It is a scenario scary enough to induce night sweats in even the steeliest CIO. Your CEO, just back from a conference, strides into your office. Yesterday, he played golf with the vice-president of sales for one of the big IT services companies and now he is telling you that this company could take over most of your IT functions and cut your company’s IT budget in half. Not only that, they can deliver better services levels. After all, it is what they do.

Our business is not IT anyway, the CEO continues, waxing enthusiastic. And our biggest competitor just signed an outsourcing megadeal, too. Best of all, there is no need for a long, drawn-out RFP process. “Just call this guy up tomorrow,” the boss says with a big smile, sliding a blue-and-white business card across your desk. He is doing you a favour. “It’s practically a done deal,” he concludes happily.

Waking dream

For many CIOs, this nightmare is neither a dream nor uncommon. But unlike most dreams, the morning after brings consequences that are all too real. Outsourcing a particular function within IT – or all of them – without considerable study can have disastrous consequences that the CIO, not CEO, will have to solve.

In the past year alone, 47 per cent of companies have prematurely ended an outsourcing arrangement, according to research by Diamond Management and Technology Consultants. Over 40 per cent of them brought the work back inhouse, indicating it may not have been a good decision to farm out the function in the first place. “Outsourcing, onshore or offshore, if not done right or done for the right reasons, can tip things the wrong way,” says Chris Jones, principal of consultancy Source Renaissance. “It can have negative effects on IT, on the business and, ultimately, your customers.”

Short of locking the executive team in a tower, there is no way to prevent them from falling under the influence of high-pressure, enthusiastic vendors. Selling is what vendors do. But CIOs can ensure they are not backed into a corner on a decision as important as outsourcing a portion of IT’s portfolio by having a well thought out and clearly articulated IT sourcing strategy in place when the CEO comes knocking. “The most mature IT organisations understand the whole of their operations. They have good metrics to track costs and service levels. They know the different points in the enterprise that could affect the IT operation as a whole,” says Dane Anderson, research director of IT services and sourcing for Gartner.

The O word

“They have a sourcing strategy already pulled together to defend against misleading or poorly thought through outsourcing decisions long before the big ‘O’ word even comes down from on high,” says Anderson.

The point of such a plan is not to build an a priori case against outsourcing. The goal is to gather all the facts – such as how IT fits into the overall business strategy, what the real costs and service levels are internally and how they compare with the outsourcing market – to create a fair-minded framework for making the best sourcing decision in any situation. “It’s much better to proactively investigate the sourcing alternatives than to find yourself reacting to proposals from your superiors,” says Jeffrey Kaplan, managing director of consultancy ThinkStrategies.

Doing all this takes time and effort. But with such a politically charged decision as outsourcing, such a plan goes a long way toward keeping emotion out of the debate. Every CIO should build an internal core competency in sourcing decision making. This way, when the CEO or CFO says, ‘I just spoke to EDS or BearingPoint and they can do all this for me – why shouldn’t we let them do it?’ you can say, ‘great question, here’s why’. If the question hasn’t been asked yet be assured it will be.

Conflicting motivations

Business executives have their own motivations when it comes to outsourcing IT functions. A CEO may see it as a chance to focus internal employees on core competencies or to transfer risk to a vendor. A CFO will be scouting for an opportunity to slice 30 per cent off the bottom line.

CIOs can have good reasons not to outsource a certain function at a particular point in time. The trouble is that the CIO’s first line of defence tends to be IT-centric, which sounds self-serving. As a result, “they’re not getting enough traction with executives when they explain what might be dangerous about outsourcing a certain problem,” says Phil Hatch, founder of sourcing consultancy, Ventoro.

The solution is to create a sourcing strategy that is tied to the overall business strategy. Around 65 per cent of IT organisations lack a sourcing plan, says Anderson of Gartner.

“And those that do have a document collecting dust. It’s like the letter to shareholders in the annual report. It’s not an actionable document. It doesn’t tell you how these decisions will be made.” A good sourcing strategy starts with the goals of the business and works from that to lay out the objectives for IT. That clear connection will enable the CIO to create a framework to guide sourcing decisions.

