Outsourcing IT (Rupert Kendrick et al.)
Problem
Outsourcing fails when governance begins after important decisions are made.
Action
Create a governance approach before selecting an outsourcing model or supplier.
Outcome
Early governance keeps decisions controlled and aligned with business needs.
Chapter: A governance overview - Introduction
Problem
Unclear authority causes delays and conflicting decisions.
Action
State who makes each decision and who must provide input.
Outcome
Clear decision rights improve accountability and speed.
Chapter: A governance overview - Governance
Problem
Outsourcing decisions can create risks that remain hidden until services fail.
Action
Assess risk whenever the organization selects, changes, or reviews an outsourced service.
Outcome
Regular risk review reduces unexpected failures.
Chapter: A governance overview - Risk
Problem
Governance weakens when no group assumes oversight.
Action
Create governance bodies with defined authority and responsibilities.
Outcome
Accountable bodies provide consistent oversight.
Chapter: A governance overview - Governance structures
Problem
Contract terms alone do not create effective cooperation.
Action
Hold regular meetings that address performance, concerns, and future needs.
Outcome
Active relationship management improves cooperation and service quality.
Chapter: A governance overview - Managing the supplier relationship
Problem
Cloud services create confusion about which party controls each risk.
Action
Document the responsibilities of the customer and cloud provider.
Outcome
Clear responsibility reduces control gaps in cloud services.
Chapter: A governance overview - Cloud computing
Problem
Operational issues become serious when teams do not know where to escalate them.
Action
Define governance levels and escalation paths for unresolved issues.
Outcome
Clear escalation paths help resolve problems before they spread.
Chapter: A governance overview - Governance structures
Problem
Separate governance activities can leave gaps between contracts, risks, and relationships.
Action
Review all governance activities together at planned intervals.
Outcome
A coordinated review keeps outsourcing under effective control.
Chapter: A governance overview - Conclusion
Problem
Organizations make poor sourcing decisions when they view IT only as a cost.
Action
Identify how each IT service supports important business work.
Outcome
Business value guides better IT investment and sourcing decisions.
Chapter: The in-house IT challenge - The importance of IT
Problem
Leaders cannot manage IT well when its functions are unclear.
Action
List each IT function with its purpose, owner, users, and dependencies.
Outcome
A complete map makes responsibilities and service gaps visible.
Chapter: The in-house IT challenge - IT functions
Problem
Some IT functions are unsuitable for outsourcing because they contain critical knowledge or control.
Action
Assess each function for value, risk, cost, capability, and dependency.
Outcome
Function analysis reveals what to retain and what to outsource.
Chapter: The in-house IT challenge - Function analysis
Problem
Performance problems cannot be fixed when results are based on opinion.
Action
Measure service quality, cost, capacity, and user satisfaction.
Outcome
Reliable measures show where performance must improve.
Chapter: The in-house IT challenge - Performance challenges
Problem
Organizations cannot judge the benefits of outsourcing without knowing the current performance.
Action
Record internal costs and service results before seeking suppliers.
Outcome
A clear baseline supports fair comparisons and realistic targets.
Chapter: The in-house IT challenge - Conclusion
Problem
Different meanings of outsourcing create confusion about scope and responsibility.
Action
State which services, resources, responsibilities, and controls will move to a supplier.
Outcome
A precise definition gives all parties the same understanding.
Chapter: Outsourcing considerations - Definition
Problem
Popular outsourcing trends may not fit the organization.
Action
Compare each market trend with the organization's needs, risks, and capabilities.
Outcome
Relevant evidence replaces decisions based on fashion.
Chapter: Outsourcing considerations - Outsourcing trends
Problem
A decision may appear attractive when later costs and obligations are ignored.
Action
Consider selection, transition, operation, change, renewal, and exit before committing.
Outcome
Life cycle analysis reveals the true demands of outsourcing.
Chapter: Outsourcing considerations - General considerations
Problem
An outsourced service may depend on systems and skills that remain internal.
Action
Map technical, data, security, and support dependencies before defining the service.
Outcome
Visible dependencies reduce service gaps and integration failures.
Chapter: Outsourcing considerations - IT considerations
Problem
Broad objectives make success difficult to judge.
Action
Define specific targets for cost, quality, capability, risk, and flexibility.
Outcome
Measurable objectives support clear evaluation and control.
Chapter: Outsourcing considerations - Objectives
Problem
Outsourcing plans fail when affected groups are ignored.
Action
Identify stakeholders and involve them before major decisions are approved.
Outcome
Early involvement improves requirements and support for change.
