IT outsourcing – selecting the ‘best’ infrastructure model

This article was published on CEO Online a month or two ago, and I did promise I would post it here eventually.  And as I am of course absolutely certain that there is a raft of readers out there who would like to see the full article on the basis of that promise (delusionment is a wonderful thing) I am posting the article here.

In order to keep us all sane, you will need to click through to see the full article.

A full night’s rest for Chief Executive Officers
 
Introduction

Figuratively at least, CEOs are lying awake at night asking, “Is my IT infrastructure delivering what it needs to? In essence, are we doing IT right?” It is an age-old and important issue that causes CEOs considerable angst: ‘What is the best way to manage IT infrastructure?

Unfortunately, there is no definitive answer apart from, “Well, it depends.” The goal of this article is to outline three alternative approaches to the delivery of Information Technology (IT) services and then to consider the pros and cons of each approach.

At the end of this article, you – as a CEO – will be better informed as to the likely benefits, traps and pitfalls of IT outsourcing.

IT – The Business’s ‘Problem-Child’

Information Technology is increasingly complex. The pace of change and innovation continues to increase. Competitive pressures ensure that IT, more and more, is required to deliver the innovation that is crucial to maintaining competitiveness in the marketplace.
Legislation (such as Sarbanes-Oxley in the United States and, to a much lesser extent, Corporate Law Economic Reform Program Act 2004 in Australia) and regulatory authorities (such as the Australian Prudential Regulatory Authority requirements over governance) have introduced stringent guidelines that require ever-higher service level standards from business’s IT.

Professionalism and maturity of the IT industry have also resulted in the adoption of service management frameworks to ensure consistency of approach and reliability of services.

Demographically, the increasing expectations of Generation Y in the workforce are significant drivers for innovation in technology – most of Generation Y have grown up with technology and have high expectations and understanding of what it can do for the business. They have high demands of IT and increasingly refuse to accept the status quo.

These increased demands upon IT have exposed the weaknesses of IT service models to deliver upon expectations. The results often manifest as poor service levels, a higher level of project backlog and an amplified level of user dissatisfaction. It is apparent that IT cannot be run ‘hands-off’ – it needs direction and scope around the expected service delivery, no matter the size of the business enterprise.

There are essentially three competing service delivery models at this time:

• Completely outsourced IT: Almost no technology assets are owned by the business and service level contracts are specified in terms of business outcomes. The service provider owns all assets and infrastructure and the business pays for services as they are consumed according to an agreed rate and at an agreed level of quality.
• Managed service provider: Under this approach, the business owns the technology assets but has contracts with a service provider or providers to provide technical expertise and to manage assets. Often, this expertise is provided remotely through the Internet.
• In-house IT: Under this arrangement, all assets and IT staffing are owned and managed by the business, with the business fully responsible for providing its own services, selecting its own technology and managing the entire process on its own.

All three models have examples of success and failure. In practice, most businesses adopt some mix of the three models, although this is often the result of inertia rather than considered and rational thought.

The following section explores the three models by looking at the strengths and weaknesses of each and following the experience of some of our clients that have adopted the relevant model.

Completely outsource Information Technology

Strengths and weaknesses

When IT is completely outsourced as a whole business unit – including assets and staff – the business recognises that most IT services required by the business are not strategic but rather transactional. The focus is upon the delivery of efficient transactional services and overall cost savings to the business. Where this holds true, the strategic impact of IT is minimal – IT is not a strategic innovator for the organisation, and delivery of cost savings becomes very important.

Outsourcing in this way allows the business to assign responsibility for IT to a service provider who is, presumably, much better at providing the services than the business. The benefit of this approach is its instant appeal – by outsourcing the entire business function, all the benefits of outsourcing become available very quickly to the entire business. For businesses experienced with outsourcing, that know their IT requirements well, and that are able to manage the inherent project risk of a ‘big bang’ approach, completely outsourcing in this manner can deliver significant business benefit.

