End-to-end accountability may be the best way to reduce risks, but where should companies draw the line?

In a recent Forrester survey, senior IT professionals ranked “ concerns about giving work to a third party” as their greatest concern about moving into managed services.

Another Forrester report published last year (Why Strong Vendor Management Is Essential To Managed Services Relationships by Jan Erik Aase, September 15, 2011) maintains that as more system, application, and process ownerships are shifted to vendors, the number and severity of risks increases as well as the value of strong governance. “Although many vendors contend that due diligence and governance can be a part of their managed services engagement, these activities are essential to the health of the vendor relationships and should not be outsourced,” the report says.

This is re-enforced by the latest King Report (King III) that states, “The ultimate compliance officer is the company’s stakeholders who will let the board know by their continued support of the company if they accept the departure from a recommended practice and the reasons furnished for doing so.”

Thus, it can be convincingly disputed that self-regulation in an organisation is much more desirable than an outside agency monitoring and enforcing those standards.


Outsourcing Law Global has published a list of outsourcing guidelines for companies considering employing third party services. It suggests the following should not be outsourced:

Core business competencies.
Competitive advantage flows from the superior skill, acumen or execution of the enterprise’s mission should never be delegated, transferred or compromised by blind dependence on a third party.

Abdication of business judgment, where you cannot delegate authority or discretion over how a function is performed. This rule reflects the need for retention of ‘core business competencies’ and therefore a board of directors cannot delegate responsibility for making business judgments. Consequently, outsourcing is entirely inappropriate for functions where the outsourcing vendor will have the legal right to exercise discretionary business judgment that cannot lawfully be delegated, such as performance management.

Knowledge-based functions dependent on proprietary company information. In a knowledge-based global economy, competitive advantage depends upon an enterprise’s control of its trade secrets and its ability to build upon skill and experience.

Compliance with legal liabilities. Ultimately, the enterprise is liable for legal mistakes. Unless the enterprise receives some adequate assurance that its losses from a breach of compliance duties will be “taken care of,” the enterprise should not outsource the function. As an exception, when the service provider is a licensed professional, the service provider’s standard of care, ethical duties and professional liability are generally well defined under statute and common law.

Business functions that are highly volatile or unpredictable in scope or risk structure
. The key to deriving business benefits of outsourced services lies in the service provider’s capacity to deliver predictable service. Thus, if the customer’s service requirements are highly volatile as to scope or risk structure, the function should be retained in-house.

Interdepartmental, or multidisciplinary, functionality
. Outsourcing a function involves retaining responsibility for managing the service provider’s performance. Prudent enterprises retain the capacity to administer and manage the service provider’s performance under the outsourcing contract. If the outsourced services cover a range across disciplines and departments within the enterprise, the enterprise will need a multidisciplinary team to manage the outsourced services for success.

Critical business functions that are subject to unacceptable levels of political risk. Even domestic outsourcing operations may involve foreign subcontractors whose right to deliver services, or right to receive payment, could be severely impaired for political reasons. Embargoes, quotas, political restraints, inconvertibility, nationalisation, expropriation and similar risks may suggest that special measures be adopted to mitigate any political risk


According to Cari Drysdale, group marketing manager: managed services at there are certain guidelines companies can follow to ensure effective vendor management.

1. Manage vendors ‘strategically’. Vendor management is important, but few companies can afford the investment required to execute it in a way that delivers hard return on investment and keeping it in-house is rarely viable.
2. Seriously consider outsourcing vendor management. A third party offers a good alternative when the benefits you’re looking for relate back to the need for the right skills, experience, capabilities and industry influence that would be near impossible to replicate in-house.
3. Choose a partner who understands your business issues. This is equally important because you don’t want one that adopts a one size fits all approach to vendor management.
4. Make an informed choice, so that you select a vendor management partner that is the right fit for you. While informing yourself, make sure you think about cultural fit, suitable transactional models, geographic coverage aligned to yours and clout with technology vendors.