Delivery in day(s): 4
ITC 596 IT Risk Management
This is the assessment 4 of ITC 596 IT Risk Management
Outsourcing is a very crucial process that allows an organisation to hand over its internal activities to some organisation. It is just like an agreement that has been done between two organisations. This report is prepared so as to analyses different types of risk that could arrive due to various projects that are undertaken by an organisation. In order to analyse all the risks of a project, an organisation has been selected named Aztek Financial Services. This organisation plays a very crucial role in both of the sectors that are IT sector as well as financial sector also (Troaca and Bodislav (2012) Outsourcing concept (p. 51).
Current status of IT in the financial sector at Aztek Corporation
This organisation mainly focuses on the financial services in the infrastructure financing and the investment sector. This is one of the famous organisations of Australia that comes under the list of the highly developed market. Aztek Corporation provides financial resources to many of the small-scale industries of Australia. The growth of the financial market in the last 10 years is too high. Aztek Corporation is increasing its business as well as operations at the global level and particularly in the Asian and European countries.
Aztek Corporation is increasing its services all over the world and strengthening the regulatory environment of Australia. This organisation has taken the opinions of different experts, officers, senior leaders and administrative so as to look upon the outsourcing technology. Outsourcing is a very crucial process that can enhance the growth and development of Aztek Corporation in an effective manner. Aztek Corporation uses this process so as to enhance the growth of the organisation. There are various advantages of this process.
Aztek Corporation must have to use outsourcing services so as to enhance the growth of the company by decreasing the cost of the products in an effective manner.
The efficiency of the products that are delivered by the Aztek Corporation gets improved by the outsourcing technology or activities.
It would allow the Aztek Corporation to focus on its core areas or value-adding activities that could influence the growth of the company.
Outsourcing activities would help the Aztek Corporation to eliminate the requirement of advancement of technology and infrastructure in the company and this will save the cost of the company (Clark and Monk (2013) Outsourcing enhancement (p. 279-298).
Outsourcing will allow the Aztek Corporation to have faster and effective services and this could influence the growth of the company.
There are many reasons why the Aztek Corporation must have to use outsourcing and some of which are listed below:
It is cost-effective:Outsourcing is a very cost-effective process as it reduces the operational cost from the Aztek Corporation. It allows the company to get their job done at very low price as well as with better quality also. It has been recorded that there is more than 60% saving of cost if an organisation transfers any task or work to India as the operational cost in India is quite lower than that of other countries.
It is organisationally feasible:Outsourcing is a very feasible process as it allows the organisation to perform the task or activities of other organisations. Outsourcing activities take place on the basis of an agreement that is done between two organisations.
It is operationally feasible:This process is quite operationally feasible and this enhances the quality of products that had been outsourced to other organisation. If the activity or the task is transferred to MNC or world class organisation then the quality of the products gets enhanced. Operational control is there in outsourcing process which shows that it is operationally feasible (Prawitt, Sharp and Wood (2012) Outsourcing feasibility (p. 1109-1136).
It is technically feasible:The activities or tasks are outsourced to the vendors that are fully equipped with effective equipment’s and those are technical expertise. Aztek Corporation would not have to waste its resources or technology on various functions and activities and outsourcing allows them to hand over the task to the other organisation.
It is politically feasible:Outsourcing services or activities are politically feasible as the tasks are transferred by Aztek Corporation to other organisation which is world class or MNC and which follows all the rules and regulations imposed by the government of Australia.
Advantages and disadvantages of outsourcing
Advantages of outsourcing
1. It allows the Aztek Corporation to focus on its core areas and value-adding activities that are very crucial for the organisation.
2. Swiftness and expertise can be achieved by outsourcing activities in Aztek Corporation.
3. The quality of products or services is being enhanced by the use of outsourcing activities in Aztek Corporation.
4. The risk is being shared between two organisations in which the agreement of outsourcing is being signed (Dhar (2012) Outsourcing benefits (p. 664-675).
