Risky Business - And How to Manage It

One of the reports I’ve had bookmarked for the past few months is project management consulting firm ESI International’s “Risky Business: Organizational Effectiveness at Managing Risk of Outsourced Projects”. You can already guess what it’s about, and it’s no surprise to any of us that the points mentioned as pitfalls for companies include misaligned expectations, unclear definitions of outsourced projects, and poor vendor and contract management.

But what really hit me about the report was this – Most customers who outsource projects, do not have a handle on risk. The survey, conducted in April of this year by ESI included project managers, executives, buyers, and sourcing decision-makers in governments and companies around the world. They were asked to respond to a wide variety of questions on risk assessment, risk management, and how they approach the outsourcing decision, both financially and organizationally. And the numbers astounded me:

  • 19% of respondents said their firm is not effective at risk assessment, and 36% said it’s somewhat effective.
  • 21% said their firm is not effective at risk management, and 33% said it’s somewhat effective.
  • Only 39% of respondents said that their firm is strong in risk management.


As Healthcare Technology Online says, it all comes down to this – “Of the 95% of organizations that buy, provide or both buy and provide outsourced services and functions, fewer than half are able to effectively manage risk of outsourced projects”. This worries me, and it should worry you if you’re a prospective outsourced services buyer.

But let’s put things in perspective here. The survey results are not about the inherent risks of outsourcing (although we know they are there). The results are about companies’ assessment and management of those risks. Since there’s a problem with how firms approach the process, it means that approach can be changed and improved. Three recommendations:

  1. Training – And I mean training specifically in risk management, focused on your project management team. The single point of failure for most outsourced projects is the communication between your project manager, and the vendor’s project manager. According to the survey, 61% of the respondents said their firm needed more information and training in risk management.  
  2. Define requirements clearly – This should not be limited to communicating the work you expect done, but also your financial goals for the project. And once those requirements have been established, stick to them. CIOs and project managers must constantly be re-evaluating progress in relation to those original objectives. 70% of respondents said that managing product or service quality is the top outsourcing risk to their firm.
  3. Be realistic – Especially in terms of costs. Yes, outsourcing can produce substantial savings, but about 10% of those savings on average will be spent in vendor management and project governance. They must be included in your due diligence.