《HB-240-2004.pdf》由会员分享,可在线阅读,更多相关《HB-240-2004.pdf(107页珍藏版)》请在三一文库上搜索。
1、HB 2402004 GUIDELINES FOR MANAGING RISK IN OUTSOURCING Utilizing the AS/NZS 4360:2004 process Accessed by UNIVERSITY OF SOUTH AUSTRALIA on 14 Apr 2008 HB 2402004 Guidelines for managing risk in outsourcing utilizing the AS/NZS 4360:2004 process Edited by Dennis Goodwin, Department of Defence, Dr Dal
2、e Cooper, Broadleaf Capital International Pty Ltd Professor Jean Cross, University of New South Wales, and Kevin W. Knight and Tom Walker, representatives of The Association of Risk and Insurance Managers of Australasia (ARIMA). Standards Australia gratefully acknowledges Dr Nick Seddon of the Austr
3、alian National University, and Kate Reid and Dr Jenny Stewart of the University of Canberra, for their contributions towards the development of this document. Accessed by UNIVERSITY OF SOUTH AUSTRALIA on 14 Apr 2008 This Australian Handbook was prepared by Joint Technical Committee OB-007, Risk Mana
4、gement. The following interests are represented on the Committee OB-007: Australian Computer Society Australian Customs Service Australia New Zealand Institute of Insurance and Finance CSIRO (Commonwealth Scientific and Industrial Research Organisation) Department of Defence (Australia) Department o
5、f Finance and Administration Emergency Management Australia Environmental Risk Management Authority (New Zealand) Institute of Chartered Accountants (Australia) Institution of Engineers Australia Institution of Professional Engineers New Zealand Local Government New Zealand Massey University (New Ze
6、aland) Minerals Council of Australia Ministry of Agriculture and Forestry (New Zealand) Ministry of Economic Development (New Zealand) NSW Treasury Managed Fund New Zealand Society for Risk Management Risk Management Institution of Australasia Safety Institute of Australia Securities Institute of Au
7、stralia University of New South Wales Victorian WorkCover Authority Water Services Association of Australia ISBN 0 7337 6253 0 Standards Australia International All rights are reserved. No part of this work may be reproduced or copied in any form or by any means, electronic or mechanical, including
8、photocopying, without the written permission of the publisher. Published by Standards Australia International Ltd., GPO Box 5420, Sydney, NSW 2001, Australia Accessed by UNIVERSITY OF SOUTH AUSTRALIA on 14 Apr 2008 Copyrightiii Guidelines for managing risk in outsourcing Preface The rapid developmen
9、t in the area of Information Technology has provided new opportunities and new risks, brought about changes to industrial processes, and made the marketplace more complex and quick to react to changes. Globalization, deregulation and fierce competition have made organizations even more vulnerable, w
10、ith the ultimate risk being their elimination from the market. Product lifecycles and lead-times are even shorter. Concentration may even lead to a single supplier where before, through regulation, there may have been two. Goods today can be delivered from any place around the world to an organizati
11、ons doorstep just as quickly as from the local region. Consequently, longstanding relationships become tenuous while customer loyalty quickly diminishes. In both the public and private sector, the outsourcing of services and non-core business is becoming the norm rather than the exception to the rul
12、e. Similarly the private sector ownership and operation of public facilities and services is increasing. With many activities now involving a multitude of participants, each with their own (in many cases conflicting) needs, goals, and internal and external demands, it is not surprising that signific
13、ant risks abound. The complex nature of many projects adds to these risks. The application of a robust and disciplined risk management process utilizing AS/NZS 4360:2004 (the standard), fully integrated into the early outsourcing considerations, should greatly assist the management of any organizati
14、on in finding that delicate balance. In terms of accountability, a risk management approach demonstrates that management has: considered all of the identified risks in terms of their consequences and likelihood; and implemented a risk treatment plan in order to avoid, reduce, transfer or retain adve
15、rse risks (or put in place a number of initiatives to take advantage of risk opportunities). Accessed by UNIVERSITY OF SOUTH AUSTRALIA on 14 Apr 2008 This page has been left blank Accessed by UNIVERSITY OF SOUTH AUSTRALIA on 14 Apr 2008 Copyrightv Guidelines for managing risk in outsourcing Contents
16、 Preface iii Part 1:Introduction 1 The Australian and New Zealand outsourcing guidelines An opportunity and a challenge 1 What is outsourcing? 2 What is risk? 6 The process for managing risk 10 The integrated process of risk management and outsourcing 14 Part 2:Risk managementProcess, methodology an