5. The major advantage of outsourcing in Aztek Corporation is that it reduces different operational cost from the company.
Disadvantages of outsourcing
1. There is a major risk of data security and loss of confidential data due to outsourcing activities in the Aztek Corporation.
2. The costs are quite unexpected and this may lead to affect the Aztek Corporation in various ways.
3. Lack of focus over the customers and this could affect the Aztek Corporation in various ways.
It can be determined from the above-mentioned figure that the outsourcing as a percentage of total budgets of IT is increasing every year which shows that it plays a very crucial role in IT sector.
Vendor search and contracting cost
It is defined as the cost that is required in the Aztek Corporation for searching the vendors and contracting with them (Tayauova (2012) Cost of Outsourcing (p. 188-195).
Cost required for searching the vendors of the same field that can easily perform the task and could maintain the quality of products and agreement fees.
Initial transition cost
The cost that is required for initial transition in the Aztek Corporation. It is the cost that is required at the initial stage of the outsourcing.
Salary is given to the company in which the process is being outsourced.
Cost of managing the IT outsourcing effort
This is the cost required for managing the different IT outsourcing effort. This cost manages the overall operations that are performed in the other organisation.
Salary giving for effective management of task or project and operational fees.
Post IT outsourcing cost
The cost that is required after the outsourcing activities get completed. This is a very crucial cost that is required for obtaining the produced product.
The amount required for obtaining the outsourced product.
The above-mentioned table and chart show the cost-benefit analysis of the Aztek Corporation. This shows that the cumulative benefit is increased by cumulative cost after the period of four years and can be seen in table and graph.
Financial service review
There are many rules and regulations that the Aztek Corporation has to face while outsourcing any of the project or task. These government legislations are developed so as to make outsourcing within the rules of government. There are various rules that Aztek Corporation must have to follow and some of which are:
1. Australian Consumer Law (ACL)
2. Competition and Consumer Act 2010
3. Corporations Amendment (Future of Financial Advice) Act 2012
4. Corporations Act 2001
5. Anti-Money Laundering and Counter-Terrorism Financing Act 2006
6. National Consumer Credit Protection Act 2010
These are the major rules and regulations that the Aztek Corporation has to follow while outsourcing its internal activities or tasks to external companies. There is various other legislation that are also very crucial for an organisation.
Code of conduct
Code of conduct is a set of rules and regulations that the Aztek Corporation have to follow while outsourcing their functions or activities. There are various rules and regulations that are involved in the code of conduct generated by the Aztek Corporation. ASIC (Australian securities and investment commission) has the power to approve the code of conduct of the Aztek Corporation.
There are various hurdles that come due to the legislation of government and that affect the outsourcing activities of Aztek Corporation. These hurdles affect the outsourcing activities of the company. This directly affects the financial services provided by the company in every area of Australia. Australian Competition & Consumer Law is one of the famous law that is applied to the outsourcing transactions or agreement that takes place in Australia (Hamlen and Thuraisingham (2013) Outsourcing code of conduct (p. 1-5).
There are many organisation of Australia that outsources their projects or activities to the different organisation so as to complete them in an effective manner and to reduce operational cost from the home company. Some of the organisations are Westpac bank is a famous bank of Australia that outsources its various products and services to the external organisations and this has influenced the growth of the Westpac bank.
Security posture review
There are various challenges that the Aztek Corporation has to face due to outsourcing activities. The major challenges that the company has to face are related to the security of data or information of the company. Data security is the very serious topic of concern for the Aztek Corporation as all the data is in front the company with which the agreement has been signed. The problem of security of data can be controlled if there is an effective and efficient control over the information of the company.
Policies and procedures
The cost of the outsourced product must have to be predefined by the external company so that the Aztek Corporation does not have to face the problem of unexpected cost. This will make it clear for both the companies that what will be the cost of the outsourced product after the whole process. This will help the Aztek Corporation to select the cost of its product or services as per the cost required for outsourcing. This is one of the crucial factors that mostly affects the business of the Aztek Corporation and if this is controlled by the effective policies an procedure than this would enhance the growth of the company.
