1 / 8

May 26 & 27

May 26 & 27. “ Mitigating Offshoring Risks in a Global Business Environment“. Marsh Technology Conference 2005 Zurich, Switzerland. Definitions. Offshoring is the performance of certain business functions in another country primarily to achieve economic benefits .

Download Presentation

May 26 & 27

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.


Presentation Transcript

  1. May 26 & 27 “Mitigating Offshoring Risks in a Global Business Environment“ Marsh Technology Conference 2005 Zurich, Switzerland.

  2. Definitions • Offshoring is the performance of certain business functions in another country primarily to achieve economic benefits. • Outsourced to a vendor, who manages the process for a fee or percent of the savings; • Company-owned process, where operations are developed in a host country • Typical business functions targeted for offshoring include: • Software development • Technology design, build or assembly • Customer service • Business process operations

  3. Offshoring has Compelling Economics • Cost reduction- From 2003 through 2008, U.S. businesses will save a projected $20 billion using offshore resources1 • Production costs are30-50% lower in China vs. traditional U.S. manufacturing2 • Quality - Offshoring provides good quality e.g. Indian service providers often provide CMM Level 5, Six Sigma, ISO 9000 and BS 7799 certifications. • Competition- Time zone advantages exist as well as larger pools of talent. It enables a company to remain competitive in their market. • New Markets- By operating “in-country”, new growth opportunities may be opened up and leveraged. - A data switch is made by 3-Com in China for about $180,000. Cisco’s competitive switch is $245,000--a 25% price gap. 3-Com is “getting four engineers for the price of one” 3 - India's National Association of Software & Service Companies (Nasscom) alone expects its outsourcing business will surge more than 26 percent to 28 percent in 20054 1 Global Insight report 2003 2 Business Week 02-06-04 3 Ibid 4 Nasscom Study 2005

  4. Offshoringalso has Serious Threats IP theft Natural disaster Political instability Risk Mitigation Capabilities Internal cyber-threats Terror incident Offshore Operations Business Plan Response & Recovery Capabilities Counterfeiting products Major IT outage External cyber-incident • What Defines a Serious Threat? • Impacts the business plan • Fast developing • Creates long-term change • High stress to organization • Large-scale

  5. Offshore Risk & Security Process Phase 1 Phase 2 Phase 3 INPUTS • Assess and Analyze Design and Plan Deploy and Monitor MAJOR STEPS Project Initiation and Assessments Program Design and Strategy Planning Plan Deployment • Deploy improvement components of offshore risk master plan • Security policies & controls • Regulatory compliance • Technology continuity • Project Management • IP Protection • 2. Implement monitoring process for continuous improvement • Analyze offshore risk gaps: • Current security policies & controls • Regulatory compliance • Technology continuity • Project management • Security governance • Incident response process • 2.Create offshore risk mitigation plan: • Define offshore risk controls • Align risk controls to the business plan • Outline processes for measuring results • 1. Offshore risk assessment process: • Threat and Risk assessment: • Business impact • Technology trends • Security environment • Threats and vulnerabilities • Project Management • Regulatory compliance • Policies & standards • Technology continuity • Statement of applicability • Protection of IP ACTIONS • Offshore project risk management framework • Regulatory Compliance Report • Incident response plan • Continuous improvement process for risk mitigation • Offshore Risk Mitigation Master Plan • Prioritized activities • Funding and resources • Timeline • Success criteria • Team structure • Risk/Impact matrix • Documented offshore risk controls status • 3. Offshore Project Management strategy DELIVER-ABLES

  6. First Step: a Threat and Risk Assessment Kroll Offshore Risk Workshop Deliverable (Example) High Define • Threats, their probability and the business impact Classify • Risk impact of the threats Analyze • Existing controls • Business processes • Overall preparedness posture Design • Develop an initial option to address each risk Product Counterfeiting Technology Outage Kidnap & Ranson Cyber-terror Product Design Loss Risk Impact Transfer Change Business Impact Risk Management Options Monitor Control Low R&D theft Low Cyber-fraud Regulatory Non-compliance Low High Risk Probability

  7. Consider These Questions: • Have you conducted a thorough offshore risk assessment and analysis • Do you have written policies for IP protection with your service provider and your customers? • Is there a seasoned offshore specialist in charge of the program? • Do you have external legal advice? • What is the track record for the target region/vendor for risk incidents? • Are there country-specific issues e.g. bribery, corruption, counterfeiting, ineffective law enforcement, data protections laws? • What is the security status of the region’s IT and network infrastructure where your service provider is located? • What is the region/country record for successful prosecution of cyber-crimes? • What is the in-country policy for employee privacy, background screening, hiring/firing, etc? • Are there exposures due to ancillary agreements with other contractors? • Do they meet your standards as well as those of your customers?

  8. Discussion

More Related