Risk Management

Risk is the occurrence of an event that has some consequences. A vulnerability or exposure is a weakness that enables a risk to have an impact. Controls are measures that mitigate the impact of an event or stop it from having an effect. The probability of a risk is its likelihood of occurrence (e.g., a 60 percent chance of happening). The impact of a risk is its degree of influence (e.g., minor, major) on the execution of a process, project, or system.

The basic idea is to have controls in place that minimize the negative consequences of a "bad" outsourcing agreement, known as risk management.

Risk management consists of three closely related actions:

Risk identification Risk analysis

Risk control

Risk identification is identifying risks that confront a system or project. Risk analysis is analyzing data collected about risks, including their impact and probability of occurrence. Risk control is identifying and verifying the existence of measures to lessen or prevent the impact of a risk.

Risk management for outsourcing agreements offers several advantages. It enables identifying potential problems with agreements. It enables developing appropriate responses to those problems. Finally, it helps to better identify mission-critical functions to retain and others to outsource.

Despite the advantages of risk management, there several reasons why it is not done. One, it is viewed as an administrative burden. Two, the understanding and skills for conducting risk management are not readily available. Finally, the information required to do risk management is not available.

There are several keys to effective risk management. Risk management is best performed as early as possible, preferably before signing an agreement. It requires identifying and clarifying assumptions and addressing key issues early. It requires having the right people involved with the outsourcing agreement, such as subject matter experts knowledgeable about key issues.

One final caveat. Risk management is not a one-time occurrence. It must be done continuously. The reason is that risk management involves taking a snapshot in time and using it to anticipate what might happen in the future. The conditions of an environment, however, may be extremely dynamic and may challenge the validity of assumptions incorporated when managing risk. Hence, it is wise to continuously revalidate risk management before, during, and after negotiating an outsourcing agreement.

Outsourcing Survival Kit

Outsourcing Survival Kit

Tired Of Being Tied Down By Time? Wish You Could Achieve More And Earn More Within The Deadlines You Are Given? Want To Branch Out To Other Lucrative Areas Without Sacrificing Your Current Business?

Get My Free Ebook

Post a comment