Outsourcing Relationships:
The Contract as IT Governance Tool
Cornelia Gellings
E-Finance Lab, J.W. Goethe University
Frankfurt, Germany
[email protected]
Abstract
IS outsourcing literature emphasizes the importance of governance for a successful outsourcing relation-ship. However, in theory and practice there is a lack of management concepts on the concrete design and im-plementation of IT governance within the outsourcing context. Based on the IT governance framework by Webb, Pollard, and Ridley (2006) we aim at answering the following research questions within an outsourcing context: (1) How can IT governance mechanisms be contractually implemented? and (2) What activities contribute to a successful implementation of such mechanisms? Based on multiple case studies of IT out-sourcing arrangements in the banking industry, we show that contract clauses such as Service Level Agreements and Penalty-Reward-Mechanisms are key success factors for establishing an IT governance mechanism that contributes to outsourcing success. Furthermore, our findings provide details on how the implementation of certain activities — such as regular meetings between key account management — posi-tively influences the success of an outsourcing deal.
1. Introduction
The examination of outsourcing — the purchase of a good or service that was previously provided inter-nally [26] — has been a domain of IS research for sev-eral years now. During the last years, research regard-ing outsourcregard-ing has emerged around the followregard-ing three major fields: (I) Why should a company out-source?, (II) What should it outout-source?, and (III) How should it outsource? Our research aims at contributing to the third question as this question relates to govern-ance aspects. The ‘how to do’ of outsourcing entails structuring the relationship (e.g. contract negotiation and set-up) and subsequent managing of the arrange-ment [11].
The general importance of a governance structure within an outsourcing relationship has been emphasized by various researchers [9; 10; 24; 33; 37]. These re-searchers stress that an efficient relationship manage-ment with a well-organized governance structure is an important success factor to attain expected benefits. For example, Clark, Zmud, and McGray [9] explicitly state that “the truly critical success factors associated with successful outsourcing are those associated with vendor governance”[9]. Within this context, the out-sourcing contract is stated as an important management tool. Contracts have traditionally been the primary ve-hicle through which IS outsourcing relationships have been governed [9]. A thorough understanding of con-tract clauses and management activities is therefore an important prerequisite for ensuring outsourcing success in the long run. However, until now, there is a lack of research on the choice and design of contract mecha-nisms [4]. An in-depth analysis of the contract and re-lated management activities as a governance tool has been missing so far.
We follow Yin [39] and use case studies for em-pirical validation of our research. As unit of analysis we choose IT governance mechanisms in IT outsourc-ing deals in the German bankoutsourc-ing sector. The financial services sector has been chosen due to its high IT de-pendency. Furthermore, it is the second largest buyer of outsourcing services [15] with increasing demand [28].
Based on the outsourcer’s perspective, we aim at answering the following research questions:
(I) How can IT governance mechanisms be contractually implemented?
(II) What activities contribute to a successful implementation of such mechanisms? To approach these research questions, section 2 re-views the current literature on IT outsourcing govern-ance and relationship management. Section 3 explains our research model. Section 4 presents the case study
methodology and setting while section 5 discusses the case study results. Finally, section 6 points to the limi-tations of this research and highlights its main contribu-tions.
2. Theoretical Foundation
The following section 2.1. introduces the general concept of IT governance and links the elements of IT governance to the outsourcing context. Section 2.2. reviews IS literature on IT outsourcing governance and relationship management whereby the focus is espe-cially on the role of contracts. Furthermore, the impor-tance of corresponding activities that foster an out-sourcing relationship is highlighted. The theoretical aspects introduced in these sections are all considered within our research model which we introduce after-wards in section 3.
2.1. IT Governance
In general, IT governance is the organizational ca-pacity exercised by the board, executive management and IT management to control the formulation and im-plementation of IT strategy and in this way ensuring the fusion of business and IT [35]. As suggested by Webb, Pollard and Ridley [36] IT governance should com-prise the following five elements:
- Strategic Alignment
- Delivery of business value through IT - Performance Management
- Risk Management
- Control and Accountability
The aim of this paper is to analyze how these five elements can be implemented contractually into an outsourcing deal to set a basis from which the organizational capacity referred to above can be exercised. Therefore, as a first step, the following presents how these elements have been considered in IT outsourcing literature so far.
Alborz, Seddon and Scheepers [2] refer to strategic
alignment as an important factor within outsourcing
configuration that influences outsourcing success. If an outsourcing project is not aligned with the overall strat-egy of the outsourcer’s company then the service out-come may not satisfy users. This is often due to ser-vices delivered being rather based on technical rather than on business requirements [1]. Within IS outsourc-ing literature contracts have been mentioned as an im-portant tool to align expectations and strategies [17] and thereby contribute to outsourcing success.
Hitt and Brynjolfsson [20] define an increase in
business value of IT as an improvement of business
performance. In the outsourcing context the enhance-ment of technology or technical service (e.g. through improvement of systems' compatibility, modularity, scalability and transparency) due to the vendor’s ability to realize economies of scale increases the value deliv-ered through IT [27]. This also positively affects the overall success of an outsourcing deal. Furthermore, outsourcing has been stated as a tool to transform fixed into variable costs [34]. Performance-based and flexi-ble-priced contracts ensure that the outsourcer only pays what they receive. Thus, the ‘right’ pricing struc-ture positively influences the outsourcer’s business value [27; 34] and thereby contributes to overall out-sourcing success.