For outsourcing like this to work, a business must understand its IT requirements in a great level of detail in order to specify the services required. A mature approach to relationship management and contractual management is necessary. There are pitfalls – particularly if, for example, the ‘undocumented’ services provided by an in-house IT team are not included in the service level agreement.

Outsourced arrangements also often fail to recognise the requirement for strategic management of the relationship with the service provider. Outsourcing arrangements in the past have delivered benefits in the early years of the arrangement but not so in the later years. For example, service levels that were attractive three years previously may no longer address business requirements in today’s market.

A further danger is that, with complete outsourcing, the business loses all expertise in IT and is unable to re-integrate the IT business function at the end of the initial contract period. This becomes a negotiation problem at the end of the contract period, as the business may now have no staff with appropriate IT expertise to understand the issues involved. Additionally, the inherent difficulty in migrating away from a service provider that owns the assets, infrastructure and service staff upon whom the business relies does not provide a strong negotiating position.

Consequently, successful outsourcing requires that the business manage the relationship and the services provided closely as a strategic imperative and that the business either maintain some level of IT skills in-house, or recognise the potential future cost should this approach be necessary.

The client experience

Complete outsourcing has had mixed results. Some clients have welcomed the ability to lock down their IT requirements and to focus their IT solutions on transactional efficiency for their business.

Other clients have completely outsourced their IT only to discover that the ‘undocumented services’ they previously enjoyed with in-house IT were crucial to the business. Locked into a services contract, the business struggled to bring the services back into the business.

Another client had been glad to outsource their transactional IT roles to a third party service provider. However, legislation, governance requirements and the industry requirements of their own clients meant that although responsibility for the task could be transferred to a third party, accountability and legal liability could not be transferred.

Accordingly the outsourcing relationship had to be modified to include expensive monitoring and assurance processes to ensure that the work was carried out to a high standard. These expenses and processes had not been originally envisaged as part of the relationship.

Managed service provider

Strengths and weaknesses

A managed service provider (MSP) relationship, in contrast to the ‘completely outsourced’ model, provides the services to manage and maintain the assets and infrastructure owned by the business. Periodically the business revisits the market for a service provider to provide technical services to manage the assets and to provide defined services. Outsourcing of specific, simple, transactional business functions is usually the most effective for business.

The growth of this approach has been assisted through the development of standard best practices in IT services management such as ITIL (Information Technology Infrastructure Library) and COBIT (Control Objectives for Information and related Technology). Using service providers that follow these best practices and requiring service providers to document their approach, ensures that migration to an alternative service provider is relatively easy. In some respects, the services have become commodities.
Adopting this approach allows businesses of some size to obtain the benefits of having a full-service IT team available while not increasing costs exponentially.

However, similar to complete outsourcing, management of the relationship is the key to a successful MSP service model as well as keeping some IT expertise in-house, if only as insurance against future contractual re-negotiations. Again, the identification of specific and well-defined transactional services for outsourcing will be most effective under the managed service provider model.

The client experience

Carter Newell, a leading Queensland-based law firm with clients including CGU Insurance, CSR, Santos, Rinker and AGL, purposefully adopted a strategic approach to their IT with a managed service provider relationship.

Kym Mellor, Chief Information Officer, explains, “For us, it’s the most cost effective way to provide the services we need to meet our business needs. We are 100 seats, but we use top end corporate level applications and infrastructure. Our service providers provide the range of the technical expertise we need, when we need it, and are contracted to provide the service levels necessary to maximise uptime and our staff’s productivity.”

Kym’s previous experience with internal IT is an important consideration in adopting this approach. “As a smaller organisation with big firm requirements, we need high-quality services but cannot provide the career path, training and job satisfaction for a very small internal team of IT staff. Our service provider can do that, while we concentrate on the strategy. And our service provider is contracted to adhere to ITIL – it’s part of the engagement. Previously, when we had internal IT, we found it was difficult getting commitment and compliance to ITIL,” she said.

