Pin Me

What Are the Risks of Outsourcing IT Services?

written by: N Nayab•edited by: Jean Scheid•updated: 5/27/2011

Outsourcing is the contracting out of business functions hitherto performed in-house to an external service provider, either domestic or offshore. Read on for a review of outsourcing IT services and the risks.

  • slide 1 of 9

    Outsourcing IT Service and the Risks Is outsourcing a boon or a bane? A review of pros cons of IT outsourcing suggests that outsourcing provides many advantages for the organization. It shifts the nature of the payment of work from pay for doing to paying for results, ensures faster work turnaround, very often brings in better competencies at play, and eventually results in better quality of output at a lesser cost compared to doing the work in-house.

    Such advantages, however, come with many risks and challenges.

  • slide 2 of 9

    Security Risks

    Outsourcing IT services and the risks manifests most in maximum security issues. Outsourcing IT services requires entrusting valuable and confidential data to external third parties. Most outsourcing vendors do have strong data security measures, and at times, more impressive than the measures available in house, but the fact remains that the more the number of eyes and hands on the electronic assets, the greater the risk of something bad happening.

    The risks stem from the data stored on many computers, vulnerabilities during communication and transfer of data, or simply because the employees at the outsourcing site do not take data security as seriously as they should owing to cultural or altruistic issues, however rare such cases may be.

    The risks related to data security happen in-house as well. Companies can take appropriate action when such exceptions take place in house, but have little or no control over the situation when it occurs at the outsourcing vendor’s end.

  • slide 3 of 9


    The nature of Information technology is that some of the proprietary knowledge or competitive advantage remains embedded in the minds of the applications. With outsourcing, such competitive advantage moves outside the company premises, to an unknown and faceless third party who can leverage such knowledge for their own use later. Enforcing non-disclosure agreements on company in-house employees, even ex-employees is easy, but enforcing the same on an outsourcing vendor’s employee, especially at offshore locations is very difficult.

  • slide 4 of 9

    Competitive Advantage

    A review of outsourcing IT services and the risks suggests that outsourcing can have a negative effect on a company's competitive advantage.

    IT services remains a core functional area of any business and outsourcing this can lead to loss of control over a critical business function. Not maintaining a pool of competent and knowledgeable in-house staff leads to erosion of the company’s intellectual capital, the costs of which may exceed the costs saved through outsourcing. Companies may, for instancem lose the capability to negotiate costs and services effectively, and become dependent on the external service provider.

  • slide 5 of 9

    Regulatory Risk

    A major risk of outsourcing IT services, especially for financial and health service companies, are third parties gaining access to information about another customer through the outsourcing vendor. Not only do such risks jeopardize commercial interests, it also places the risk of the company not complying with laws and regulations, and can lead to arraigning senior management and boards of directors for negligence. Legislation such as US Patriot Act and Sarbanes-Oxley Act place the burden of accountability on American companies.

    The fact that different laws and regulations, and jurisdictions govern both the organization and the outsourcing vendor third party complicates the scenario, and makes enforcement of agreements or shifting accountability difficult.

  • slide 6 of 9

    Variability and Quality Risks

    Outsourcing IT Service and the Risks One main reason of outsourcing IT services is the expectation of better quality service from the outsourced providers, but the risks of variability and differences in perceptions of quality remains a significant risk factor.

    The issues of quality and variability stem owing to the diversity in offshore locations that result in difference in perception of quality standards. Such diversity manifests in issues such as pronunciation, accents, and grammar rule variations, differences in religions, modes, social activities, responsiveness, and other factors.

    Communication issues, and the outsourcing vendor cutting corners to maximize profits, adds to the risks related to quality. Training in cultural and other competencies, and monitoring for compliance add to the costs, and make outsourcing inviable.

    Most IT companies try to resolve such issues by establishing Service Level Agreements (SLAs) on what constitutes acceptable service. Not only are such SLAs hard to implement, enforcing penalties is as locking the barn after the horse has bolted.

    A better solution is the Capability Maturity Model (CMM). Entrusting the IT process to outsourcing vendors with standardized and respectable models such as CMM Level 5 helps overcome much of the issues related to quality and variability. The fact, however, remains that over 70 percent of IT organizations are still at CMM Level 1. Companies lacking an internal process model maturity will undermine potential cost savings.

  • slide 7 of 9


    A review of outsourcing IT services and the risks raises on-time delivery as a major concern. The company doing the work in-house has a greater degree of control, and can monitor progress of the work on a real time basis, adding more resources if the need arises. With outsourcing, the company loses control over the core process and can only get passive updates regarding status of work, with no direct power to alter pace of work as needed.

    The outsourcing vendor may claim to be on track, but even with the best of intentions and contracts, can still miss deadlines, or worse fail to deliver.

    The major reason for the failure of outsourcing is the outsourcing vendor employees not having the same level of motivation or commitment to meet service requirements, and having goals, missions, values, and a culture different from in-house employees.

    The implications of vendor failure can pose a grave risk to the very existence of the company. Companies can mitigate such risks by outsourcing to multiple vendors, but then the issue of standardization across the output of multiple vendors poses big risks.

  • slide 8 of 9

    Hidden Costs

    A major purpose of outsourcing IT services is to save on costs. Hidden costs might, however, turn this exercise counterproductive in nature. Some costs, such as the intangible quality costs are difficult to quantify. Other costs such as costs related to scope creep remains uncertain. All outsourcing contracts invariably contain baselines and assumptions, with the client having to pay for differences.

    Finally, the entire support structure relies on being able to maintain access to network nodes via the Internet. Outsourcing IT services depends on seamless connectivity at affordable rates, which many take for granted, when the reality is different in many parts of the world.

    A review of outsourcing IT services and the risks suggests that outsourcing can reduce IT expenditures by 15 to 25 percent in the first year, and considerably more in subsequent years following the removal of glitches, but success, however, depends on balancing the risks and uncertainties with the potential for cost arbitrage.

  • slide 9 of 9


    1. ZD Net. “Top 10 Risks of Offshore Outsourcing.” Retrieved 11 March 2011.
    2. "Outsourcing Information Security. Chapter 4: Risks of Outsourcing". Retrieve 11 March 2011.

    Image Credit:

    Page 1: Kiel

    Page 2: Endico