IT-Outsourcing mit Cloud Computing (German Edition)


A midsized chain of health and beauty stores in Europe that we shall refer to as HealthCo outsourced its entire IS department to transform its contribution to business goals. Like Xerox, it set an ambitious agenda to change IT and the business and to prime its competitive capacity. Major alterations in strategy necessitated the transformation of the business model, in particular, reengineering the supply chain to optimize cost and speed of end-to-end operations.

Unlike Xerox, HealthCo was not in a position to create the new systems and infrastructure needed to support its plans for business expansion.

Ultimately, HealthCo intends to further develop its core competencies — product sourcing and merchandising — and to develop a core network of world-class partners to do everything else. This goal will require new systems that are tightly integrated with the systems of its strategic partners.

What's Hot

HealthCo believes that outsourcing relationships can yield significant business benefits and that exposure to risk can be controlled through a close and mutually beneficial relationship underpinned by performance-based contracts. An example is assortment planning, a critical process for most retail stores, which involves estimating quantities and varieties of product lines.

Its outsourcing vendor is developing the new system at cost and will be paid a percentage of the bottom-line improvements it creates. The telecommunications services provider, Pacific Bell Telephone, also required substantially improved IT-based business capabilities to speed up new product introductions and service enhancements. The main impediment was its aged and inflexible customer-billing system which is the heart of all operations and feeds into all its other information systems , but the IS group lacked the skills and competencies necessary to replace the old system and manage the new one.

The group engaged an IT specialist organization to do the work; this relationship soon evolved into a joint venture called the Solutions Engineering Center of Excellence to facilitate knowledge transfer and continued development of the system after its implementation. As one executive put it: I also wanted an effective technology transfer between their experts and our own internal people. It spread the risks and costs of the ambitious new systems project between the partners: Dow Chemical used an equally innovative approach to outsourcing to create new IT capabilities.

It had difficulty retaining skilled people to manage increasingly bigger and more complex IT-enabled business change projects and to implement systems integral to business performance. The applications development manager at Dow saw that outsourcing offered a way both to build competence in those areas where he wanted his group to excel and to off-load responsibility for everything else to an experienced partner.

Under an outsourcing arrangement with Andersen Consulting, Dow set up three development and support centers of expertise, two in the United States and one in Europe, employing a mix of Dow and Andersen staff and contractors. Within the centers, people work on teams jointly led by Andersen and Dow managers. Team responsibilities are also split.

Typically, Dow takes sole responsibility for managing the relationship with the business, architecture, and running IS applications in the business units, areas in which it had proven competency. Andersen is responsible for development and testing. Both share the responsibility for systems implementation and productivity. Some companies that outsource IT for business impact ask their outsourcing partner not only to implement new systems with bottom-line impact, but to take on further responsibility for implementing changes in the business as well.

A few companies have gone even further and commissioned their outsourcing partner not only to deliver IT to improve business processes, but to operate and manage those processes as well. This growing area of business process outsourcing is being penetrated increasingly by IT outsourcing vendors expanding their capabilities in areas such as insurance claims processing, logistics, payroll, municipal administration, airline operations, airport management, power distribution management, and so on.

It is an attractive market for IT outsourcing vendors because the profit margins are significantly higher compared to the relatively commoditized markets for pure IT services. Our research identifies business impact as a significant and growing objective for IT outsourcing, and one that is driving a fundamental change in the nature of the relationship between the user and the provider of IT outsourcing services.

Further study of this emerging market is needed, but our research suggests that the agreement must emphasize shared risks and rewards tied to tangible business results. A conventional outsourcing contract for simple commodity transactions and services is insufficient. Different types of risk and reward contracts apply in different circumstances.

A preferred supplier arrangement is one such approach. If specialized expertise and knowledge of the business are essential and tight control over the resources involved in the work is crucial, then a strategic alliance or joint venture may be required. Success factors are more business oriented than technical — for example, understanding the operation, fitting IT to business needs, being able to manage change projects, and having the right balance of management expertise and technical know-how.