In adopting the managed service provider approach, Kym is free to concentrate on the strategy of IT. However, for Kym the relationship with the service provider is paramount and strong communication between Carter Newell’s management team and the service provider is important: “Once engaged, the key things are to know your contracts and the service level agreement – backwards – and be sure to make the relationship work. Treat it as a business partnership. Regular meetings with Chief Site Engineers and your account manager help develop the partnership. You can’t simply give it all to the service provider – it’s important that your organisation retains ownership of your IT, its support and maintenance and its strategic development.”

In-house

Strengths and weaknesses

In-house IT has been the ‘default’ approach for some time. In particular IT has grown over the years as the default approach to service provision – some smaller components of IT service delivery are outsourced (e.g. network routers) but in the main tasks are carried out by internal staff.

In-house IT tends to provide a standard set of services that are common to most businesses. However, internal IT staff genuinely want to help the business and so often provide ‘undocumented’ services to the business. For example, IT might install a new printer in the general manager’s office and ‘while they’re there’ help the manager with a spreadsheet, or show his personal assistant how to use Word to develop a macro for the Board reports.

The result of this approach is that the business often does not know what the IT area does and therefore does not value its output. IT’s budget is limited, the staff ‘help’ the business but the backlog of official projects never reduces. In extreme cases, resentment and misunderstanding builds.

The essence of the unique issues of an in-house approach to IT are that management of the IT function – rather than actually delivering the services per se – can become a distraction for management of the business. Staffing issues are a significant factor. Whilst the generally accepted ratio for IT support staff to PCs is about one IT staff member to fifty or sixty desktop workstations, this can be impractical. To address staff risk in the management of IT, a minimum of three staff is usually needed if burnout is to be avoided and business effectiveness maximised. Three staff are necessary to cover holidays, sick leave, staff resignations, and so on. Under this view, a business should employ at least 150 staff before having its own IT department becomes a viable option. Clearly, this is not the practice for all businesses.

IT staff usually like to be exposed to new technologies and new ways of doing things, but in small to medium enterprises (SMEs) this is difficult to achieve, and so staff turnover is high. Additionally, there is the need to provide a career path for staff – IT staff should not be expected to labour in the same position without a prospect for personal career growth – yet this is frequently the case.

Finally, it is exceptionally difficult for a small IT department to adopt and implement best practices and formal service management frameworks such as ITIL and COBIT. Accordingly smaller IT departments beat their own path to service delivery, which can often mean that tasks are carried out in an ad hoc manner. With good, dedicated IT staff, service levels can be very good – but when new staff members are subsequently hired that cannot understand the approach to IT due to its unique nature, the result is apparent chaos in the area.

Although on paper an in-house IT department for an SME may seem cheaper than an outsourced approach to IT, the hidden costs are often considerably underestimated – particularly in terms of management distraction and time. However, if IT is providing hidden benefits through those ‘undocumented services’ as well, there may be a good argument for retaining in-house IT. For a business that does not understand its requirements of IT, or the environment is very complex, in-house IT will likely deliver the necessary services – but at a cost.

The client experience

One BDO Kendalls client found that management was unable to properly assess solutions proposed by the in-house IT manager. Having proposed a $100K investment in network infrastructure, the IT manager was provided with a budget of $50K. Accordingly, the IT manager tried to deliver the same infrastructure outcomes – but at the cost of reliability, ease of maintenance, and future proofing. Accordingly, each time there was a lightning storm, the unshielded network acted as a lightning rod and the resultant $10K expenditure on infrastructure equipment became the expected result of every lightning storm. Storm season quickly meant that the business exceeded the original $100K proposal, but the entire network still needed to be replaced. No-one in management was equipped to properly evaluate the proposed expenditure and best practice standards were not in place.

The inherent business risk in IT is also of concern for many SMEs. Another client was heavily reliant upon significant in-house information systems that were built by a single staff member at the request of the business. Business profitability depended upon these information systems. Unfortunately, the single IT staff member was the only one with any understanding of these systems and documentation consisted of approximately ten pages of diagrams. The business in that instance was heavily exposed to the risk of staff burnout, as the staff member in question was working 60-70 hour weeks, every week, just to keep up.