Aligning strategy

Dow Chemical’s IT leadership has not been bashful about outsourcing – or about how IT sourcing decisions fit into the big picture. “At Dow, our overall vision is to be the largest, most respected chemical company in the world,” says Mack Murrell, the senior director of information systems for the $46.3 billion chemical company.

"“We looked at it because so many people were outsourcing. But we have not been able to find a company that can approach what we spend today”"

Mack Murrell, senior director of information systems, Dow Chemical

“Everything in IT aligns to one or more of our four strategic themes: driving financial discipline, creating sustainability, focusing on people and investing for growth.”

Keeping those principles in mind makes sourcing decisions simpler and easier to sell to the business. Dow outsources between 60 per cent and 85 per cent of IT functions, depending on the workload and business cycle. Dow’s IT sourcing decisions start with an assessment of skills available internally and externally. Then IT can hand an activity to an outsourcer, augment its own staff or do a combination of the two, depending on the task’s strategic importance.

Core activities such as architecture, major technology decisions, contract management, security and senior-level relationships with the business that tie into Dow’s four strategic themes stay inhouse.

The desire to drive financial discipline led Dow to sign a 10-year deal with HP to handle its global help desk. “We don’t have to spend the money to build those skills up globally,” says Murrell. “HP has more scale and they can worry about where the talent pools are and how to make the financials work.” At the same time, Dow has kept its mainframe operations inhouse, even though that is an area a lot of companies outsource without a second thought.

“We looked at it because so many people were outsourcing,” says Murrell. “But we have not been able to find a company that can approach what we spend today.” Again, the theme is financial discipline. Dow’s internal IT resources can do the job for about 20 per cent less than the leading third-party providers and the key is that Murrell knows this, has researched this and has those numbers at his fingertips.

Breaking into China

Dow’s focus on growth led to Murrell’s decision to insource the bulk of the application development work he once sent to Shanghai. The Chinese market is an important growth opportunity for Dow. Outsourcer Accenture is involved in Dow’s Shanghai development shop but the majority of employees work for Dow.

“It was an opportunity to hire people, get to know China and be ready for doing more business there. Meanwhile, they are learning Dow work processes as they work on IT projects,” says Murrell. “Our partnership with Accenture has been very helpful in that process but we identified and are driving that opportunity, not the other way around.”

“What Dow has done is not unique,” says Jeanne Ross, principal research scientist at MIT’s Centre for Information Systems Research. “But it’s clearly articulated.” It does not guarantee success, of course. In 2004, Dow ended a seven-year networking deal with EDS three years early and transferred that work to IBM because it thought IBM “could provide more long term value”, according to Murrell. Problems may occur during the course of any outsourcing relationship but a sourcing strategy ensures that initial decisions are made in the context of where the business is headed.

“It provides a common language that’s understood across the company,” says Murrell. At Dow, the four driving principles are beat like a drum from the CEO down but that is not true in all organisations. At those companies, the CIO must engage the business in conversations about the company’s core mission and how IT can best help achieve it. If you don’t, you’re at huge risk and so is the IT group. Someone will ask ‘why don’t we outsource everything in IT?’

Creating the case

Creating a business-driven sourcing strategy is an important first step. But an apples-to-apples comparison of what it costs to insource a function versus outsourcing it must be fed into that framework. Outsourcers will always claim they can do better in terms of costs and service levels than internal IT – it is what they do, after all – so building a case against outsourcing may hinge on fact-checking that claim. “You have to be able to say, ‘here are our actual costs and service levels. Here’s what the provider can offer. Let’s figure out what makes a good case,’” says Gartner’s Anderson.

Many IT organisations lack a true understanding of their internal costs and service levels. For a time the business put money into IT because that was the cost of doing business. But it has been asking some hard questions for several years now. Unfortunately, the costs are often buried and there are no benchmarks. Guesstimates will not do. CIOs must know at a granular level how much their company spends on IT.