If the cost becomes clear that it would become easy for the Aztek Corporation to select the cost of its products and services as per the condition of the financial market. Unexpected cost is a very critical problem that Aztek Corporation has to face due to outsourcing and this policy will help the company to avoid this problem. This policy will clear all the costs required for operations in the external company.
Predefined criteria for quality performance
This policy is undertaken by both of the company could influence the growth of the Aztek Corporation as it allows them to know about the quality of products that have been outsourced by them to the external company. This would play a very crucial role in increasing the business of the company.
This would make it clear to the Aztek Corporation about the quality of products that have been outsourced and if there is any modification required can be processed easily by the Aztek Corporation. This is the major benefit of this policy in the outsourcing activity. Quality problem is also a major issues or challenge that Aztek Corporation has to face many times and this affects the business of the company.
The data must only be accessed by authorised personnel
The main and the severe risk of the outsourcing function is a loss of data and information that is meant to be kept confidential. If this confidentiality would be delivered by the outsourcing company, Aztek could perform more effectively and minimises the causes of risks. Thus for the high confidentiality of the data and information of Aztek, the company at the time of contract delivers the term that the outsourcing company for the sake of security and confidentiality of the information makes the policy that the Aztek’s data will only be accessed by the personnel authorised by the company. Such formation of the policy makes it easy for the company to locate and spot the actual culprit behind the leakage of information so that appropriate measures could be taken against him (Ben-Shahar and Logue (2012) Policies of outsourcing).
This policy also delivers high confidentiality to the data of Aztek and makes the company to abide from the risk of loss of business reputation and customers trust. This high customer support will enable the company to perform effectively with high profitability and for a long time period that increases the competition sustaining the power of the company.
Formation of contract with clearly defined policies and ethical code of conducts of Aztek
The outsourcing process reflects the involvement of two parties that are liable to each other for the performance of the work and the payment in return for the work. This involvement of the two parties suggests the needs of contract so that clear terms of function could be accessed and the party at fault could be identified. Aztek that want to perform its functions legally and ethically should incorporate the business policies and ethical code of conduct in the contract so that violation of the contract could be compensated by the outsourcing company. This formation of the contract made the outsourcing company to perform the function of Aztek ethically and according to its business values and principles otherwise, it could be sue in the court of law (Kang, Wu, Hong and Park (2012) Contract simplifies the outsourcing process (p. 1195-1201).
The completion of the tasks assigned to the outsourcing companies decreases the chances of loss of company’s reputation and delivers the value to the public that the company is operating ethically with the proper business values as mentioned for the public. Thus the formation of the contract results in the removal of the risk of average severity that is the breach of ethical codes and makes the functioning of Aztek a smooth one.
All the policies that have been described above are very crucial in case of Aztek Corporation as it allows the company to know about the cost of its products, quality assurance is there while outsourcing any project or task, no one can interpret the data or information of the company without permission and all the legislation are predefined in the contract or agreement that have been signed between both of the organisation. These are the major advantages that could be achieved by these policies in the Aztek Corporation.
Threats/vulnerabilities and consequences assessment
Outsourcing is the business function that reflects that the business organisation has transmitted its business function to some third for the effective performance. Usually, the outsourcing is done with the motive of accruing the cost and resource advantages with higher efficiency of the work. This outsourcing activity simplifies the business operations and the other party could be held liable for the damages caused their actions and functions performed by them. Besides the advantages, the adoption of the outsourcing delivers many risks also to the parent company that is Aztek Corporations. The risks and the threats delivered by choosing the outsourcing mode of business operations may cause severe damages and consequences to Aztek.