Chapter: Outsourcing considerations - Stakeholders
Problem
Claimed outsourcing benefits may depend on assumptions that are not true.
Action
Require evidence for every expected benefit before using it in the decision.
Outcome
Tested benefits produce a more realistic business case.
Chapter: Reaching the decision - Advantages
Problem
Outsourcing can reduce control and create dependence on a supplier.
Action
Identify each disadvantage and define a practical control for it.
Outcome
Planned controls reduce the harmful effects of outsourcing.
Chapter: Reaching the decision - Disadvantages
Problem
Offshore services add distance, legal, cultural, and time differences.
Action
Evaluate location risks before choosing an offshore supplier.
Outcome
Location analysis prevents avoidable service and communication problems.
Chapter: Reaching the decision - Offshore outsourcing
Problem
A sourcing decision becomes unreliable when benefits receive more attention than risks.
Action
Compare objectives, costs, benefits, risks, and alternatives before approval.
Outcome
Balanced evidence supports a defensible outsourcing decision.
Chapter: Reaching the decision - Conclusion
Problem
Separate outsourcing decisions can create an expensive and fragmented service environment.
Action
Define how sourcing choices will support the wider IT strategy.
Outcome
A deliberate strategy keeps sourcing decisions consistent.
Chapter: Models of IT outsourcing - IT outsourcing strategies
Problem
No outsourcing model fits every service or organization.
Action
Compare models by control, flexibility, risk, cost, and management effort.
Outcome
The selected model better matches the service need.
Chapter: Models of IT outsourcing - Outsourcing models
Problem
Poorly grouped functions create difficult interfaces and unclear ownership.
Action
Group functions according to their dependencies and service outcomes.
Outcome
Logical service groups simplify ownership and coordination.
Chapter: Models of IT outsourcing - Outsourced IT functions
Problem
Outsourcing an unstable or poorly understood function increases the risk of failure.
Action
Choose functions with clear scope, stable processes, and measurable results.
Outcome
Suitable starting points make early outsourcing easier to control.
Chapter: Models of IT outsourcing - Examples of outsourced IT functions
Problem
Future leaders may not understand why a particular outsourcing model was chosen.
Action
Record the assumptions and reasons behind the selected model.
Outcome
Documented reasoning supports later reviews and changes.
Chapter: Models of IT outsourcing - Conclusion
Problem
Supplier selection loses direction when strategic goals remain broad.
Action
Convert each strategic goal into a measurable selection objective.
Outcome
Clear objectives keep the selection process focused.
Chapter: Pre-contract procedures - Strategy objectives
Problem
An inconsistent process can favor the wrong supplier.
Action
Set evaluation criteria, weights, roles, and approval steps before receiving bids.
Outcome
A structured process improves fairness and supplier fit.
Chapter: Pre-contract procedures - Selection strategy
Problem
Proposals may hide weaknesses in finances, capability, security, or delivery.
Action
Check supplier evidence, references, controls, resources, and financial health.
Outcome
Due diligence reduces the risk of selecting an unsuitable supplier.
Chapter: Pre-contract procedures - Due diligence
Problem
Unstructured negotiations create inconsistent promises and unclear obligations.
Action
Use documented requirements and authorized negotiators throughout the tender process.
Outcome
Controlled negotiations produce clearer and more comparable offers.
Chapter: Pre-contract procedures - Tendering and negotiations
Problem
Informal promises provide weak protection when expectations differ.
Action
Record each party's obligations, rights, controls, and remedies in the contract.
Outcome
Written obligations reduce uncertainty and support enforcement.
Chapter: The contract - Reasons for a contract
Problem
Missing or conflicting clauses can lead to disputes during service delivery.
Action
Organize the contract around scope, performance, price, risk, change, and exit.
Outcome
A complete structure makes the agreement easier to manage.
Chapter: The contract - Contract construction
Problem
Services fail when suppliers blame one another for problems between contracts.
Action
Define shared responsibilities and coordination rules across all suppliers.
Outcome
Coordinated contracts reduce gaps between services.
Chapter: The contract - Multiple-outsourcing
Problem
A strong contract can still fail without clear ownership and active management.
Action
Assign capable owners to manage performance, relationships, risks, and decisions.
Outcome
Active ownership turns contract terms into reliable results.
Chapter: The contract - Key success factors
Problem
Standard contracts may not cover cloud data, availability, location, or portability.
Action
Include clear cloud terms for data control, security, resilience, and exit.
Outcome
Cloud-specific terms protect service continuity and customer control.
