Short on staff, in need of an objective opinion, lacking subject matter expertise-there are myriad reasons to consider outsourcing. It is a critical decision that impacts small and large enterprises, and there is always a mix of opinions on whether the right decision was made. So, when do you buy? When do you build the product or provide your own services? If you buy, can you validate the work with the same degree of scrutiny you would apply to your own resource and your own intellectual capital? Ultimately, how do you find a trusted vendor and build the monitoring steps that will ensure a successful project?
It is often said that building the business case is the first step to evaluating a project and answering the buy vs. build question. One must determine the project objective and provide enough detail on the expected outcome to ensure that business partners will be satisfied with the end product and accepting of the final cost. Building a skeleton of features and functionality with concrete vendor project team deliverables is typically done after approval of a standard business case, but doing so as the business case is created gives stakeholders and the potential internal project team a chance to determine whether there is enough bandwidth to get the work done in the time frame required. Fleshing out the outsourcing engagement at this stage also allows internal research to be done. Is this scope of work potentially applicable to other departments? If so, do they have work underway or under consideration for a similar project? Is it possible that there is something already created internally and available for immediate use or retrofitting? Consider this scenario:
Dan was relatively new to the CommBank data analytics team. He had been hired as the new director. He had several ideas in mind for CommBank and had made the rounds asking his fellow managers about their areas and building rapport with them. Dan was on the brink of finalizing a business case for development funding when he ran into a friend in the company cafeteria. He casually mentioned his new department’s work and was surprised to discover that his friend’s new work group was undertaking a very similar initiative. Instead of finishing the business case, Dan decided a few meetings with his friend’s department, which turned out to be in the same division, was the best next step.
Vetting the Decision to Go Outside or Stay In-House
Once a review of the project is completed and translated into a business case that has enough detail to rule out duplicate efforts and provide reasonable assurance of user satisfaction, the buy vs. build in-house decision needs consideration. Several questions should be kept in mind:
- If you decide to buy due to aggressive time frames that cannot be accommodated internally, is the contracting and ramp-up learning time for a vendor taken into account in meeting the time frame expectations?
- If you seek subject matter expertise that is outside your organization’s core competency, are you prepared to familiarize the outsourced party with internal requirements, cultural norms and user expectations? Have you considered the time and resources that vendor orientation will take?
- If your staff is already overwhelmed with work, are there resources available to coach and monitor the vendor’s work, including management of any enterprise compliance requirements that supplement industry standard requirements?
- Has a financial analysis been conducted that includes not only the expected cost elements that will be provided by the vendor, but the internal project costs associated with managing the vendor?
- Have risk considerations been considered, specifically the risk to reputation if the outcome does not meet expectations, the financial risk for potential cost overruns, the operational risk of continued manual operations due to project delays, and the potential security risk of having an outsider either host a project or provide an externally accessible service?
There are several factors to consider when contemplating a vendor engagement, but there are just as many factors to consider with in-house project development and management. Comparisons between vendor attributes and in-house expertise need to include these elements:
- Determination of whether there is sufficient staff for completing the project compared to managing a vendor
- Investigation of how in-house expertise can be supplemented with resources such as interns and creative ways to temporarily supplement the work
- Consideration of potentially lower risk of using outside resources compared to employees
Writing the RFP
There are numerous tales to tell regarding vendor projects that have gone wrong. Buying services, similar to hiring new employees, is a commitment to having clear work objectives and a clear job description focused on the expected scope. Up front evaluation of needs and a thorough business case are an important foundation for building a solid request for proposal (RFP). Large organizations may have a dedicated department that handles RFP creation, while small organizations may distribute a basic quote request or hire a vendor solely based on feedback received from other organizations without using an RFP. All scopes of work, however, benefit from a formal request to vendors, which serves both candidates for the statement of work (SOW) and the organization requesting the work by providing specificity regarding the project and clarity regarding how performance will be judged. A team or person writing the RFP needs to consider not only the business case that has been prepared beforehand, but also legal and business operations criteria. The RFP starts with a solid understanding of the expected outcome from the stakeholders’ and users’ perspectives. Although the outcome must be clear, how the vendor gets to the end result should be left open to allow for creative solutions by vendor candidates.