Pricing provisions should tie vendor compensation to value received by the client. Payments and incentives should be determined by measures of business process performance such as the cost, quality, and productivity of processes as well as by measures of results like contribution to top-line revenue growth, bottom-line profit increases, or shareholder value gains.

The contract should also set out how key people are deployed, how confidential information and proprietary resources are treated, and whether to confer preferred supplier status on the vendor see Table 1.

Companies that engage in outsourcing for business impact recognize the significant potential of technology in creating business value. In these situations, it is crucial for the internal IS organization to retain ownership of the user management and IT innovation processes focusing on the discovery of new ways to exploit technology in the business.

Given the strategic importance of these activities, it may be necessary to make the continuous transfer of knowledge about the impact of emerging technologies explicit in the outsourcing contract. Outsourcing information technology with the strategic intent of commercial exploitation aims to improve the return on IT investment by generating new revenue and profit or by offsetting costs. The means by which IT assets can be leveraged commercially range from licensing systems and technologies developed initially for internal use, through selling IS products and services to other firms, to launching new IT-based businesses.

Our study discovered that companies pursuing commercial exploitation were often those with innovative information systems. Many come from technology-intensive industries, such as air transport and financial services, and have mission-critical systems that are expensive to maintain and enhance.

They find additional expenditure on migration to new technology platforms or to exploit technological advances like the Internet difficult to fund based on internal returns alone. Only when the broader revenue potential of the proposed innovations is taken into account does the investment become viable. Many companies also find it increasingly difficult to acquire, develop, and retain the people and technical know-how necessary to maintain existing complex systems and implement new ones.

Furthermore, few IS organizations have the capabilities required to exploit IT in the marketplace: One way to gain those capabilities is through relationships with outsourcing vendors. We expect to see an increase in outsourcing deals with the intent of commercial exploitation. As IT becomes more tightly integrated with business processes, as it grows in importance as a component of products and services, and as distribution and communication channels become electronic, the market for industry-specific applications of IT and for systems that support business processes becomes extremely large.

Sharing the costs and risks of commercialization with outsourcing partners can help maximize return on IT investments. For their part, the outsourcing vendors look to client firms as unique sources of the industry-specific expertise, know-how, and technology assets that are essential to developing new and innovative systems in complex and competitive industries. While only a few companies are now pursuing commercial benefits from outsourcing, their experiences yield many valuable lessons about how to grow existing businesses and develop new ones.

Our research identified four levels of ambition for commercial exploitation see Figure 4. The most common aims are to gain revenue by selling existing IT assets applications systems, access to infrastructure, technical expertise to other companies and to develop and commercially exploit new IT products and services. More ambitious objectives involve attempts to restructure industries by building new electronic market processes or distribution channels such as Web-based travel reservation systems and on-line trading and creating entirely new IT businesses typically, applications software, IT consulting, and business process outsourcing.

All companies considering IT outsourcing — whether their strategic intent is commercial exploitation or not — should be aware that the vendor with which they contract may seek ways to commercially leverage the assets people, systems, and technology it acquires by using them to service other accounts or by selling or providing other firms access to them.

Companies should therefore realistically assess the potential commercial value of outsourced IT assets and understand how the vendor intends to use them. This should be factored into the contractual terms of the relationship — for example, by increasing the amount paid by the outsourcing vendor for the assets it receives in the deal, by discounting the price for services, or by setting up a revenue-sharing arrangement.

When Dupont sent out a request for proposal RFP for outsourcing services, it prepared two documents. Other major companies setting up commercial ventures in developing and marketing new IT-based products and services jointly with outsourcing partners include Hyatt Hotels, Lufthansa, Ryder Systems, and Ameritech. SBC went into IT out-sourcing with Perot Systems to speed its IT infrastructure transformation and to explicitly leverage in the marketplace its already-substantial investment in IT expertise and infrastructure.

Expectations for these types of commercial ventures are high, and meeting them can be tricky. Delta Air Lines urgently needed access to new, state-of-the-art technology and skills to speed the migration of its core information systems from a mainframe environment to distributed, open client-server platforms.