Chapter: The contract - Cloud computing contracts
Problem
Vague service promises cannot be monitored or enforced.
Action
Define service targets with measures, thresholds, periods, and data sources.
Outcome
Measurable service levels make performance visible.
Chapter: The service level agreement - Service levels
Problem
An unclear SLA leaves services and responsibilities outside effective control.
Action
State which services, users, locations, hours, and exclusions the SLA covers.
Outcome
Clear scope prevents disputes about coverage.
Chapter: The service level agreement - Scope
Problem
Complex charges can hide the true cost of outsourced services.
Action
Link each charge to defined services, volumes, adjustments, and payment rules.
Outcome
Transparent pricing improves cost control and forecasting.
Chapter: The service level agreement - Pricing
Problem
Too many isolated measures can distract attention from important service results.
Action
Organize measures around business outcomes with clear reporting and remedies.
Outcome
A balanced framework focuses oversight on meaningful performance.
Chapter: The service level agreement - SLA framework
Problem
Cloud performance can vary across regions, components, and provider dependencies.
Action
Set cloud measures for availability, recovery, security response, and data access.
Outcome
Relevant cloud measures improve visibility and accountability.
Chapter: The service level agreement - Cloud computing SLAs
Problem
Contract obligations are missed when nobody manages them continuously.
Action
Give one accountable owner authority to monitor and enforce the contract.
Outcome
Consistent ownership keeps obligations under control.
Chapter: Managing the contract, the SLA and the transition - Managing the contract
Problem
Individual reports can hide repeated or worsening service problems.
Action
Review SLA trends and corrective actions at planned intervals.
Outcome
Regular review exposes problems before they become serious.
Chapter: Managing the contract, the SLA and the transition - Managing the SLA
Problem
A punitive use of service measures can damage the working relationship.
Action
Discuss SLA results as shared evidence for service improvement.
Outcome
Constructive review improves trust and performance.
Chapter: Managing the contract, the SLA and the transition - SLA relationships
Problem
Service transfer can fail when knowledge, people, data, and systems move without coordination.
Action
Create a transition plan with owners, milestones, tests, and acceptance criteria.
Outcome
Detailed planning reduces disruption during service transfer.
Chapter: Managing the contract, the SLA and the transition - Transition
Problem
Business, technology, law, and demand can make original contract terms unsuitable.
Action
Define events that require formal contract review.
Outcome
Known triggers help the contract remain relevant.
Chapter: Contract change control - Reasons for change
Problem
Different changes need different levels of analysis and approval.
Action
Classify each change by size, urgency, risk, and cost.
Outcome
Classification directs each change through suitable controls.
Chapter: Contract change control - Types of change
Problem
A local contract change can have broader cost, service, security, or legal implications.
Action
Assess the full impact of a proposed change before approval.
Outcome
Impact assessment prevents harmful unintended effects.
Chapter: Contract change control - Considerations
Problem
Unrecorded changes create confusion about current obligations.
Action
Record each request, assessment, approval, version, and implementation date.
Outcome
A complete record preserves contract accuracy and accountability.
Chapter: Contract change control - Administration
Problem
Late renewal decisions weaken negotiation power and exit readiness.
Action
Monitor notice dates, renewal points, milestones, and final expiry.
Outcome
Early awareness creates time for a controlled decision.
Chapter: Contract exit - The contract term
Problem
Waiting until contract expiry can leave renewal as the only practical choice.
Action
Compare renewal, replacement, transfer, and internal delivery before notice dates.
Outcome
Early comparison preserves choice and negotiating power.
Chapter: Contract exit - Exit options
Problem
An untested exit plan may fail when the supplier relationship ends.
Action
Keep exit tasks, responsibilities, costs, data requirements, and timelines up to date.
Outcome
A current plan supports an orderly service transfer.
Chapter: Contract exit - Managing the exit strategy
Problem
Uncontrolled disputes consume time and damage service relationships.
Action
Use documented evidence and the agreed escalation process.
Outcome
Structured resolution limits disruption and legal cost.
Chapter: Contract exit - Disputes
Problem
Returning services internally requires capabilities that may no longer exist.
Action
Assess the people, knowledge, systems, facilities, and time needed for back-sourcing.
Outcome
Preparation makes internal service restoration more realistic.
Chapter: Contract exit - Back-sourcing
Problem
Poor corporate governance allows important decisions to escape proper oversight.
Action
Define how leaders direct, control, and answer for organizational decisions.
Outcome
Visible accountability strengthens responsible decision-making.
