Governance, management and project risks
When services are hosted offshore, the government agency's management staff may be geographically remote from at least some of people who actually deliver the service. Similarly, business owners and governance groups for projects may be distant from the developers. In some cases, service delivery or project tasks will be split over multiple locations, which can complicate the management and integration of operations or fragment the service delivery supply chain or coordination of the various project components. When the governance team is isolated from the project team it may have difficulty remaining connected with project risks and issues.
Agencies geographically separate from their project or service functions may not be able to visit those teams. They may be wholly reliant on the supplier's reporting which may leave them poorly informed about project progress or service delivery issues. This can reduce the ability of government agencies to monitor and manage the risks, issues, day-to-day service delivery and project progress. Additionally, it may be difficult to ensure business requirements are understood and are being delivered appropriately. Service desks are often located in low labour-cost countries which may bring security concerns.
Accordingly, it is appropriate for government agencies to complement
stringent performance expectations with rigorous measurement and review
processes. Regular and comprehensive quality assurance reviews may be
advisable. Agencies need to remain abreast of current and emerging
issues and be able to respond as necessary.
(Many of these risks are common to on-shore outsourcing as well.)
Example mitigations
Governance and management
- Contract should include compliance with New Zealand government ICT project controls and audit requirements (see Resources section under risk management)
- Contract should include compliance with best practice (e.g. project methodology, ITIL) governance frameworks
- Contract for effective recording and reporting of issues, risks and non-compliance with government requirements
- Establish auditing and compliance checks as a performance measure affecting revenue
- Establish a governance team including New Zealand-based representatives of the offshore service provider
Project
- Ensure the offshore service provider and government agency adopt a recognised 'best practice' project management methodology (e.g. Prince2, PMBoK).
- Contract should include compliance with New Zealand government ICT project controls and audit requirements (see Resources section under risk management)
- Ensure ongoing project risk management and risk reporting.
- Undertake regular offshore training of key staff to maintain fluency in the solution. If possible, maintain an overseas presence.
- Establish a local capability and backup for services, perhaps by insisting on a local provider of support services.
- Ensure effective change management so that documentation and training material is kept current and accessible.
- Consider the long term strategic value to New Zealand of the skills being outsourced (consult the Department of Labour).
- Don't move strategic intellectual property offshore.
Governance, management and project risks
Governance and management
- Arm's length management
- Delays in identifying problems, adding to fallout
- Poor knowledge of service quality, issues and risks
- Low compliance with audit and other government requirements
- Fragmented governance team leads to misunderstandings
- Reporting difficulties
- Audit difficulties
Project
- Organisational push-back and lack or cooperation
- Poor knowledge of:
- product quality
- issues and risks
- project progress
- Interruption in service because of start-up and transition risks
- High exit costs and difficulty moving the project to new service providers because of knowledge capture by the remote service provider.