17、d techniques 17 Communication and consultation 17 Step 1 Establish the context 19 Step 2 Identify risks 28 Step 3 Analyse risks 31 Step 4 Evaluate risks 35 Step 5 Treat risks 37 Continually monitor and review 47 Implementing a corporate program for managing risk 49 Appendices A Some major risks in o
18、utsourcing59 Discusses in detail a number of issues/risks that may arise as a consequence of outsourcing. B Tools, tips and traps 73 Provides checklists for important issues that need to be addressed through each of the phases of outsourcing. C Case studies81 Provides commentary on some case studies
19、 pertinent to outsourcing. Further information91 References92 Glossary94 Accessed by UNIVERSITY OF SOUTH AUSTRALIA on 14 Apr 2008 This page has been left blank Accessed by UNIVERSITY OF SOUTH AUSTRALIA on 14 Apr 2008 CopyrightPart 1:Introduction1 Guidelines for managing risk in outsourcing Part 1:In
20、troduction The Australian and New Zealand outsourcing guidelinesAn opportunity and a challenge These Guidelines present an opportunity to learn about the strategic issues associated with outsourcing and how the process of managing risk can be fully integrated into the process of outsourcing. They al
21、so present a challenge to organizations to apply the risk management process as a means of enhancing the effective outcome of an outsourcing program. The objectives of these Guidelines are to provide: a generic framework for managing risks in the outsourcing process; and a reference point for Chief
22、Executive Officers, Line Managers and staff when developing processes, systems and techniques for managing risks. The Outsourcing Guidelines are intended to provide only a broad overview of risk management and its integration into the outsourcing process. Organizations are expected to interpret thes
23、e Guidelines in the context of their own operational environment and to develop their own integrated specific risk management approaches. Outcomes Possible outcomes of an adherence to these Guidelines include: a greater exercise of creativity and innovation in management practice; a higher standard
24、of customer service; a more effective organization; access to a wider range of specialist expertise; an improved capacity to manage in the face of competing obligations; genuine synergy (e.g. running other commercial activities from under- utilized facilities); improved organizational morale; increa
25、sed economies of scaleparticularly in capital intensive areas (e.g. shared depots); increased flexibilitya broader base; Accessed by UNIVERSITY OF SOUTH AUSTRALIA on 14 Apr 2008 Part 1:IntroductionCopyright2 Guidelines for managing risk in outsourcing more ability to provide up-front investment in o
26、rder to secure long- term benefits; more effective allocation and use of resources; more effective outsourcing programs; and a more competitive organization. The outsourcing guidelines in context These outsourcing guidelines are an implementation of the standard in the outsourcing context. These Gui
27、delines assume that the reader has read the standard and is familiar with the risk management process. These Guidelines can also be read in conjunction with Applying risk management techniques to complex procurement (Cooper 1997). What is outsourcing? Outsourcing can be defi ned as a contractual arr
28、angement where an external organization takes responsibility for performing all or part of an organizations functions, and may involve a partial or complete transfer of staff and/or resources. Within an organization goods need to be obtained and services need to be performed for other parts of the o
29、rganization. Goods and services delivery can be broken down into three core functions: the customers who require goods or services; the provider of the goods or services; and those who must manage or purchase those goods and services and who must ensure that they continue to meet the customers needs
30、 to an appropriate standard. To achieve organizational effi ciencies many organizations have segregated and formalized these processes. To achieve additional effi ciencies; organizations have opened the provision of goods and services to competition. Where this has resulted in an external supplier,
31、it is called outsourcing. Purchaser Customer Manage Monitor ProviderGoods/Services Figure 1 The three core functions of goods and service delivery Accessed by UNIVERSITY OF SOUTH AUSTRALIA on 14 Apr 2008 CopyrightPart 1:Introduction3 Guidelines for managing risk in outsourcing Many of the risks asso
32、ciated with outsourcing are associated with these three functions and their interrelationships. Outsourcing does not necessarily transfer the governance, accountability, or the risks associated with the outsourced activity. The manager responsible for the outcomes of that activity retains accountabi
33、lity for the performance of the activity, and the management of the risks associated with it. In addition, new risks emerge with outsourcing which in turn requires management attention. A number of risks are discussed in Appendix A. All organizations outsource in one form or another. Some organizati