Buying services, similar to hiring new employees, is a commitment to having clear work objectives and a clear job description focused on the expected scope.
The RFP is also an appropriate vehicle for outlining service level agreements (SLAs) that will form part of the contract once a final candidate is selected. The SLAs need to offer a guarantee of outcome or ongoing service commitment. They also need to be measurable and add value to the users’ experience. It is worth examining each of the three elements:
- Guaranteed outcome. Both the vendor candidate pool and the buying organization must be clear on the expected outcome. There are two points where one must level set. First, the service/product provided needs to have realistic parameters. There are times when buyers push potential suppliers into accepting criteria that cannot be met. Second, if there are doubts when vendor-experts indicate limitations, it behooves the buyer to do additional research and compare responses for similar criteria abilities. An RFP and contract should not be an opportunity to push a vendor toward the unachievable.
- Added value. SLAs need to be determined based on the functional specifications (specs) that add value for the users. Functional specs translated into SLAs may fall into categories of improved productivity or increased market share or a broader product set. Meaningful SLAs are those that resonate with those buying and using the services. Meaningful SLAs must also be straightforward enough for those monitoring the vendor’s performance to make accurate assessments of status.
- Key metrics. SLAs are the control points of a vendor agreement and, as such, must be measurable. It is not enough to establish the metrics without communicating the steps to be tested or the formulas for evaluation. Like any control point, SLA metrics must be understood and agreed upon between the parties. They must not only be clear, but also be legally binding with consequences that will promote remediation. Setting expectations is important and stating them in writing is essential, including these important elements:
- SLAs must be outlined in the RFP. It is the place to ensure that the best vendor is selected and that there are no major issues when it is time to contract services.
- SLAs in the contract must specify the outcome, the expected value to users, and the metrics/performance testing that will be used. Negotiation regarding SLAs during the contract phase is common, but changes should be minor if the RFP is sufficiently detailed to set criteria and expectations for monitoring performance.
- Metrics should be clearly established and flexible enough to modify upon mutual agreement as the product/service matures. There should be agreement regarding which party will supply the metrics and agreement on any cross-verification. Metrics are most effective when both parties participate in collecting them and when results are shared on a timely basis.
The RFP is also an appropriate vehicle for outlining service level agreements (SLAs) that will form part of the contract once a final candidate is selected.
Conclusion
Success is good for everyone and is a joint effort that starts with understanding the need, doing sufficient research, and participating in a transparent way with stakeholders and vendor candidates alike. Once a vendor is selected, the vendor/buyer relationship is an important one to work on together for mutual growth and benefit. When viewed as a lasting relationship that will have bumps along the way, it results in the best work from all involved.
CINDY BAXTER | CISA, ITIL FOUNDATION
Is executive assistant to the Massport Community Advisory Committee (MCAC). Baxter is pleased that technology has allowed her to reinvent her career and continue learning through all of it. She had the privilege of learning technology and managing Fortune 700 client relationships at AT&T. Baxter then applied her expertise as an IT operations director at Johnson & Johnson before moving to compliance and risk management roles at AIG and State Street Corporation. After a brief period of running her own consulting business, Baxter joined MCAC, which advocates on behalf of communities impacted by the US State of Massachusetts Port Authority aviation and port operations. She applies her expertise to website redesign, drafting vendor requests for proposals (RFPs), updating bylaws and providing regulatory support to the MCAC board. In her spare time, Baxter serves as compliance and operations officer for the ISACA® New England Chapter (Maine, Massachusetts, New Hampshire and Vermont, USA) and volunteers on the Nantucket Lightship.