Chapter: Corporate governance - Definition
Problem
Separate controls can produce inconsistent oversight across the organization.
Action
Use a recognized framework that fits legal duties and organizational needs.
Outcome
A common framework creates consistent governance.
Chapter: Corporate governance - Corporate governance frameworks
Problem
IT decisions become inconsistent when authority and accountability are unclear.
Action
Specify who directs, approves, monitors, and reports important IT decisions.
Outcome
Defined authority aligns IT choices with business priorities.
Chapter: IT governance - Definition
Problem
IT governance cannot improve when success lacks a clear definition.
Action
Set criteria for alignment, value, risk, resources, performance, and accountability.
Outcome
Clear criteria make governance performance measurable.
Chapter: IT governance - Criteria
Problem
A framework can create unnecessary work when copied without adjustment.
Action
Adapt governance practices to the organization's size, risk, and operating model.
Outcome
A tailored framework provides useful control without excess effort.
Chapter: IT governance - Governance frameworks
Problem
Governance meetings fail when decision makers lack reliable information.
Action
Use dashboards, registers, responsibility maps, and decision records.
Outcome
Practical tools improve visibility and follow-through.
Chapter: IT governance - Governance framework tools
Problem
Governance goals remain abstract when service processes do not apply them.
Action
Link governance decisions to service management roles, measures, and controls.
Outcome
The connection turns direction into daily service behavior.
Chapter: IT governance - IT governance and service management
Problem
Governance arrangements can become outdated as services and risks change.
Action
Review governance responsibilities, information, decisions, and results regularly.
Outcome
Regular review keeps IT governance effective.
Chapter: IT governance - Conclusion
Problem
Projects lose control when governance and project management responsibilities overlap.
Action
State which decisions belong to governance bodies and which belong to project managers.
Outcome
Clear boundaries reduce delay and confusion.
Chapter: Project governance - Definition
Problem
Projects drift when sponsors and boards do not exercise clear authority.
Action
Assign decision rights to the sponsor, project board, and project manager.
Outcome
Defined authority keeps the project directed and accountable.
Chapter: Project governance - Governance
Problem
Governance activities become routine when they lack clear objectives.
Action
Define the controls and decisions needed to protect project value.
Outcome
Clear objectives focus governance on useful oversight.
Chapter: Project governance - Objectives
Problem
Missing roles, reviews, and reporting points allow project problems to grow.
Action
Define sponsorship, reporting, assurance, stage approval, and escalation from the start.
Outcome
Consistent features create disciplined project oversight.
Chapter: Project governance - Project governance features
Problem
Decisions become unreliable when project information is scattered.
Action
Maintain current plans, risk registers, issue logs, reports, and decision records.
Outcome
Reliable tools give governance bodies usable evidence.
Chapter: Project governance - Project governance tools
Problem
Individually attractive projects can compete for the same limited resources.
Action
Prioritize projects together based on value, risk, dependencies, and capacity.
Outcome
Portfolio decisions direct resources toward the most useful work.
Chapter: Project governance - Programme portfolio management
Problem
Different project data creates conflicting views of progress.
Action
Use controlled technology to collect and report current project information.
Outcome
A shared information source improves oversight and decisions.
Chapter: Project governance - Project governance technology
Problem
Projects become inconsistent when teams use unrelated methods.
Action
Adopt appropriate standards and tailor them to the project's size and risk.
Outcome
Common standards improve control and comparison across projects.
Chapter: Project governance - Project management standards
Problem
Future projects repeat mistakes when governance experience is lost.
Action
Record governance lessons and assign improvements at project closure.
Outcome
Recorded lessons strengthen later project oversight.
Chapter: Project governance - Conclusion
Problem
Projects often fail after early warning signs are ignored.
Action
Monitor unclear goals, weak sponsorship, poor planning, capability gaps, and uncontrolled change.
Outcome
Early detection allows corrective action before failure becomes unavoidable.
Chapter: Risk assessment - Project failure
Problem
A one-time assessment becomes outdated as conditions change.
Action
Repeat risk assessment at planned points and after major changes.
Outcome
Continuous assessment keeps risk information current.
Chapter: Risk assessment - Risk assessment
Problem
Risk decisions become inconsistent when assessments use different methods.
Action
Record each risk with its cause, likelihood, impact, control, and owner.
Outcome
Consistent records support clear comparison and action.
Chapter: Risk assessment - The risk assessment
Problem
Weak direction and leadership can undermine the entire outsourcing arrangement.
Action
Assess strategy alignment, decision authority, skills, culture, and supplier dependence.
