Acknowledging risks when deciding to outsource business processes : the case of data theft
Rouse, Anne 2006, Acknowledging risks when deciding to outsource business processes : the case of data theft, in ANZAM 2006 : Proceedings of the 20th Annual Conference of the Australian and New Zealand Academy of Management : 6-9 December 2006, Central Queensland, Australia, ANZAM, Lindfield, N.S.W., pp. 1-12.
Outsourcing is generally framed in terms of benefits and cost savings, rather than risks. One important risk is “data theft”. This paper draws upon a longitudinal study into IT and business process outsourcing to present a theoretical model incorporating risk. Sources include qualitative interviews with purchasers, non purchasers, and vendors of outsourced business process services. It concludes that data theft is an under-acknowledged risk in all business process outsourcing (BPO), but is higher for offshore outsourcing. This risk may be mitigated, but when factored into the business case can invalidate typically small cost savings. In acknowledging and adequately costing this risk, decision-makers may find BPO, particularly where offshore vendors are involved, less attractive.