Because of the presence of many threats and risks, the need to analyse the risks becomes an important activity for the company so that effective decision could be taken to minimise the effect of the risks so that high advantages could be extracted. For taking the affirmative actions at right time, Aztek decided to identify all the possible risks and its severity so that the risks could be prioritised accordingly. The prioritisation of the risk on the basis of the severity enables the company to effectively deal with the risks that hold the chances of higher damages. Thus after the research on identification of this risks, the following risks are been identified by Aztek.
Identified Risks of outsourcing the business activities
Leakage of confidential data and information:The outsourcing company requires the data and all operations related information so that company’s related functions could be performed effectively. The outsourcing company because of the expertise and high efficiency performs the same function for various business organisations that raises the possibility of exchange of information and wrong delivery of the results that could be used by other companies for the purpose of monetary benefits and with the objective of running the company’s reputation (Lowmanm, Trott, Hoecht, and Sellam (2012) Outsourcing leads to confidential risk (p. 99-109).
Financial losses:The outsourcing of the business activity is mainly done with the objective of getting the work done at low cost and fuller utilisation of the resources so that high efficiency could be accrued. Besides the cost benefit, Aztek is exposed to pay more cost because of the hidden costs charged by the outsourcing company. The charges levied by the outsourcing company delivers no justification and raise the cost of outsourcing process that causes financial losses to Aztek as the higher cost is being spent for the completion of the task.
Inadvertent or deliberate breach of legislation, policy, or ethical standards:Aztek Corporation performs functions at large scale that involves the adoption of many policies related to the law and ethics that is considered to be followed by the company and any subsidiary of the company. The performance of the functions by outsourcing company decreases the control of Aztek over its performance as the outsourcing company have some other parameters to perform the same function. The difference in methods and parameters reflects that Aztek needs to co-operate compromises with its own ethical and legal standards (Jimmy Gandhi, Gorod and Sauser (2012) Outsourcing results to breach of ethical and legal policies of business (p. 39-71).
Quantification of risks that are identified
Leakage of confidential data and information:The risk of leakage of confidential data is of great significance in adopting the outsourcing for business operations. The risk affects the business operation of Aztek to a great extent as the leakage of the confidential data delivers the plans and strategy of the company to other competitors that could be used by them for gaining the competitive advantages and ruining the plans of Aztek. This risk hold high severity as it directly affects the company’s performance and could even make the company to wind up because of the leakage of highly confidential data that reduces the company’s reputation as well.
Financial losses:Every company have the objective to perform productively with high profits and at least cost. The additional cost charged by the outsourcing companies reflects that Aztek is operating less profitably and effectively. The financial losses are considered to be another severe risk as money being the blood of the business is required by Aztek. And the continuous loss of the money could even result in the end of the business performed by Aztek (Yang, Shieh, and Tzeng (2013) financial loss of outsourcing (p. 482-500).
Inadvertent or deliberate breach of legislation, policy, or ethical standards:The violation of the legal and ethical standard is of average severity as these are the cases that could be managed by the company but still hold the average severity as creates an adverse effect on the company’s reputation and image.
Vulnerabilities faced by Aztek on Outsourcing business activity
Less control over quality:The Company when outsourced its business is delegating its functions to another party that possesses the effective means for completing the same task efficiently. The outsourcing company because of the least interest in the parent company’s business delivers the less quality of work that affects the image of the business as the parent company is now delivering less efficient services that could not even be controlled as do not hold any right over checking the quality.
Less control over the performance of the actions:Generally, the laws differ from country to country and the ethical values differ from person to person. The differentiation between the laws and ethics of the two companies made the parent company comprise on the ethics and the policies as the company actually performing the business functions hold all the right to decide how and what to perform (Siepmann (2013) Weaknesses of Outsourcing).
Less business, economic and social knowledge:The parent company being present over different area and country may not holds the actual report about the country’s economic condition, people’s behaviour and business position. The lack of knowledge regarding all these factors offers undue advantages to the outsourcing company that reflects the weakness of Aztek.