Like SBC, Delta also viewed its IT outsourcing arrangement as a way to create new avenues for revenue generation by selling technology products and services to other companies in the travel and transportation industries. Thus Delta retained some ownership and control of IS, while putting it into the commercial context, and gained the benefit of new capabilities and expertise.

About a year after its start, the joint venture encountered serious difficulties. The partnership was eventually dissolved, and Delta now has full ownership of TransQuest. It has abandoned its commercial ambitions to concentrate fully on finding ways to acquire, develop, and fund crucial new technology capabilities. A recent development is the use of IT outsourcing to create new electronic market processes and distribution channels.

The transportation, hospitality, and insurance industries rely heavily on information and computing, often using outdated computer architectures, in a changing marketplace with unclear direction. A leading travel agency, BTI Americas, for example, entered a strategic alliance with its out-sourcing vendor to build new electronic channels and services to move from transaction-oriented service to travel-management service.

The two companies, along with other partners, have also formed a software development company called Allegemeine Versicherungssoftware GmbH General Insurance Software in which Gothaer holds the majority stake. The most ambitious aim of IT outsourcing for commercial exploitation is to create a new, stand-alone IT business. CNA Insurance created a new business with its outsourcing vendor CSC to perform claims processing and policy issuance for other insurance companies and financial services firms that are just entering the life insurance market. A particularly successful example of commercial exploitation is N.

Philips, the Dutch electronics giant, which evolved its outsourcing intent and relationship over several years to create a new line of business. Philips outsourced its applications development function but not IT infrastructure and support, an unusual approach. Rather than sign a standard outsourcing contract, it set up a joint venture, BSO-Origin, with the Dutch software company, BSO Beheer, and transferred many employees from around the world into the new company. The deal gave Philips an initial 15 percent equity share of BSO-Origin and two seats on the management board.

Philips believes that its approach to IT outsourcing has paid off, though implementation took longer than it had originally anticipated.

  • Chinese Martial Arts: From Antiquity to the Twenty-First Century.
  • ;
  • The Computer For Grandma And Grandpa.
  • Strategic Intent for IT Outsourcing?
  • Strategic Intent for IT Outsourcing!
  • !

Initially, there was a significant cultural mismatch between BSO and ex-Philips staff. BSO was a small, entrepreneurial software company operating in Europe, mainly in the Netherlands, while Philips was a huge, hierarchical multinational. Many Philips employees enjoyed working in an international company and culture and did not want to work for a company like BSO-Origin. Not surprisingly, some of the transferred staff subsequently resigned. Philips positioned itself to expand its outsourcing and insourcing arrangements commercially through the experience it gained with BSO-Origin.

Because of the risks and rewards associated with commercial exploitation of IT, the issues of sharing and control are unique. For these deals to succeed, they must contain adequate incentives for each party to share costs and risks over the course of the relationship. Accordingly, relationships should be built around strategic alliances, joint ventures, and joint ownership arrangements that align incentives at the level of business outcomes.

In managing the relationship with the outsourcing vendor, companies should focus performance metrics on results such as increased return on assets, ratio of IT spending to recovered costs, new revenues, net profits, gains in market share, launch rate of new products and services, and development of new businesses and market channels. When commercial exploitation is the underlying strategic intent for outsourcing, factors related to product development, technical innovation, and sales and marketing become key determinants of success.

The chief impediments to success include misjudging or failing to realize synergies of assets and capabilities, failing to fulfill commitments to internal customers, and perhaps most critical, ensuring that the rewards received by the partners are commensurate with the risks that each assumes. These ventures simply do not work unless each party makes a significant investment of management and staff, technology resources, and funding.

