The notion that by outsourcing or contracting, you have transferred your risk to another party is a myth. If it isn’t core to the achievement of your objectives or if the expertise resides outside of your business then outsourcing is positive.
Senior executives, both in Government and Private Enterprise say “there is no need to worry about that risk – I have transferred that to the Contractor.”
This is simply untrue.
“If you own the consequences (or at least part of them) then you own the risk.”
For example;
In the series Air Crash Investigation, there is an episode titled “Dead Weight”.
In this episode, maintenance staff working for a company that is sub-contracted to conduct maintenance on behalf of Air Midwest’s primary maintenance contractor skip 9 of 25 steps detailed in the maintenance manual when adjusting the tension on the elevator control cable. As a result of this, the elevator control cable is unable to traverse through its full range of motion.
When Air Midwest flight 5481 took off overweight, the centre of gravity shifted rearwards when the landing gear was raised, which pitched the nose higher. Due to the issues with the elevator control cable, however, the pilots were unable to bring the nose down, the aircraft stalled and crashed into a hangar on the ground killing all passengers and crew on board.
The issue arose in this case due to the fact that there was no contract oversight/assurance by either Air Midwest or the Primary Contractor.
A Contract is a control – but a control is only as good as the measurement of its effectiveness. Organisations that outsource simply cannot afford to assume that because there is a contract in place that:
- They have outsourced the risk to the Contractor; and
- That the Contractor’s performance will be as contracted and as reported.
This last point may seem a cynical one, however, you need to accept that the primary driver for a contractor is to maximise profit and if shortcuts can be taken in pursuit of this agenda then those opportunities are likely to be pursued.
What is even more important for organisations to understand and accept is that if the function that is contracted is a compliance requirement and if there is a compliance breach it is the organisation – not the contractor – that will be held to account.
So, what are the keys to reducing the outsourcing risks?
Firstly, the organisation needs to ensure that prior to developing the solicitation documentation for an outsourced function, the risks during the contracted period are identified, assessed and treatments (such as oversight and performance measurement) are fully built into the contract. It is absolutely critical that compliance risks with the highest level consequences are included in this list.
Secondly, the organisation needs to ensure contract performance is proactively monitored and measured (i.e. do not simply accept contractor’s performance reports as fact).
In essence, organisations need to remember that although you can outsource responsibility for the management of functions – you cannot outsource accountability for the consequences of not managing risk. In simple terms – if the contractor fails – the organisation fails. If an organisation owns the consequence it owns the risk.
If your organisation is one where contact management and contract assurance are not front of mind – or yours is one where the assumption is that the risk has been transferred to the contractor, you are in a dangerous position.
Bio:
If you have any burning questions on risk management, Rod Farrar is always ready for a friendly chat. Contact him at rod@paladinrisk.com.au or 0400 666 142.