- Outsourcing Law - http://www.outsourcing-law.com -
Risk Management: Board of Directors Concerns
Outsourcing involves operational risk in a company’s supply chain. But it also plays a role in other risk parameters that an enterprise’s board of directors has fiduciary and regulatory responsibility to manage. This article addresses a holistic risk management framework for board members as well as senior executives and in-house lawyers. This article does not address the Board’s internal governance structure that defines whether the entire board, or subcommittee dedicated to risk management, will be considering initially the adoption of risk management polices and procedures and responding to management’s proposals on outsourcing.
Board’s Role. In the modern corporation, the board of directors is responsible for managing the enterprise for the benefit of the shareholders. Modern principles of brand management and corporate social responsibility expand the constituencies to employees, suppliers, customers and the community. Management responsibility includes planning and execution of business strategies. Risk management responsibility includes planning and execution of strategies to mitigate, eliminate or shift risks arising from business operations. Since non-executive board members are not involved in day-to-day implementation of business strategies, the question for outsourcing planners is to determine what type of risks pose sufficient threats that the Board should consider and manage them.
Board Subcommittees. Most major corporations use subcommittees of the Board to identify special concerns and bring them to the attention of management and the board. These may include:
Risk management from outsourcing comes under review by the Board committee that addresses risk management.
Types of Risks. At the board level, classic risk theory identifies many types of risk for the business enterprise in a global marketplace.
Impact of Risk Analysis on Outsourcing. Outsourcing involves some form of risk across each of the core risk matrices – marketplace, operational, financial, governance and unmanageable risks. Outsourcing lawyers understand the impact of outsourcing on such risk matrices and assist the parties by identifying and allocating risks for a transparent, enforceable and effective relationship. Unlike a secured loan with security in the form of a mortgage, pledge, security interest or guarantee, outsourcing involves continuing risks that are unsecured and require ongoing planning and relationship management to ensure the contract is honored and that the obligations – even in cases of disagreements between customer and service provider – are defined and respected.
Service Offerings. Not surprising, business process service providers have developed suites of services that support the enterprise’s ability to assume, mitigate, manage and/or shift risks. For example, operational services for mortgage applications, credit applications, lending functions and employee benefits administration typically encompass both the delegated functions and critical elements for reporting, audit and assurance of compliance with laws, contracts and operational procedures. Some service providers include data warehousing and analytics services for all their BPO services to help companies identify, measure and manage risks.
Vendor Selection. As in any prudent portfolio investment, the process for selection of approved vendors can narrow the risks of outsourcing. If the enterprise has not had extensive experience in outsourcing, or if it has had some experience but wants leverage to avoid making some well-known risks that were not managed in an existing outsourcing relationship, an experience consulting firm and an experienced lawyer can help assist in needs assessment, risk assessment, due diligence, competitive bidding and the process of narrowing down the field of vendors.
Contract Development. Enterprises hiring others to perform essential services will enter “master services agreements” supplemented by “statements of work,” pricing schedules and other exhibits to manage risk. The business design in the contracts must anticipate marketplace risks, operational risks and even unmanageable risks. The boilerplate in the contracts must include compliance with applicable laws generally, the laws governing the enterprise’s business (including specialty regulations and even licensure and registration), legal liability, legal compliance risk, internal governance risk and accounting risk.
Review and Approval by the Board of Directors; Board’s Role. When reviewing a proposed outsourcing contract for approval by the board, each director should have an understanding of the risk matrix and how the business relationship will affect the key risks. The deal should enable management to make changes peremptorily, without consent of the service provider, as business requirements, market conditions, regulations and business strategy evolve. However, the board should appreciate that outsourcing relationships are sticky like glue, and untangling a failed relationship can be costly, diverting both cash and limited management resources to remediation. The prudent director will thus focus on cost, effectiveness, credibility of the service provider, business resiliency across all risk matrices and flexibility. In deciding to approve an outsourcing, the board should balance risk against cost and other benefits, just as in any joint venture, acquisition, divestiture or other strategic change.
Relationship Governance in Outsourcing. The law of entropy (and basic business management) states that, over time, disorder in the universe will increase unless managed. Accordingly, effective outsourcing requires a team to ensure appropriate governance of the relationship and that, through such governance, the generic and special risks are identified, evaluated and managed on a continuous basis. It is one of the ironies of relationships that by assisting and collaborating with a service provider, the customer is serving the customer’s own purposes. Effective governance requires a flow of performance data, analysis of effectiveness of the services and a plan for integration of external services with internal services. It is a best practice in outsourcing to adopt a detailed plan for relationship governance that addresses key risks and helps facilitate pursuit of emerging key business opportunities.
Contract Renewal and Renegotiation. At the renewal of an outsourcing contract, risk management considerations will dictate whether the incumbent service provider will be considered for renewal and what new contract changes will change the allocation of operational, financial and legal risks between the parties.
Risk Management at the Board Level. Outsourcing is no longer a tool for a line-of-business manager to use to obtain operational services for one line of business. Rather, outsourcing transcends lines of business and all levels of management, administration and operations. In fulfillment of its fiduciary duties including its responsibility to manage risks, the board cannot delegate management of the in-house operations, and it cannot delegate management of outsourcing either. In light of the increasing use of outsourcing and shared service captives across borders, the board might delegate initial analysis and oversight of management sourcing strategy to a subcommittee, such as a “Strategy and Risk Oversight” Committee, or a “Compliance Committee.” The board (or its delegate, such as the CFO, CCO or General Counsel) should monitor the outsourcing by:
Like any other form of risk management, risk management in outsourcing requires continuous monitoring and administration, as well as periodic review for overall assessment of effectiveness and suitability. Effective risk management in outsourcing will permeate the entire organization, from the board to the C-suite and operational managers.
Risk Management in the C-Suite: The CFO’s Role. The Chief Financial Officer is responsible for risk management in many ways. The CFO’s biggest job is to manage for growth and value. Other typical responsibilities include company strategy and business reviews, financial reporting, human resource development, investor relations and board relations, information technology and management information systems and mergers and acquisitions.
WBB.
Article printed from Outsourcing Law: http://www.outsourcing-law.com
URL to article: http://www.outsourcing-law.com/risk-management/risk-management-in-outsourcing-from-the-board-to-the-contract-administrator-and-back/
Click here to print.
Copyright © 2012 Outsourcing Law. All rights reserved.