Armed with these categorizations, the CIO can start to narrow down the options available in deciding exactly what needs to be strategically outsourced, what can stay internal, and what can be achieved in a hybrid fashion.

First, let's step back and determine what outsourcing really means and what options exist to execute a strategy. Outsourcing, like all things in IT, has many facets. The following are some possibilities that exist:

Before making any decisions to outsource or execute a tactical plan, the CIO must understand what parameters are driving him or her down this path, what outcome is expected, and what timeframe is being addressed. Quite obviously, by the time these questions are being faced, it is already reasoned that:

In reality, the driving forces behind the decision whether to outsource in some manner clearly include the need to:

Armed with one or many of these reasons, let's explore what each outsourcing option means. It is also quite reasonable to expect any one or multiple combination of these options to be chosen when looking at a strategy. Quite often a one-size fits all solution simply does not exist, no matter how badly the outsourcing vendors may want the CIO to believe it.

Onsite support is also referred to as consulting or contracting. The key differentiator is that a consultant is there to provide guidance and/or options without prejudice and has a much broader understanding of the business, the technical and functional environments, and the work to be performed but may not necessarily be the subject technical expert. The contractor, on the other hand, is there to perform a certain defined task as the subject technical expert.

By definition, this work is performed at the customer's premises and is typically located with the project, program, or functional team for a set period of time. Staffing methods can vary from hiring independents to hiring a team, either independently or from a professional organization directly.

One of the pitfalls with this option, especially in the United States, is the classification and treatment of the consultants or contractors with respect to the privileges of regular employees and the length of time they are contracted for. If a consultant is treated like an employee of the customer, for instance, in control of his or her hours and vacation schedules, the U.S. Internal Revenue Service recognizes this and attempts to have the customer withhold taxes. With this interpretation, legal cases have been brought forward (and won) by consultants who, after contracting for a number of years with one customer, claimed they were owed the same entitlements (bonuses, stock options, share of profits) as regular employees, based on the new tax definitions.

To address this concern, some companies have instituted policies whereby a consultant/contractor can be contracted only for a certain period of time and cannot be rehired back for a defined period of time as well, ranging from six months to a year. Other strategies have been to have the consultant form a legal entity such as a corporation; payment is then made to the corporation directly as opposed to the individual. A consultant or contractor who is working multiple contracts at the same time is more clearly of independent status as well.

The advantage of hiring in this category is that it can indeed fill some short-term needs, costs will be at market rate, and the customer has flexibility to terminate the contract as and when required as long as terms and conditions set forth in the contract (which are generally quite liberal) are met.

Offshore services became popular starting in the 1990s. Partly driven by cost, the need to develop solutions quickly, and the availability of technical resources in cheaper English-speaking economies, it became a viable option. Although cost savings of 70 percent and sometimes 90 percent over onsite support were promised, only rarely did those percentages materialize. Savings can be gained, however, if the project is monitored and managed correctly.

This option can be quite uncomfortable the first time, and for that reason many CIOs choose not to go down this path, which is a shame. The global economy is here to stay; companies are conducting business globally; borders and boundaries are being broken with the availability of 7/24 infrastructures. Offsite and offshore is one more weapon the CIO should strongly consider having in his or her arsenal.

There are some strong perceptions and myths that still exist today when the words “offshore outsourcing” are first tossed around. The perception is that going offshore will mean large job losses in the IT organization, wages will remain frozen, and there will be social turmoil both internally and for customers facing the outsourced vendors. The reality is quite different, however. Offshore is not a slam dunk; not everything will or can go offshore, not all companies will be successful (although the trend will be irreversible), constraints will still remain in terms of business processes, technology, and cultural aspects. The constraints that exist can actually be turned into opportunities to leverage services in the future.

The offshore option can be used in a number of, but not in all, scenarios. It should be considered favorably when:

The overall maturity of this option can be broken down into the relative maturity of several aspects, listed in Table 9-1.