34、ons purchase the materials required for their manufacturing processes, while some contract out the marketing and distribution of their products. Other organizations divest themselves of an entire integrated activity by creating a subsidiary organization and selling it off. (Governments achieve the s
35、ame through the creation and privatization of Government Business Enterprises.) When considering the outsourcing process as an alternative, it is important to remember that one size does not fi t all. Whether the activity or function is eventually outsourced or retained in-house, the associated cost
36、s, expected performance levels, cultural and value chain implications, and management requirements are not the same in all organizations, or even within an industry. While these Guidelines focus on the application of the risk management process to more complex aspects of outsourcing, they can, howev
37、er, be applied in a simpler form to less complex activities/services. The process of outsourcing Outsourcing can be categorized into three distinct phases: strategic analysis; transition planning; and implementation. Strategic analysis Transition/Planning Implementation Communicate and consult Monit
38、or and review Figure 2 The three phases of outsourcing Accessed by UNIVERSITY OF SOUTH AUSTRALIA on 14 Apr 2008 Part 1:IntroductionCopyright4 Guidelines for managing risk in outsourcing Strategic analysis is the analysis undertaken in order to decide whether to outsource and, if so, what to outsourc
39、e. Transition planning is the development of plans and strategies which are needed in order to outsource and to move between in-house and outsourced programs. Implementation refers to the implementation of those plans and strategies. Why outsource? Advantages of outsourcing may include: removal of m
40、anagement constraints that limit flexibility (e.g. constraints related to industrial conditions or organizational culture); gaining access to specialized expertise related to specific technical expertise and innovative technologies related to the provision of particular goods and services which may
41、not be sustainable internally; taking advantages of economies of scale of a specialist provider who may also be providing goods and services to other organizations; and the re-direction of resource skills away from non-operational areas to the more critical core operations of an organization. This i
42、n turn can provide the organization with a better focus in terms of improving its overall performance and competitiveness. Where an activity or function comes under scrutiny as a result of high costs or poor performance, the path to outsourcing should not be automatic. Outsourcing is simply one of a
43、 number of options that need to be examined as a means of overcoming the defi ciency within the organization. The decisions about whether or not to outsource is related to the allocation of risk benefi ts and cost. The risk management process is a structured and systematic process for considering th
44、ose options. The impact of outsourcing on an organization Outsourcing may cause major changes to the nature and competence of organizations. Outsourcing a particular activity can have a major impact on the organization, particularly if the outsourced activity is a critical link in the organizations
45、value chain. Adverse impacts of outsourcing may be associated with the purchaser, the provider or the customer, or their interactions (see Figure 1). For example, although separation of the three functions may make costs more explicit, there is a risk that the full costs of outsourcing may not be pr
46、operly considered. For the customer, outsourcing usually involves more formal and complex arrangements for the supply of goods and services and for their payment. For the purchasing function this may require the organization to develop more skills and expertise for establishing, managing and monitor
47、ing the relationship between the provider and the customer. Accessed by UNIVERSITY OF SOUTH AUSTRALIA on 14 Apr 2008 CopyrightPart 1:Introduction5 Guidelines for managing risk in outsourcing For management, outsourcing may mean loss of technical expertise within the organization with no guarantee th
48、at the specialist expertise will be available in the medium- to long-term. Regardless of how an activity or function is being carried out, and regardless of how it is currently being managed, once outsourced it must be managed differently; therefore different management skills are needed. Once goods
49、 and/or services are outsourced, their integration with internal activities and/or functions requires a higher level of attention. Should the skills for managing an outsourced activity or function not be available in-house, staff with such skills will need to be recruited into the organization. This implication needs to be considered in the overall evaluation of the outsourcing proposal. Overall, there will be organizational culture issues that will impact on the organization because of rearrangement and disaggregation of functions. Because many of the c