Outcome
Early identification protects long-term control and value.
Chapter: Identifying the risks - Strategic and managerial risk
Problem
A technology failure can disrupt services and damage information.
Action
Assess the risks of architecture, integration, capacity, security, obsolescence, and recovery.
Outcome
Visible technology risks support stronger technical controls.
Chapter: Identifying the risks - Technology risks
Problem
Outsourcing does not remove the organization's legal and regulatory duties.
Action
Map each obligation to the responsible party and required evidence.
Outcome
Clear compliance ownership reduces violations and penalties.
Chapter: Identifying the risks - Compliance risks
Problem
Daily service failures can disrupt important business processes.
Action
Assess process, staffing, supplier, capacity, continuity, and communication risks.
Outcome
Operational risk analysis improves service resilience.
Chapter: Identifying the risks - Operational risks
Problem
Unexpected charges and supplier weakness can destroy expected savings.
Action
Assess pricing exposure, demand changes, hidden costs, currency, and supplier stability.
Outcome
Financial risk analysis improves cost predictability.
Chapter: Identifying the risks - Financial risks
Problem
Cloud use can reduce visibility and direct control over data and services.
Action
Assess data location, access, security, availability, dependence, and portability.
Outcome
Cloud risk analysis supports safer service choices.
Chapter: Identifying the risks - Cloud computing risks
Problem
Separate risk lists can hide dependencies and total exposure.
Action
Record all outsourcing risks in a shared register with owners and actions.
Outcome
A combined register gives leaders a complete view of risk.
Chapter: Identifying the risks - Conclusion
Problem
Risk decisions become inconsistent without shared rules.
Action
Define principles for ownership, openness, proportional control, escalation, and review.
Outcome
Shared principles guide consistent risk behavior.
Chapter: Risk management structure - Strategy principles
Problem
Risk management loses support when its purpose is unclear.
Action
Set objectives that protect services, decisions, compliance, finances, and reputation.
Outcome
Clear objectives focus risk work on useful results.
Chapter: Risk management structure - Objectives and benefits
Problem
Isolated risk activities leave gaps between identification and action.
Action
Define processes for identifying, assessing, treating, monitoring, and reporting risk.
Outcome
A complete framework turns risk information into controlled action.
Chapter: Risk management structure - Risk management framework
Problem
A risk manager cannot challenge unsafe decisions without clear authority.
Action
Define the risk manager's access, responsibilities, reporting line, and escalation rights.
Outcome
Proper authority enables independent and timely risk oversight.
Chapter: Risk management structure - The risk manager
Problem
One person cannot understand every business, technical, legal, and supplier risk.
Action
Build a team with relevant knowledge from each affected area.
Outcome
Combined expertise improves risk identification and treatment.
Chapter: Risk management structure - The risk management team
Problem
Unstructured risk methods produce incomplete and inconsistent results.
Action
Use recognized standards that fit the organization's duties and risk level.
Outcome
Suitable standards improve consistency and confidence.
Chapter: Risk management structure - Risk management standards
Problem
A formal framework has little value when teams ignore it during decisions.
Action
Include risk review in planning, approvals, performance meetings, changes, and audits.
Outcome
Routine use makes risk management part of real control.
Chapter: Risk management structure - Conclusion
Problem
Unmanaged IT risks can interrupt services and expose critical information.
Action
Apply preventive, detective, recovery, and monitoring controls to important IT risks.
Outcome
Active controls reduce technology failures and their effects.
Chapter: Risk management strategies - Management of IT risks
Problem
Supplier actions can leave the organization responsible for legal breaches.
Action
Set contractual duties, evidence requirements, audit rights, and reporting procedures.
Outcome
Defined controls improve compliance and legal protection.
Chapter: Risk management strategies - Management of legal and compliance risks
Problem
Process or supplier failures can stop essential services.
Action
Use tested procedures, capacity controls, continuity plans, and clear escalation.
Outcome
Operational controls improve service stability and recovery.
Chapter: Risk management strategies - Management of operational risks
Problem
Variable charges and weak oversight can make outsourcing costs unpredictable.
Action
Use budgets, pricing controls, forecasts, audits, and approval limits.
Outcome
Financial controls improve cost visibility and prevent overspending.
Chapter: Risk management strategies - Management of financial risks
Problem
Outsourcing loses direction when senior leaders treat governance as an administrative task.
Action
Require executive oversight of value, risk, performance, relationships, and accountability.
Outcome
Sustained governance keeps outsourcing aligned and controlled.
Chapter: Conclusion: the governance imperative - Conclusion