Jeff Dowds is IT principal, systems integration, at mutual fund company Vanguard. He is in charge of delivering IT services for three of Vanguard’s four lines of business and was always clear about the fact that the company’s business strategy drives his IT sourcing decisions. But if we had asked him two years ago about the service levels, costs and productivity of the mostly insourced IT department, he could not have told us. It was a tricky place for an IT executive overseeing an internal development staff of 1,600, even as competitors were doing more and more outsourcing.

A question of cost

It is easy to see why IT went the do-it-yourself route at Vanguard. The company operates virtually and technology is the link between the business and the customers. “We wouldn’t outsource all of our technology any more than we’d outsource our money management,” says Dowds.

But one of Vanguard’s strategic objectives is to keep costs low. If IT could not prove it was doing better than an outside provider, the decision to eschew outsourcing could come into question. “Delivering custom-built technology inhouse is expensive and we pay a premium doing that work inhouse and onshore. But we’re always interested in being better, faster, cheaper,” says Dowds. In 2004, Dowds started to focus in on costs and quality metrics. He knew he was probably paying a premium to keep development inhouse and needed to validate that investment with returns like developer productivity and software quality. “But it was a struggle to figure out how to best measure it and get the accounting right,” says Dowds. “We have to do it a consistent way to justify our choice to keep development inhouse.”

Calculating expenditure

As for costs, he says, “we don’t cost account ourselves to death,” he says. For each project, Dowds multiplies the hourly cost for developers by the number of hours required and tacks on an additional 15 per cent for infrastructure costs (such as additional Unix processing horsepower or increased storage) and another 15 per cent for the businesspeople who work with IT on the project.

“I don’t want to say it’s precise but it works well,” says Dowds. The data has enabled IT to justify its sourcing decisions to the business and stave off pressure to offshore application development. “IT is the biggest cost to the business and we don’t get a free pass,” says Dowds.

"“You don’t ever want to get yourself into a position where you have to outsource because you’re not good at what you do”"

Jeff Dowds, IT principal, systems integration, Vanguard

“We have a Vanguard governance group at the most senior level and they will challenge IT on how it sources development. We have been able to show them what our costs and productivity are and how we can manage them better. Outsourcing is not the only way to drive down IT costs. We can be more efficient and more productive.”

When it comes to outsourcing, Dowds would never say never, though. 10 years ago, Vanguard outsourced its LAN administration in order to cut costs. Four years ago, Dowds brought that work back inhouse for the same reason. In both cases, the sourcing decision achieved the desired effect. ‹ “If we discovered that our competitors were substantially lowering their costs by outsourcing and closing the gap in a material way, we’d have to reexamine our decision,” he says.

Meanwhile, Dowds displays fiscal responsibility by employing cheaper contract labour (which usually amounts to 8 per cent of IT’s total labour pool) that he can shed when times get tougher. “That way, the business is not asking, ‘when is IT going to wake up and outsource like everyone else?’” says Dowds. So far, there has not been a case where insourcing development was so expensive or counterproductive that Dowds could not build a business case for it.

“You don’t ever want to get yourself into a position where you have to outsource because you’re not good at what you do,” says Dowds. “You do it because there are other reasons in the business that drive you there.”

Knowing your place

At Henry Schein, economics weighs heavily in outsourcing decisions. “We put a ton of time into benchmarking,” says CTO and senior vice-president Jim Harding, who spends between $50,000 and $100,000 annually on consulting services to compare internal costs and service levels to those of major competitors and third-party providers.

Harding has done limited outsourcing as IT’s internal costs and quality have mostly held their own, even in areas that might not seem core to the $4.6 billion distributor of dental supplies. In fact, Harding chose not to outsource the helpdesk (which consists of a staff of six, supplemented with interns) because no outsourcer could touch his actual costs, which were 20 per cent to 30 per cent lower than third-party providers charged for the same service.

He did look seriously at outsourcing his datacentre and went through the bidding process just to find out what the actual offers were from vendors. Their proposals were too pricey. “We weren’t going to save any money doing it,” says Harding. “And in the worst case, you could end up in a situation where you want an extra extension cord and according to the contract, it’ll cost an extra $40,000.”