Another client had little understanding of their new business’ IT needs (apart from the fact that the needs were ‘substantial’) and so established a skeleton IT department. Aligned with the business and with the right staff, the business enjoyed a high level of services to address their overall needs and could then establish the scope of the services required and examine their ability to outsource components of IT.

The future road map

For many SMEs, the answer will continue to be a mix of the service delivery models. Increasingly, it is to be expected that adoption of the managed service provider service delivery model will be used by SMEs as the realisation of the hidden costs of IT hits home.

The complete outsourcing of IT is often a ‘big bang’ approach and often takes longer than expected, is more expensive than expected and is more difficult than expected. Frequently this approach does not deliver upon the proposed benefits, the inherent project risk is high and success is difficult to achieve.
Repeatedly, success has been reported in the field through the outsourcing of specific business functions at a transactional level, whilst retaining strategic direction in-house. For large enterprises, in-house IT can be an effective approach but for many other businesses outsourcing specific business functions can be effective tactics in delivering strategic outcomes from IT.

A practical and risk-averse roadmap that CEOs may wish to adopt in rejuvenating the IT function through adoption of the managed service provider approach would be:

• Understand the services provided by the IT function, starting at a transactional level and then through to strategic level.
• Increase the capability in each service to a minimally accepted standard. Outsourcing an IT service that is not operating well will ensure that problems arise during its outsourcing.
• Undertake a service provider selection process to identify a single service provider in a particular service domain, or perhaps a panel of two or three potential service providers in that domain, with proven capability, proven viability and the potential to deliver a strong working relationship with your business.
• A provider’s domain may be, for instance, networking infrastructure, or printers, or database management, or application management.
• Should a panel of providers be adopted, it should be noted that the larger the number of providers the more difficult the providers will be to manage. In managing the providers, it is advisable to ensure that their services can be easily segregated from one another so that their inter-dependence on each other is limited (thus ensuring that that responsibility for solutions to problems can be clearly identified).
• Only then should the business outsource transactional services that are not strategically critical to the business but that deliver short-term business benefits. If a panel of providers is identified, the services should be shared across members of the panel of service providers, although having aligned services managed by the same service provider will avoid provider disputes over responsibility for any problems. This approach provides the opportunity to strengthen your experience with outsourcing whilst not ‘betting the farm’ on a single service provider.
• Ensure that governance of the strategic relationships works for the service providers and your business – frequently such service provider relationships start positively but as operational matters arise and promises are either delivered upon or broken, the relationship can break down. Communication across all levels of the enterprise with the service provider will be of vital importance in maintaining the working relationship.

Only then, outsource strategically critical transactional services where business benefits are expected. The expertise already developed in the management of outsourcing relationships will be invaluable.At all times, the CEO should ensure the business retains the capacity to provide strategic guidance for the IT function to be outsourced, that services are provided according to a service management framework and that the strength of the relationship is maintained. It is of critical importance to the business’ future negotiation position that the business is able to change service providers if necessary in the future – even re-integrate the IT service into the business if necessary.

There is no ‘silver bullet’ in ensuring that IT infrastructure is maintained correctly and as is evidenced from the above roadmap it is unlikely that outsourcing is a short-term solution for delivering effective IT services. Done well, IT outsourcing can provide an enormous value opportunity for the business. Done poorly, it can be a serious distraction to business management and at the end of the day, result in even more sleepless nights for CEOs.

About the author:

Micheal Axelsen is Director of Information Systems Consulting with BDO Kendalls in Brisbane, Australia.

Micheal’s passion is for assisting corporate, government, and SME organisations (including non-profits) to better manage their information systems.

Micheal has extensive expertise in the evaluation and assessment of information system projects for large businesses and government agencies in line with business strategies, goals, and objectives and is our technical expert in the area of information governance, particularly with respect to the legislative requirements of government in the maintenance and development of information retrieval systems and record keeping systems.