No Crystal Ball for Service Delivery Location Risk, so Plan for Your own Appetite | Sherpas in Blue Shirts
Rapid evolution of global sourcing has allowed multinational corporations to gain access to a much broader pool of resources and to maximize the benefits of service delivery from low-cost locations. However, these incremental benefits have come at certain intangible cost, as now the overall value chain for any global industry is much more vulnerable to a variety of global risks. As increased pressures for cost containment are forcing large corporations to accept the risks associated with delivery from low-cost offshore sites, the focus is shifting from risk avoidance to risk mitigation. Generally, global companies approach risk mitigation in three ways:
- Rigorous location selection/optimization analyses are conducted simultaneously with the sourcing decision so the business case typically captures not only cost savings benefits but also the probability of various risk factors associated with each location option
- Risk monitoring frameworks are constantly refined so that even a slight shift in risk exposure is identified very early on, ideally providing the opportunity for some proactive measures rather than reactive responses
- Disaster recovery and business continuity plans are developed to minimize disruptive consequences if risk situations materialize
Given Fortune 1000 companies’ magnitude of global sourcing activity and the fact that a worst-case scenario may entail billion dollar losses, it is not surprising to see rising interest in development and use of risk monitoring tools. There is no doubt that this activity, if conducted properly, can add considerable value to the overall risk mitigation process. However, in the recent months I have seen multiple attempts and claims to push these measures to unrealistic levels of event forecasting based on some early indicators. To be fair, these attempts are primarily limited to political types of risk, as conventional science is not able to predict natural disasters such as earthquakes or tsunamis. However, even for political risks, some “experts” believe that proper interpretation of early signs of threat can allow global firms to relocate their delivery hubs to safer locations.
For example, these experts point to the “Jasmine Revolution” in Tunisia, which began in December 2010, and now in hindsight they claim it was obvious that the Tunisian revolution would trigger a chain reaction across the entire region. So, per these experts, only completely oblivious companies didn’t pull out from Egypt ahead of time. Really?! In the same mindset, all global firms should have pulled out of India and shut down their Indian captives in 2008 after the Mumbai bombing. Similarly, the 2009 spike in criminal activity on the Mexican border due to the drug wars should have led to an immediate assumption that the danger would spread throughout the country driving an immediate need to relocate operations to a safer location.
Tracking risk changes is quite feasible, but 100 percent accurate prediction of major political disruptions is a complete utopia, and I believe that such wishful thinking may work to an organization’s detriment by creating a false feeling of security in believing it possesses a universal prediction tool. The reality is that a reliable crystal ball has yet to be invented, a shift in risk distribution still leaves multiple scenarios possible, and all that can be done is perform an accurate probability analysis.
Then, as probability of risk is just an input, actual interpretation of and decisions made per that input must be based on each specific organization’s risk appetite. For example, one company may choose to ignore a very high probability of a catastrophic event because it views doing so as a “better off” scenario than the prohibitive cost of relocating a mission-critical process. On the other hand, even a slight increase in hypothetical risk exposure may force a risk-sensitive client to take some proactive measures. The right approach for every organization is the establishment of a comprehensive set of risk thresholds and predetermined measures. For example, if the probability of major disruption reaches, say, 25 percent, the firm should keep passports and invitation letters ready for business continuity staff. If the probability of disruption increased to 75 percent, then the company must relocate 50 percent of its business continuity staff to the extraction location.
I do believe there is significant benefit in tracking risk, performing scenario analyses and constantly refining your mitigation approach, but accurate prediction of the future is impossible. Think about it this way: had there been a reliable framework to forecast the wave of revolutions around the Arab world, I am sure that all dictators would have identified this risk at the very early stage and attempted to preempt it.