1. Leakage of confidential data and information:
2. Financial losses:
3. Inadvertent or deliberate breach of legislation, policy, or ethical standards
The company for the effective business performance keeps a record of its various customers and details of the regular customers so that high convenience could be delivered to them. The leakage of the data because of outsourcing activity decreases the company’s reputation and losses the credibility of the clients (Zhang, Cao, Wang and Zeng (2012) leakage of data could create severe consequences (p. 1351-1364). Because of the severe consequences from the data leakage Aztek sets this risks on highest priority.
The other consequence that could be measured by the company is out of the risk of financial resources. The more money required by the company to get the work done by its outsourcing unit reflects that the parent company is spending much. The more spending to get the work done comparing the same to be done within the host country shows the financial losses. The continuous financial losses could not be bear by Aztek for so long and make the company to wind up its operations.
The breach of the act and legal policies of the parent company by the outsourcing unit creates a negative impact on the customers and the clients as they believe that the company have some code of ethics and follows the same. On identifying that the company is not following the same will reduces company’s reputation and ability to perform for long without the support of the public and customers. The consequences of the risk of the breach of ethics and policies are considered average severity as this breach could not come into the sight of the public so easily (Steven, Dong and Corsi (2014) Impact of breach of ethical codes (p. 241-253).
There are various risks that can arrive due to outsourcing the activities of Aztek Corporation into external organisations. There are various risks that could affect the growth of the company in various ways. The risks are divided into various categories and the risks which are very low are of category 1, risks which are low are of category 2, risks which are high are of category 3 and the risk which are very high are of category 4.
The major risks that are associated with the outsourcing activities are listed below
Outsourcing is a process of activity that allows the vendor to access the information or data of the company and this is very dangerous for the Aztek Corporation. This company provide financial services and all the data of the customers and the companies are confidential and any leakage could affect the image and reputation of the company.
Fluctuation in productivity
Fluctuation in the productivity is also a major risk in the outsourcing activities and this could affect the business of the Aztek Corporation.
The costs of the product or services are unexpected and this is very harmful to the company. Aztek Corporation is a company that provides financial services and in this company, cost must have to be accurate and appropriate and this expectation of the cost lead to loss of business of the company and revenue.
Loss of knowledge of business
This is considered as one of the major risks that could affect the company in various ways such as the company does not focus on the infrastructure and financial project due to outsourcing and this lead to the loss of knowledge of their own business.
This is also a major risk as if the company with which the agreement is signed for outsourcing does not provide effective and efficient products this could lead to loss of key customers of the company and this will directly affect the reputation of the Aztek Corporation.
Impact to profitability
Type of risk
Loss of knowledge of business
Fluctuations in productivity
Lack of accuracy
Risk of reputation
All the above risks are very harmful for the Aztek Corporation and this can be mitigated by the use of various policies and procedures:
1. In such a case of unexpected cost, there must be Service Level Agreements (SLAs) that could help the company to minimise the risk of unexpected cost.
2. Quality assurance must be there at a regular interval of time so as to overcome the risk of quality expectation.
3. It must be included in the agreement that is signed before the outsourcing takes place all the data must have to be secured and unauthorised authority cannot interpret the personal information of the company without any permission.
Ben-Shahar, O., & Logue, K. D. (2012). Outsourcing regulation: how insurance reduces moral hazard. Retrieved from: https://papers.ssrn.com/sol3/papers.cfm?abstract_id=2038105.
Clark, G. L., & Monk, A. H. (2013). The scope of financial institutions: in-sourcing, outsourcing and off-shoring. Journal of Economic Geography, 13(2), 279-298. Retrieved from: https://academic.oup.com/joeg/article-abstract/13/2/279/927029.
Dhar, S. (2012). From outsourcing to Cloud computing: evolution of IT services. Management Research Review, 35(8), 664-675. Retrieved from: http://www.emeraldinsight.com/doi/abs/10.1108/01409171211247677.