That happened when he outsourced support of the Henry Schein business unit that sells computer and networking equipment to doctors and dentists. “They wanted to take over the facilities and the people but still keep it here at our site,” says Harding. “And it ended up costing us more because they nickled and dimed us to death. We cut our costs significantly by bringing it back inhouse.” Money’s not the only factor driving Harding’s decision not to outsource. Less tangible issues are factored in. “Just because the vendors do it for a living doesn’t mean they do it any better. Nobody cares about our people like we do,” says Harding. “To give that over to IBM, we’d have to pay their higher rates and risk losing those service levels.”

Vendor competence

It is a lesson he learned the hard way. At a previous company, Harding hired an outsourcer to provide data recovery services. One day, the power went out. “Their uninterruptible power supply didn’t work and our machines went down,” says Harding. “And they were the so-called experts.”

Incorporating unpredictable or less quantifiable – but equally expensive – costs or benefits into a case against outsourcing is critical. “Once you have the numbers, you have to address a series of risks. The transition to the outsourcer could take longer, supplier productivity may not be as good as advertised and you may see less savings,” says Jones of Source Renaissance. “There could be all kinds of changes or unknowns downstream.” Getting a handle on costs and quality is a good first step but there are other less tangible risks that should be factored into any sourcing case. At Vanguard, data security has become a huge consideration in the decision not to outsource. Dowds is considering whether to proceed with a managed service deal for that very reason. At Henry Schein, there is not much outsourcing going on anywhere because the company has been able to leverage its centralised shared service model to great financial advantage, so a sudden move to outsource major portions of IT could have a negative effect on the corporate culture or employee morale. “There are things like the impact on employees, public opinion, intellectual property protection and compliance. Things you may not be able to apply an accurate numeric value to – that should be factored into the business case,” says Hatch of Ventoro.

Two decades years ago at the dawn of the outsourcing age, decisions about handing tech functions over to a third-party were made solely by the IT department, with no input from the business. During the megadeal days of the 1990s, the pendulum swung in the opposite direction, with the business foisting outsourcing deals on IT. Today, we are somewhere in the middle. “The ideal situation would be to make the sourcing decision process a collaborative one involving relevant stakeholders,” says Gartner’s Anderson.

Transparent technology

At Henry Schein, Harding engages the business in the process to protect himself from sending more work offshore than he is comfortable with. For instance, when it is time for auditing internal IT costs and working with external consultants on benchmarking, Harding involves the finance department. “I bring them in and have them look at it and add their own analysis as to whether it’s a fair benchmark,” he says. “It provides a good check and balance for IT, and it lends some credibility to the numbers.”

He also publicises internal costs and service levels monthly, explaining what the results mean in business terms, both in one-on-one meetings with the C-level suite and in IT steering committee conferences. “As long as your costs are competitive and you’re delivering well, there’s no pressure,” says Harding. “If those start to fail, they’ll start to say, ‘why don’t we bring in some outside experts?’” If there is a problem with internally delivered IT services, Harding is quick to communicate. “It can be as insignificant as an issue with email or as bad as an AS/400 core processor going down. We issue a code red and report on it at the end of the month,” says Harding. “If it’s something really critical, I’ll call the chairman myself.”

Harding believes the best defence is a good offence. He learned this at Mobil Oil in 1985 during the first outsourcing gold rush. “We made all the classic mistakes,” he says. “The business was making the decision, IT didn’t understand our own costs and we outsourced every single thing that was not core. We ended up taking it all back inhouse.”

The lesson for Harding was to involve the business early and often not only in sourcing decisions but in monitoring how well IT is delivering so the business leaders do not have the impetus to seek other sourcing options on their own.

Keeping competitive

When Steve Brown was CIO of Carlson Companies, the $8.4bn travel, hospitality and marketing conglomerate, he was selective about outsourcing. Hired in 2000, he knew that Carlson’s margins were slim and anything he could do to ease the margin pressures would help. Brown decided the best way to provide low-cost and high-availability IT services to the business was to keep most of IT inhouse as he transformed the decentralised IT function into a shared services organisation. He made certain the businesses understood not only why he did not outsource more but also how that decision benefited them. He created a catalogue of 85 services IT provided, each benchmarked against ‘best in class’ providers.