Table 9-1. Maturity Aspects

Assuming that offshore is the answer and the CIO wishes to proceed down this route, it now becomes important to develop an element of trust between the customer and the offshore entity. Does that mean you can simply throw things over the wall and expect magic to happen? Of course not; the CIO is still accountable to ensure that goods are delivered in the time promised and that excellent project management skills and people communication skills are developed to ensure successful completion.

Once you have decided that this is a viable option, how do you go about initiating the next steps? More often than not, speaking with other CIOs, vendors, and customers will elicit a list of a number of offshore firms that service this area. Contact a few of them and have them talk about their successes and failures, types of projects, base cost structures, organizational structure, and what makes them successful. The best ones will have representation close to the customer site and their own network infrastructure. They should also have local resources as well as offshore development centers.

In the ideal situation, the offshore party has technical and functional representation at the customer site where requirements are validated before the project is sent offshore. The customer also has a staff member at the offshore site to clarify any issues that arise and to assist in quick decisions so as not to halt progress (this step is often missed). The offshore organization is then responsible for delivering a product that meets the specifications and that also involves full quality assurance before handoff to the customer. The customer's staff member at the offsite location is also in constant touch with the program/project team and is notified of any functional change so that the offshore site can react accordingly to any decision requests.

Offshore organizations do have elements of risk. A major one involves communication between the two parties: How good are the verbal skills, written and spoken, of the staff that will be interfacing with the customer? This issue must be addressed early on. Is the offshore entity just delivering to the requirements given, or are they functionally savvy as well? If they spot a problem, will they simply continue to work to the requirements, or will they bring the issue to the client's attention immediately for resolution? When there is a difference of opinion, what is the conflict resolution process? These are all questions that must be ironed out before a contract is signed, negotiated, or entered into.

Many global companies are going one step further and have either already developed or are developing their own offshore centers, primarily to take advantage of lower local costs, the availability of resource talent pools in a specific region, and the global tie-in infrastructure (telecommunications, Web, power) that is available. Not only have technology-based companies taken this strategy in stride, but organizations with heavy customer support requirements are also going down this path. Those companies that have large technical development projects have extended their own offices into the offshore economies and have either built or acquired to take advantage of this scenario. Extending even further, some global companies have now set up customer support centers at these locations, with Web or phone infrastructures routing unknowing users to one of these centers behind the scenes.

The one black cloud over this option is and will always be the political and economic instabilities of the countries involved. With terrorist activities on the increase and possibilities of sabotage, companies still cannot take this option as its single end-all solution. When opting for offsite, offshore services, this possible problem must be a prime consideration, and the risks must be weighed equally with other alternatives.

For offsite service, onshore is easily a more comfortable option than offshore, but not necessarily the best for what needs to be achieved. The option has some merit, but not necessarily from a cost standpoint. One of the main reasons that we contemplate offsite options in the first place is to get some leverage with respect to cost, but in any westernized country, we have already lost the resource cost battle in comparing onshore to offshore.

Offsite but onshore really means outsourcing to another organization within the same country or region. The benefit is that the development or work to be done is removed from the customer, thereby saving the cost of infrastructure to support the work effort.

This option can be used as a stepping-stone for some CIOs to eventually go the full offsite, offshore model, as processes can be tried out and ironed out. This onshore option can also be used as an alternative to onsite consultants.

Some outsource companies offering this solution tout the lower regional cost in various parts of the country, but be aware of shared resources; the lower cost may be derived from the outsourced resource working multiple projects, when they should be working on one customer's project. In the case of technical infrastructure staff (such as database administrators, system administrators, or system operators) this practice may be acceptable, but if deadlines are not met, it will be hard to prove whether the resource was actually working the requirements and what led to the delays.

This does become a viable option for the large companies that may have multiple divisions served by a corporate-owned IT organization, where the money stays within the corporate entity but not necessarily within the division that spends it, and where it is quite likely that each division is responsible for its own P&L and hence has options to source at its discretion. Because it is perceived the money stays within the corporate body, cost may not necessarily be the driving factor when facing the outsource decision. If the IT arm has a location nearby and can provide the services offsite, this may become an attractive alternative to either onsite or offshore sourcing, depending on the work to be performed.

