiderable amount of either,” warns Mr. Lepeak. “It also adds cost, and detracts what is seen as the simplicity of the outsourcing model, thus diminishing its value. But as outsourcing becomes more prevalent, getting the basic steps right is essential.”
At product design company TheAlloy, for instance, risks to intellectual property are the main security consideration when tendering projects to multiple parties, says Gus Desbarats, chairman of the Farnham, Surrey, England-based organization.
When soliciting quotations from Asian manufacturers, “we are very careful to create multiparty tender packs in ways that limit the information we provide to the minimum that's needed for costing,” he says. “Only a short list of trusted suppliers see the full design.”
THE GREAT UNKNOWN
When terrorists attacked Mumbai, India, it was major headline news. But such events are relatively low on the risk scale for most companies parceling out project work.
“Although the potential for deep civil unrest arising from the current economic downturn is not to be underestimated, terrorism targets are often Western tourists rather than industrial infrastructure,” Mr. Desbarats explains. “The main disruptions tend to be natural, such as the SARS epidemic and typhoons.”
Getting through the chaos requires a solid fallback plan. “Even during the SARS epidemic, things kept moving, but there was less face-to-face contact and more audio conferencing,” he says.
When developing contingency plans, the first line of defense lies with the outsourcing partners themselves. Take Exilesoft. The Colombo, Sri Lanka-based software development company mandates all key software developers have Internet access at home—just in case.
“If there's a national emergency or a curfew, people can continue to work at home,” says Thushara Wijewardena, PMP, project director at Exilesoft.
Likewise, investment in robust communications is prudent. At the time of the December 2008 Mediterranean undersea cable outage, Exilesoft, like many businesses on the Indian subcontinent, was affected.
“For a time, performance slowed down, and until we established alternative communications, some online tools became difficult to use,” she says. “But it wasn't a showstopper—there are nearly always workarounds.”
Some companies also seek out larger outsourcing partners that offer multiple offices, often spread across widely dispersed geographies. Should one country be affected by trouble, the option exists for work to be moved to another.
Although Tata Consultancy Services is based in India, for example, 40 percent of its work takes place outside the subcontinent, says Abid Ali, Tata's Dallas, Texas, USA-based North American vice president of global delivery and services. The company has “a significant presence” in a number of other low-cost economies—including China, Brazil, Chile and Hungary—as well as a recently established center in Morocco.
We try hard to deal with known parties. There are too many examples of companies setting up as software contractors and then vanishing.
—Thushara Wijewardena, PMP
The customer can't contract out of its responsibilities. Outsourcing involves both parties having different but interrelated obligations and responsibilities.
—David Skinner, Morrison & Foerster, London, England
“It changes the game,” he explains. “You're no longer looking at supplier risk, but at country risk. The supplier straddles national boundaries.”
Having the ability to move work around doesn't necessarily ensure the transition will be seamless, though. So it's best to negotiate the specifics of fallback arrangements well in advance, says Chris Tiernan, managing partner of Grosvenor Consultancy Services, Twickenham, Middlesex, England.
One recent contract he consulted on, for example, stipulated that in the event of disruption, the Bangalore, Indiabased supplier would either move work to another Indian location or temporarily relocate its developers to the United Kingdom, where its customer was based.
“Best practice is to get the rules and prices for this into the original contract, well in advance of any emergency happening,” Mr. Tiernan stresses. “That way, you can't be [held responsible] if disruption occurs and there's a need to invoke the relocation clause.”
SEE FOR YOURSELF
Project managers can't rely too heavily on contracts as a form of risk mitigation. The traditional approach of writing tough contracts full of service-level agreements and warranties—and then suing in the event of a breach—has given way to a new reality. Managing the relationship and the contract is more effective in rectifying poor performance or missed business objectives, says David Skinner, a London-based partner in the outsourcing practice at international law firm Morrison & Foerster.
“The customer can't contract out of its responsibilities. Outsourcing involves both parties having different but interrelated obligations and responsibilities,” he says. “From a purely legal perspective you can try to push everything down to the supplier, but in reality it's meaningless. The simple fact is that you don't want things to go wrong in the first place.”
Indeed, he adds, many multisourced projects would benefit hugely if businesses followed two simple precepts. “First, visit your suppliers. The convention is for suppliers to visit you—but do it the other way round. That way, you see them on their home turf. Second, create incentives for suppliers to be required to cooperate with each other in the interests of the overall project—and not have suppliers acting out of narrow self-interest.”
Ms. Wijewardena agrees.
“We strongly urge customers to visit us—even just once—before a project starts,” she says. One recent customer visit, she adds, was particularly useful in dispelling misleading impressions about the caliber and educational background of Exilesoft's developers, and the sophistication of Sri Lanka's communications infrastructure.
“Now, they very clearly understand who we are, what we do and how we can help them,” Ms. Wijewardena says.
Likewise, she takes the same approach when she goes to subcontractors in Singapore, India or Sri Lanka.
“We try hard to deal with known parties—companies that we've worked with before,” she says. “There are too many examples of companies setting up as software contractors and then vanishing.”
As a matter of policy, Ms. Wijewardena adds, when Exilesoft is subject to penalty clause provisions in customers’ contracts, those same provisions are applied to subcontractors’ contracts.
“If we pay a penalty for being late, the same penalty is payable by the subcontractor if they are late.”
Cable snap or not, the work must go on. PM
PM NETWORK APRIL 2009 WWW.PMI.ORG