“That allowed me to make sure I was provisioning services that were best in class from a quality and cost point of view,” says Brown, who left Carlson in 2005.

Brown knew how important every dollar was to each of the company’s businesses. So he took his services catalogue and benchmarking and drilled down. He compared the IT for the hotel businesses to best in class hotels. He compared the marketing business’ IT costs to best in class marketers. “It’s important not just to benchmark but to be able to talk to the business in the terms that are meaningful to them,” says Brown. He also tailored presentations to the CEO, CFO and COO, making it a habit to point out where service or costs were less than stellar and explaining how that might be solved either internally or through a third-party provider.

Building trust

“You have to own all the facts and that allowed me to have a very meaningful conversation with the business about IT and enabled them to be an informed part of the decision-making process,” says Brown. “It transformed it from the typical conversation you have, which is, ‘we need to cut some costs. Let’s cut it out of IT.’”

When executives asked about the possibility of sourcing some application development offshore, he could tell them, “‘I’m already looking more deeply into that and here’s what I’ve found so far.’ They knew I was looking at every aspect of IT all the time. That created trust.”

Facing the music

A CIO can be proactive about creating a sourcing strategy closely aligned with the business strategy, diligent in assessing the costs and service levels necessary to make informed comparisons between sourcing options and involve the business every step of the way, yet the decision may still be made to outsource an IT function. That happened at Carlson, where last year the company signed a major outsourcing deal with IBM to handle selected IT and finance functions. Brown lobbied against the decision and ultimately resigned.

“These outsourcing decisions are still going to be made,” says Gartner’s Anderson. “But you can at least force the business to take a breath. When these mandates come down, you’ll at least have some initial argumentation. Worst-case scenario, if the decision proceeds, you have all the data to do a baseline comparison to what the provider is pitching you.”

Sometimes investing time and money in a detailed examination of sourcing options can bias executives toward signing a deal. “There’s a certain momentum to the process and some may feel the obligation to follow through and set up an outsourcing relationship,” says Kaplan of ThinkStrategies.

“But it’s a healthy exercise and can be successful even if you don’t end up outsourcing anything. It’s best seen as an opportunity to evaluate internal requirements and external opportunities.” A good sourcing strategy should be revisited at least once a year. The continued effort will pay off one way or another not only preventing against bad outsourcing decisions but also uncovering outsourcing opportunities you might not have considered. “Even if outsourcing is not on the table, start building your case,” says Anderson. “Not to defend against it necessarily but to be prepared to have that discussion based on a business case.”

When not to outsource

8 reasons to keep an IT function inhouse:

1) Your company is going through rapid or dramatic change
2) You already have a low-cost IT environment
3) Your sole rationale is cost savings
4) You do not have an overall sourcing strategy
5) You do not have the internal competency or a plan to manage the outsourcer
6) You do not understand internal IT costs and quality
7) You would have to transfer a significant amount of knowledge that is core to the business
8) You are not clear about the overall business strategy and how IT fits into it

Risky Business

Costs, quality and the relationship of IT to the overall business strategy are critical factors in deciding whether or not to outsource. But other nontangible risks must be factored into the business case as well. According to outsourcing consultancy Ventoro, they include:

Employee impact Outsourcing can affect employee morale and productivity in the short and long term.

Customer impact Decisions to outsource may have a negative effect on customer opinion and ultimately on revenue.

Partner impact An outsourcing deal may force process and system changes on other vendors with who you work.

Laws and regulations Outsourcing can affect your ability to comply effectively with laws, regulations and other standards. Compliance in an outsourced model can also cost more.

Security and intellectual property protection Outsourcing can impact system, facility and data security and may increase the potential for IP theft, fraud or other problems.

Business continuity and termination An outsourcing deal that fails can interfere with day-to-day operations.

Performance and support Outsourcing can affect real-time systems performance, IT support costs and technology integration.