Functional support in this context means to outsource an entire function. On the infrastructure side, this could include help desk, network management (data/voice), server operations, administration support (database/system administration), firewall management and support, or any other infrastructure function peculiar to the company. On the business application side, it could include application support, application development, Web content management, or again, any other business application function peculiar to the company.

Outsourcing of an entire function or service has its own set of advantages and disadvantages. Each CIO has to weigh the options pertaining to his or her own corporate culture, needs, and requirements, taking into account the corporate political climate and what changes are needed.

Reasons to outsource at a functional level are generally driven by a number of factors, such as:

Considering any of these factors, the CIO has to assess the situation and the potential impact it will have on the current staff both within and outside the organization. This is a decision that should not be taken lightly: It impacts the entire organization. Questions external to the IT organization will pop up: If IT outsources the help desk, for example, people in manufacturing, shipping, receiving, and other departments will wonder if they will be the next to be outsourced. On the other hand, the reverse is sometimes true: If the IT group has not performed to user expectation, a decision to outsource a specific function may be seen as a positive step.

Some companies have outsourced the entire IT function, some have outsourced small pieces, and others use a hybrid model. There is no right or wrong model; it all varies depending on the company's culture, whether it sees IT as a strategic or operational group, its long-term goals, whether it is considered important to keep knowledge inhouse, temporary cost-saving strategies, and so on. Whatever the reason, careful thought and consideration must to be given when deciding to outsource an entire function.

The current climate has seen deals in which functions are outsourced with 10-year fixed contract terms, including heavy penalties for cancellation in the earlier years. These deals are structured with favorable terms in the near future but high costs thereafter. IT is not a fixed world, so although a scope may be set initially for the terms of the contract, there is generally out-of-scope work that has to be done, which is where the outsource provider makes its margin. Conflicts arise out of badly written agreements that set an expectation by one side and that is not fully understood or defined by the other. Beware of agreements and service levels set by the vendor; these generally have the vendor's best interest at heart.

Contracts for this category are generally geared to provide service at defined service levels and can operate under a generic service framework. However, most customers do not have the measurement tools to challenge the provider's service level numbers. This leads to situations in which user expectation is not being met, but all the statistics coming back from the provider hit the marks. Such a scenario can be a CIO's nightmare in the making.

Outsourcing also does not guarantee that service will improve; there have been a number of cases in which the A players have been brought in initially, then quickly replaced with B and C candidates.

The overall message is that if a function is outsourced, be prepared to manage the relationship as with any outsourced work. Manage the provider and don't let the provider manage you or your staff. I had a situation in which the provider's account manager would come to me repeatedly and ask why I did not see them as a partner; after all, they did all the work, they supported the account, and they maintained the infrastructure and responded to situations as necessary. My response, very simply, was as a working partner yes, but as an account, no. I paid them for all the time they put in, they billed me for out-of-scope work, and there was no risk on their part. The day they came to me with a solution that saved me, the customer, money to the detriment of their own revenue was the day I would see them as a partner—and not until then.

One other big area of contention is over response versus resolution. The vendor always tends to discuss response time, whereas the customer is really interested in resolution time. The difference? Response means the provider will get back to the customer within a designated timeframe without any expectation of problem resolution, whereas resolution means the problem has to be actually solved within a set timeframe or service level. The normal vendor response when negotiating this is, “We cannot give a resolution time because we don't know the problem, and it may be unrelated to us.” How should the CIO answer? “That's fine. Give us fixed resolution time with a percentage fudge factor”—that is, the goal of having, say, 80 percent of calls resolved within, say, two hours, with the understanding that the other 20 percent may go over this service level. Of course, the CIO has to have tools and processes in place to measure this—such tools should be in place to measure vendors anyway.

When selecting your functional support provider, remember that his or her entity will become an extension of the IT organization and as such will also carry your business knowledge.