Maßanzug für Ihre IT? So klappt es mit der Cloud

An important pricing provision relates to the charges for services provided to the primary internal customer and, in particular, whether they should be provided at cost or cost plus profit. Other important provisions include specifying ownership of technology assets, particularly jointly developed ones, protecting intellectual property rights for intangibles such as applications software, control over key staff, and whether and how products and services are sold to competitors see Table 2. IT commercial exploitation can be a viable way to generate revenue, raise capital, recover costs, recruit and retain scarce talent, and develop and broadly leverage capabilities.

Success, however, requires the courage and patience to make a long-term commit- ment, an ability to assume greater risk in return for potentially greater rewards, and, of course, IT assets and capabilities with demonstrable value in the marketplace. For the longer term, it is also important to create mechanisms to identify continuing IT innovations in the business that can be exploited externally.

The findings of our research strongly establish the importance of understanding the different types of strategic intent for IT — IS improvement, business impact, and commercial exploitation — and the role that outsourcing can play in pursuing each. In evaluating IT outsourcing opportunities and structuring relationships, managers for IS and the business should remember the primary requisites for success — consistency, competency, compatibility, and continuity:. Our most important finding is that the strategic intent for outsourcing must drive the operating philosophy of the relationship and be reflected in the critical features of the outsourcing contract: It is not sufficient simply to accept vendor claims of capabilities, even if the company is prepared to make a contractual commitment.

It is important to test whether the vendor has the competencies it needs to deliver what you expect both now and in the future. For IS improvement, factors such as economies of scale, technical expertise, and IS management processes must be validated. Business impact requires change management competence and reengineering skills as well as process know-how.

Commercial exploitation demands sales and marketing prowess, an established customer base, and viable channels of distribution. Alternatively, the buyer of outsourcing services must ensure that it retains an IS organization with the capabilities required to manage the relationship well. Investments in training and staff recruitment may be necessary to ensure the right people and skills. Key competencies include IT performance measurement, IT services market tracking, project management, and deal making, negotiation, and conflict resolution.

Market expertise, finance, and licensing-management skills are also required if the client intends to exploit its systems commercially. Out-sourcing vendors must be chosen with care, paying particular attention to shared objectives and cultural fit. For a successful outsourcing relationship, the operating styles and cultures of both organizations, client and vendor, must be compatible at all levels. Managing for results requires sustained effort by both the client and the outsourcing vendor.

Both parties must develop a mutual understanding of their work processes and identify critical aspects of the relationship.

What's Hot

The intent and ambition for outsourcing may change over the course of the contract as the business conditions and technology evolve. It is important therefore to anticipate shifts in these priorities and to build flexibility into contracts and alliances to deal with them. The contract must be resilient enough to deal with future changes in requirements. Set up the relationship structure and management mechanisms to work successfully with the outsourcing vendor over the long term. While ambitious business and technical objectives for information technology are always difficult to achieve, we believe that the chances of success are greatly increased when strategic intent is well understood and the relationship is managed to address these critical issues.

CSC, March , pp. Champy, Reengineering the Corporation New York: Harper Business, ;. CSC Index, August We thank all the sponsoring organizations of the CSC Foundation research program that participated in our research on outsourcing. If the outsourced cloud services are regarded as material outsourced activities and processes, then the outsourcing agreement must grant both the internal audit function and external auditors appropriate and unrestricted rights of information and audit AT 4.

Only through unrestricted access to the cloud providers, for example to their business premises, data centres, servers and employees, can supervised entities properly exercise their rights of information and audit. On-site inspections in particular are therefore indispensable. Cloud computing is not a purely national issue. At the end of , the European Banking Authority EBA published recommendations which credit institutions must observe from 1 July when outsourcing activities and processes to cloud service providers see BaFinJournal January only available in German. This is intended to create a common European framework for dealing with cloud computing.

The effective exercise of the rights of information and audit should not be impeded or limited by contractual arrangements. Phased information and audit procedures constitute such a restriction and do not comply with the requirements of the MaRisk or the recommendations of the European Banking Authority EBA. If performing the audit is made dependent on the concept of commercial reasonableness, then this is also generally regarded as a restriction.