Hamlen, K. W., & Thuraisingham, B. (2013). Data security services, solutions and standards for outsourcing. Computer Standards & Interfaces, 35(1), 1-5. Retrieved from: http://www.sciencedirect.com/science/article/pii/S0920548912000414.
Jimmy Gandhi, S., Gorod, A., & Sauser, B. (2012). Prioritization of outsourcing risks from a systemic perspective. Strategic Outsourcing: An International Journal, 5(1), 39-71. Retrieved from: http://onlinelibrary.wiley.com/doi/10.1111/jscm.12010/full.
Kang, M., Wu, X., Hong, P., & Park, Y. (2012). Aligning organizational control practices with competitive outsourcing performance. Journal of Business Research, 65(8), 1195-1201. Retrieved from: http://www.sciencedirect.com/science/article/pii/S0148296311002402.
Lowman, M., Trott, P., Hoecht, A., & Sellam, Z. (2012). Innovation risks of outsourcing in pharmaceutical new product development. Technovation, 32(2), 99-109. Retrieved from: http://www.sciencedirect.com/science/article/pii/S0166497211001660.
Prawitt, D. F., Sharp, N. Y., & Wood, D. A. (2012). Internal Audit Outsourcing and the Risk of Misleading or Fraudulent Financial Reporting: Did Sarbanes?Oxley Get It Wrong?. Contemporary Accounting Research, 29(4), 1109-1136. Retrieved from: http://onlinelibrary.wiley.com/doi/10.1111/j.1911-3846.2012.01141.x/full.
Release, P., 2017. IT OUTSOURCING PERCENTAGE HIGHEST IN FIVE YEARS [Online] Datacenterjournal, Retrieved from: http://www.datacenterjournal.com/outsourcing-percentage-highest-five-years/. [Accessed on: 29, September 2017]
Siepmann, F. (2013). Managing risk and security in outsourcing IT services: Onshore, offshore and the cloud. CRC Press. Retrieved from: https://books.google.co.in/books?hl=en&lr=&id=3jMTAgAAQBAJ&oi=fnd&pg=PP1&dq=security+risk+in+outsourcing&ots=sRCVyVJwuy&sig=iYhf8sic2pPV8EUjf6S3Ds1V_TY#v=onepage&q=security%20risk%20in%20outsourcing&f=false.
Steven, A. B., Dong, Y., & Corsi, T. (2014). Global sourcing and quality recalls: An empirical study of outsourcing-supplier concentration-product recalls linkages. Journal of Operations Management, 32(5), 241-253. Retrieved from: http://www.sciencedirect.com/science/article/pii/S0272696314000333.
Tayauova, G. (2012). Advantages and disadvantages of outsourcing: analysis of outsourcing practices of Kazakhstan banks. Procedia-Social and Behavioral Sciences, 41, 188-195. Retrieved from: http://www.sciencedirect.com/science/article/pii/S1877042812009032.
Troac?, V. A., & Bodislav, D. A. (2012). Outsourcing. The Concept. Theoretical and Applied Economics, 6(6), 51. Retrieved from: https://www.researchgate.net/profile/Alexandru_Bodislav/publication/230868190_Outsourcing_The_Concept/links/0fcfd5059101ebff12000000/Outsourcing-The-Concept.pdf.
Yang, Y. P. O., Shieh, H. M., & Tzeng, G. H. (2013). A VIKOR technique based on DEMATEL and ANP for information security risk control assessment. Information Sciences, 232, 482-500. Retrieved from: http://www.sciencedirect.com/science/article/pii/S0020025511004695.
Zhang, D.Y., Cao, X., Wang, L. & Zeng, Y. (2012). Mitigating the risk of information leakage in a two-level supply chain through optimal supplier selection. Journal of Intelligent Manufacturing. 23, 4, 1351-1364. Retrieved from: https://link.springer.com/article/10.1007%2Fs10845-011-0527-3?LI=true.