Outsourcing Risk Management and Information Transparency | Deloitte US has been added to your bookmarks.
Outsourcing risk management and information transparency
Creating value across the extended enterprise
With more and more companies relying on outsourcing, what can organizations do to increase information transparency and better manage outsourcing risk?
- Creating an open dialogue
- Developing an integrated risk and controls framework
- Balancing value protection and value creation
- Related articles
- Get in touch
Creating an open dialogue
Transparent communication is evolving for outsource service providers and their customers. Imagine a scenario where an airplane pilot didn’t have a standard mechanism to communicate with air traffic control. The pilot is responsible for the safe operation of the aircraft, while air traffic control is responsible for maintaining the safe, orderly, and efficient flow of air traffic throughout the global air traffic control system. The two must work seamlessly to fulfill their respective responsibilities and ensure safe travel for airline passengers. Similarly, in any outsourcing relationship, each party will have a different lens on the requirements, depending on which side of the relationship they represent.
A key to a successful outsourcing relationship is “outsourcing transparency,” which requires communication between the two parties on priorities and information requirements. For example, clear communication between an airline pilot (customer) and air traffic control (service provider) defines a set of responsibilities for each party and is critical to achieving safe air travel.
Because its mission is critical, the aviation industry has standard protocols and procedures for communication between its pilots and air traffic control. This is not the case in many other industries that haven’t matured enough to establish a common understanding on what, when, and how information should be shared to achieve objectives.
Developing an integrated risk and controls framework
Determining what to provide, as well as when and how to supply it, plagues many service providers. Likewise, customers struggle with matching the level of risk to the information requested.
Customers can better define optimal transparency by gathering regulatory and other requirements across lines of business and establishing a governance framework, which includes each inventoried risk domain, respective risks, and controls to ensure providers adhere to requirements. These requirements should be built into the provider cycle to establish guidelines on information flow for each phase. This can include the contract terms, service-level agreements, and information that will be shared to provide comprehensive oversight.
Similarly, providers can streamline and structure reporting requirements into an integrated risk and controls framework to be more efficient and meet the needs of their customers with a consistent message across the company and throughout each phase of the outsourcing lifecycle.
Balancing value protection and value creation
Growing reliance on outsourcing has many companies managing thousands of provider relationships at any given time. Without a standardized process for assimilating and submitting information, managing and responding to requests remains inefficient and costly. External reporting mechanisms, such as independent auditor reporting, can be requested and provided to realize substantial efficiencies.
Companies that reduce the cost and increase the efficiency of information flow can diminish the reality or perception of risk. To reduce risk, customers can eliminate providers that don’t measure up. At the same time, providers that are transparent may offer opportunities for customers to involve them at a more strategic level where they can drive higher value. Learning how to use outsourcing transparency to manage risk and leverage provider capabilities can enhance competitive advantage for both sides.
Next, companies need to define a baseline of acceptable risk tolerance for outsourcing transparency. This baseline can be established once the integrated risk and controls framework has been established, which will highlight gaps in control assurance. Measuring risk domains for maturity is becoming increasingly important as more stringent regulations drive the need for greater assurance through control frameworks and therefore greater maturity in provider environments.
As companies continue striving to attain a mature level of outsourcing transparency, both parties should have an open dialogue to define requirements and how to address them in the most cost-efficient and effective manner.
Download the full PDF to learn more about the importance of outsourcing transparency.
- Third-party assurance optimization: Value-creation strategies for service providers
- Third-party proficiency with SOC 2+: Manage risks outside your organization
- Unlock the value in your technology investments
- Extended enterprise risk management: Driving performance through the third-party ecosystem