In addition, a contractual obligation to first rely on standardised audit reports made available by the cloud providers also constitutes an impermissible restriction of the rights of information and audit. The use of management consoles may be suitable for certain controls, such as for monitoring compliance with service level agreements in ongoing operations.

However, it cannot replace audits by the internal audit function, since management consoles only allow access to information made available by the cloud provider. The internal audit functions of institutions, however, must be able to obtain additional information that is necessary for the audit. In the case of material outsourced activities and processes, BaFin also accepts pooled audits in accordance with BT 2. In such cases, the audit activity may be performed by the internal audit function of one or more of the outsourcing institutions or by a third party commissioned by these institutions provided that the audit activity complies with the requirements in AT 4.

In addition, in accordance with BT 2. The outsourcing institution's internal audit function must, however, regularly verify compliance with the specified requirements. The audit findings that are relevant to the institution must be passed on to the internal audit function of the outsourcing institution. This also corresponds to the EBA recommendations and decreases the organisational burden for both institutions and the cloud service provider.

Pooling the audit resources of institutions also addresses the concerns of cloud service providers regarding "audit tourism". If an institution decides not to perform the audit itself or not to perform the audit alone, this must not result in a restriction of the institution's right of audit. The rights of information and audit of the internal audit function of the outsourcing institution must be granted in full through the outsourcing contract.

Mere provision by the cloud service provider of certifications or other evidence of compliance with recognised standards does not satisfy the right of information and audit of the outsourcing institution. The outsourcing institution must have the opportunity to influence the scope of the information and audit. This corresponds to the EBA recommendations, which specify corresponding requirements for access to the certifications and audit reports of the cloud service provider.

In addition, the outsourcing contract must ensure BaFin's unrestricted rights of information and audit and ability to monitor in relation to the outsourced activities and processes. In particular, BaFin's audits must not be dependent on whether they are commercially reasonable for the cloud service provider. BaFin's ability to monitor the cloud service providers must be the same as its ability to supervise the supervised entities as provided for by law.

This includes, in particular, the option to perform on-site inspections.

  • A Walking Tour of Indianapolis, Indiana (Look Up, America!)?
  • Cómo mantener a un hombre enamorado. Consejos, recomendaciones y trucos para mantener a tu hombre interesado en ti para siempre. (Spanish Edition)!
  • Early Anaheim (Images of America)!
  • Strategic Intent for IT Outsourcing?

The detailed report on this year's BaFin -Tech conference, which took place in Berlin on 10 April , can be found on the BaFin website report only available in German. Cloud computing was discussed alongside numerous other topics related to digitalisation. Insurance undertakings are also required to ensure through outsourcing contracts the unrestricted rights of information and audit and the ability to monitor of both the company and BaFin. Whether a service relationship is considered to constitute outsourcing to a cloud service provider depends on which functions or insurance activities are intended to be outsourced.

Not only functions and insurance activities that are regarded as important but also other activities must, pursuant to section 32 1 , 2 and 4 of the VAG , be subject to supervision. In accordance with margin no. The statements above regarding the restriction of rights of information and audit also apply here. In particular, if an insurance undertaking is contractually obliged to first rely on standardised audit reports made available by the cloud providers, this is usually regarded as a restriction. Phased information and audit procedures do not comply with the supervisory requirements for insurance undertakings.

Strategic Intent for IT Outsourcing

See Quinn et al. The contract should also set out how key people are deployed, how confidential information and proprietary resources are treated, and whether to confer preferred supplier status on the vendor see Table 1. Only through unrestricted access to the cloud providers, for example to their business premises, data centres, servers and employees, can supervised entities properly exercise their rights of information and audit. This goal will require new systems that are tightly integrated with the systems of its strategic partners. Many come from technology-intensive industries, such as air transport and financial services, and have mission-critical systems that are expensive to maintain and enhance. Both share the responsibility for systems implementation and productivity.

It is also considered a restriction if audits are dependent on the concept of commercial reasonableness. Here a distinction must be made between the granting of unrestricted rights of audit, in particular the option to perform on-site inspections, and the design of the audit procedure.