Is all functional outsourcing bad? When technology moves so fast in your organization, training often comes as hindsight. IT staff may not be able to keep up with the pace; hence an external organization may be the answer, especially when it has a talented and varied resource pool to call upon at a moment's notice.

Good opportunities to outsource at a functional level include situations in which:

Outsourcing strategically in this area may also be a politically savvy move for a CIO, especially if the internal IT organization has been badly beaten by its customers—for whatever reason and whether fairly or not—and confidence is low. When this is true, it may make sense to bring in an external party to desensitize the situation and redirect attention away from internal IT staff. If taking this drastic route, careful consideration must be given to how an exit strategy is worked out for current staff in this function. It's quite possible that the external provider can take over current functional staff in this area or provide work for them elsewhere, especially as the staff itself is generally not to blame, regardless of the perception outside of the IT organization.

A project or program has been thrust upon the IT group, and internal resources are either not available or not appropriately experienced. When this happens, one option is to have the work outsourced by a contracting or consulting company, which can range from one of the Big 5 (KPMG, Deloitte & Touche, Accenture, and so on) to smaller “boutique” firms serving the same area.

In general, the Big 5 firms are business-savvy, have the functional resources, may be lacking in technical resources (but can get them via subcontracting), and are primarily focused on delivering the solution. As such, they come with a price tag beyond the independent consultants and contractors, and way beyond offshore entities.

Although the larger consulting companies generally take on projects based on time and material, there have been instances in which they have bid a fixed price based on the project scope, although this is rare unless they have also been involved in the project scope phase itself. Be aware that in the fixed-price scenarios, the real cost will come with scope creep and any changes that come along with scope creep that are defined as any work that was not specifically agreed to in the contract.

On a longer term project, it is guaranteed that the final product will never be limited to 100 percent of the original scope. The longer the project time, the greater the chances of changes; after all, business conditions can change quickly with considerable impact to any projects or programs that are being implemented. The need to adapt to these ever-changing situations quickly becomes a change management issue, including how to “park” and manage change during the development and implementation cycles.

The larger consulting organizations also take these opportunities to expand their services into other aspects of the business. Once they understand the business, it does not take a stretch of the imagination to see how they can assist in other areas, and indeed this may be an opportunity the CIO can take advantage of. Any areas that are weak in terms of business, process, technology, or process flow are usually pointed out quickly, especially in the larger programs, which may create a real challenge in managing the scope of the original project. It would be far better to park these issues to be tackled at a later stage or initiated through a different channel. This allows the CIO to again entertain competitive bids at a later point in time and does not make the incumbent the de facto vendor.

The smaller consulting houses are generally cheaper than the Big 5 firms, but may not have all the needed resources or experience to carry out the task at hand, as much they promise. This shortfall, however, may not be a big risk, as they can overcome this by contracting the help of consultants who are then presented to the customer as part of the consulting company. Former Big 5 partners, managers, or consultants have indeed started a number of consulting companies, and the business knowledge risk is therefore mitigated in terms of experience. The CIO in this instance is really getting the benefit and experience of a Big 5 player at a much lower cost and maybe minus the tools and processes, but gaining a team that can make decisions rapidly and adapt more quickly to the needs of the ever-changing customer climate.

Another factor to be considered is the customer's own physical infrastructure. Does the facility have room for a team to come onsite? Typically, consulting companies like to have dialup access. Does the facility support dialup? How many outgoing lines are available? Is there enough desk space for the team members, or will they operate out of conference rooms? Where will needed private interviews with business-level staff take place? Are there enough conference rooms or private offices to allow this? There are many other factors and physical limitations that should be considered; some will be highlighted before the contracts are signed, and others will come to light afterward.

It all comes back to the level of risk acceptable to the organization. In all instances, the infrastructure must be in place to support a consulting team coming onto the customer's premises, and access to required key staff must be made available ahead of time. This is a game of time and money in which the burden is on the CIO's organization.