SOURCE: CorporateComplianceInsights Accounting fraud at outsourcing giant Satyam and terrorist attacks in Mumbai and Jakarta should resonate with risk managers in any organization that outsources or is thinking about it. While it’s unlikely these events have tarnished outsourcing permanently or outsourcing providers as a whole, they emphasize the need to have a disciplined risk management and governance framework to select a provider and manage the relationship over the long term. Even without the red flags, companies who outsource are well-advised to examine their risk management standards and adjust them to account for the decision to turn over control of mission-critical functions to another party who delivers services from a foreign country.
For hundreds of U.S. companies, investments in outsourcing and offshoring are more important than ever to achieve strategic and financial goals. Outsourcing can simplify modernization, shift risks, and give buyers access to integrated system solutions. A growing reliance on outsourcing to deliver core business processes and knowledge-based services also increases risks and alters their scope and impact. Outsourcers are in control of key business operations and interface directly with clients and their
employees and customers, very often from offshore sites.
On the eve of reform legislation and at a social and economic tipping point, healthcare services in America are poised for fundamental change. Payers and providers undergoing this transformation are expected to look to outsourcing as a way to upgrade IT capabilities quickly and offload back office operations and costs. Outsourcing also facilitates around-the-clock clinical support from locations like India where low-cost medical professionals read radiology reports and review CT scans for U.S. providers and patients.
Until now, healthcare has lagged other industries in adopting outsourcing as part of an overall management strategy. This is changing, but before making the move or recommitting to outsourcing, healthcare organizations should undertake a comprehensive review of the risks, including performance, reputation, security, legal, financial, and competitive factors associated with offshore outsourcing. This assessment is more complicated because clinical and administrative processes alike are candidates for outsourcing and their risk profiles are different. A risk common to all outsourcing relationships and considered a leading cause of their failure is the lack of effective oversight and governance.
Outsourcing governance is critical to manage the provider in ways that advance the objectives of the outsourcing initiative through its lifecycle. Without good governance, there’s a greater chance an outsourcing strategy will be considered a failure because it did not
deliver expected results. Despite its challenges, outsourcing’s time has come in the healthcare industry. Risk managers, auditors and others focused on risk have an essential role promoting a dialogue focused as much on risk and relationship management as it is on cost savings. Outsourcing is an opportunity for healthcare organizations to take a reasoned approach to risk and advance the principles of enterprise risk management in doing so. Intelligent risk management and sound governance practices won’t guarantee the venture’s success, but they will greatly improve the odds that an outsourcing strategy was the right decision for a healthcare organization.
The State of Outsourcing
“There is a profound and impassioned stigma associated with outsourcing.”
~ The International Institute for Outsourcing Management, January, 2009
The state of outsourcing in 2009 is generally good, with the trend to outsource remaining steady in the current recession. In 2008, the IT and Business Process Outsourcing (BPO) segments generated $600 billion in contract signings, and the Everest Institute projects that annual contract value for finance and accounting deals will grow at a 20% rate annually for the foreseeable future.
Some believe the global economic crisis will encourage protectionism and reduce demand for offshore services, at least temporarily, especially as wage gaps narrow and geopolitical dynamics evolve. If this is correct, providers who have relied on wage arbitrage as their primary value proposition will feel the effects.
To compete, they will either become commodity providers of low value services or change their business model from one based on standardization and cheap labor to one based on productivity, efficiency, and quality. It also compels clients, especially those receiving financial assistance from government agencies, to improve how they select and manage outsourcers and offshore operations. These developments contribute significantly to the success of an outsourcing strategy and can actually increase its use over the long term.
The most successful outsourced functions are those with rules-based, repeatable actions that can be wholly or partially performed by technology integrated in a streamlined workflow requiring fewer resources, less time, or both. Jobs like data entry and payroll processing were commonly outsourced in the early years. Today, a range of business processes are candidates for outsourcing, including information technology, claims processing, human resources, supply chain management, logistics, customer care, facilities management, procurement, transcription, billing, coding, and collection services.
Since the late 1990s, the Internet has allowed companies to outsource higher-value services traditionally performed in-house, such as financial reporting, accounting, auditing, legal and engineering support, and tax preparation. If this practice continues, it could change assumptions about outsourcers as being low-cost providers because highly-educated workers no matter where in the world they are change risk profiles and drive up costs.
For some, outsourcing is a handy way to unload expensive, poorly-managed operations that sap resources and distract attention from the core business. In outsourcing parlance, this is known as ‘my mess for less’ and is usually a reliable predictor of failure. When structured and managed properly, however, outsourcing offers tangible value and real strategic advantages for an industry under the gun to change quickly and dramatically.
To read the rest this article, follow the link to download a PDF version:
Risk Management in an Outsourced World by Karen Wilson
About the Author
Karen D. Wilson is a seasoned business executive and attorney with 25 years experience practicing law and managing corporate compliance and ethics programs. In particular, she is an expert in risk management and outsourcing. She was Chief Compliance Officer at Affiliated Computer Services until 2008, and before that, Deputy General Counsel for First Data Corporation, both global outsourcing companies. She created the Office of Legal Compliance at ACS and helped architect First Data’s early enterprise risk management program.
In 2008, Wilson formed Citadel Compliance Group, LLC, which provides consulting and other services to companies who want to build or improve their compliance and ethics programs. She also consults with companies who are, or are considering, outsourcing and offers services such as risk assessments and due diligence and governance support.
Ms. Wilson has published numerous articles and spoken at professional conferences on the topic of outsourcing and risk management, including Compliance Week (2007), Society of Corporate Compliance & Ethics (2008), and Healthcare Compliance Association (2009). She is a member of the Nebraska and Texas State Bar Associations and is a Certified Compliance and Ethics Professional. She can be reached at email@example.com.