Strategies for managing risk in it outsourcing: case study at public sectors in Malaysia / Nor Shatilah Shamsudin

Outsourcing is the current trend of most companies in the world especially those in the ICT industry. IT outsourcing is a great alternative for organizations to help organize their business processes or functions. Even though outsourcing may bring a lot of advantages, but it also comes with risk. Therefore, outsourcers must be careful, wise and are advised to check the background and portfolio of the external parties or the vendors before choosing the right one. Thus, this study highlights the findings of a study carried out on IT outsourcing in Malaysian perspectives. The primary focus is on government agencies. Thus for this research, to understand the activities that take place at each phase, and make it clearly for this research, the researcher referred to conceptual framework of risk management in IT outsourcing. This framework is chosen because it is theoretically supported and empirically validated. This study also covers on the most common advantages of outsourcing and the risks that come from doing outsourcing. From the risks factors that have been identified, these risks will be prioritized based on the average of the risk exposure and the last step is constructing the case analysis for three selected government agencies. The case analysis listed out the risk mitigation strategies based on the risk rating category (High, Medium and Low). From the results and findings, the examples strategies in selecting the service provider, is to perform a comprehensive background review of all potential vendors and check their portfolio and references, also client must make sure the selected vendor must come with contingency planning as one of their services to client and it must clearly written in the contract. The contract should address vendor's responsibility for backup and record protection including data files and maintenance of disaster recovery plan and business continuity plan. It is to make sure the vendor will not give any excuses or run away if suddenly client's business operation failure or cannot be function. Although the results provide valuable insights into the risk management practices in the IT outsourcing process, the need for further work in this area is strongly recommended. It is suggested that future study can be conducted in private sectors. Also, the need for comprehensive framework on how to manage risk on specific in IT outsourcing phases can be conducted.