Throughout IS outsourcing literature, performance
management has been mentioned as a critical success
factor. Within the context of performance measure-ment, Service Level Agreements (SLAs) have been stated as an important tool. Kern [21] shows that SLAs help to manage the Vendor’s behavior. Goo and Kishore [16] prove that the effect of well-structured SLA in managing IT outsourcing relationships are sig-nificant. For example, SLAs include agreements on service availability and timeliness, response in emer-gencies, accuracy, and minimization of systems’ down-time [12]. McFarlan and Nolan [33] emphasize that standards and controls in general strengthen the sourcing relationship and thereby contribute to out-sourcing success, while Alborz, Seddon, and Scheepers [1] stress that measuring the performance provides em-pirical data for measuring the success of the relation-ship.
The overall importance of risk management within outsourcing deals has been analyzed by various re-searchers [3; 6; 7]. Several risk factors and possible negative outcomes have been identified. For example, loss of control over outsourced services, loss of flexi-bility, and unexpected high costs are among the most feared outsourcing risks. An active management of these risks prevents these risks from actually turning into a negative outcome. Therefore, risk management contributes to the success of an outsourcing deal [5].
According to Kern and Willcocks [22] implement-ing controls over the vendor enhances the chances of outsourcing success. Reponen [34] points out that within an outsourcing context cost controls are of spe-cial importance. Standards and controls in general can strengthen an outsourcing relationship [33] and are therefore an essential success factors.
2.2. Outsourcing Governance and Relationship
Management
Literature on IS outsourcing research explicitly rec-ognizes the importance of governance and relationship management [24; 33; 37]. To build and sustain a rela-tionship, measurements and controls are important fac-tors [19; 25]. They should be agreed on contractually. In general, the outsourcing contract defines — more or less completely — the nature of services to be rendered and the relationship itself [4]. Therefore, emphasis should be put on the process of contract drafting as it is likely to be more important than the contract itself [33]. The initial contractual stage is of utmost importance, since it greatly influences the quality of the relationship [14].
According to IS outsourcing literature and expert interviews, the following are, in no particular order, the most commonly agreed upon clauses in outsourcing contracts [3; 4; 18; 22; 32; 33] (see Table 1).
Table 1: Contract Clauses
No Contract Clause
a Service Level Agreements b Penalty-Reward-System c Pricing
d Benchmarking e Change Requests
f Renegotiation Option g Liability & Insurance h Dispute Resolution
i Exit Management j Audit
k Confidentiality, Data Protection, IP Rights
In the course of this paper we show which contract clauses form the basis for IT governance. Therefore, this table is a reference for our further analysis. We are aware that this list is not complete. For an overview of further contract clauses see Lacity and Hirschheim [26] as well as Kern and Willcocks [23].
Getting the ‘contractual’ level right is central to success but falls into the ‘necessary but not sufficient’ category. An additional set of levels at which the out-sourcer and the vendor need to interact is important for the success of an outsourcing deal [38]. The manage-ment of an outsourcing relationship should therefore also include all conscious activities to impact on the
relationship during its life in their desired way (e.g. controlling the supplier’s performance based on the contractual agreements or building mixed project teams with employees from the customer and the vendor in order to enhance the exchange of knowledge between both groups) [11]. Lee and Kim [31] show that these factors determine the quality of an outsourcing partner-ship and directly affect outsourcing success. In this context, Alborz, Seddon and Scheepers [1] stress espe-cially the importance of governance for the overall suc-cess of an outsourcing deal.
As this literature review shows individual elements of IT governance have already been addressed in IT outsourcing literature. However, an analysis of the con-crete implementation of these elements within a gov-ernance framework has been missing so far. Our re-search aims at closing this gap by analyzing how these elements of IT governance can be contractually be agreed upon. Furthermore, we want to show what kind of activities and practices support the successful im-plementation of IT governance mechanisms.
3. Research Model
This section explains our research model. The following Figure 1 takes as its basis the aspects of IT governance mentioned in the literature review above. As presented in section 2.1., the effects of each element of the IT governance framework by Webb, Pollard and Ridley [36] on outsourcing success have already been analyzed in IS outsourcing literature. Therefore, we regard these relationships as taken. They are reflected by the arrows in Figure 1.
Based on expert interviews and a further study of literature [3; 4; 18; 22; 30; 32; 33] we now aim at ana-lyzing if certain contract clauses and/or activities influ-ence (i.e. strengthen) the relationship between each IT governance element and outsourcing success. Within this scope we define outsourcing success in accordance with Lacity and Willcocks [27] as a decrease in cost and an increase of quality of services delivered.
Firstly, our model suggests that the relation between
strategy alignment and outsourcing success can be
enhanced by contractually agreeing upon Change Re-quest and Renegotiation Clauses. If a company, for ex-ample, changes its strategy the existence of such clauses allows for an adjustment of the outsourced ser-vices to the new strategy. These clauses can therefore ensure strategy alignment in the long run and thereby increase chances of outsourcing success. On the level of a particular activity the model proposes that regular meetings between the outsourcer’s and the vendor’s key managers help to align strategy.
Figure 1: Research Model
During such meetings a common understanding of the outsourcer’s overall strategy and business concerns can be established. Meetings on top management level are of importance as issues that need special attention can be addressed there. Another activity that positively influences strategy alignment is to involve business departments in the outsourcing project. People working in business departments may come up with issues ad-dressing strategy alignment as they will be more famil-iar with strategic issues. Employees working in IT de-partments may not consider such issues as they are more technically focused. Ideas from the business de-partments can then be considered during contract nego-tiations and thereby contribute to outsourcing success. Summing up, our first propositions are as follows:
P1a: Contract clauses regarding Change Requests
and Renegotiation Options positively influ-ence the relationship between strategy align-ment and outsourcing success.
P1b: Regular meetings between key account
man-agers and top manman-agers, as well as the in-volvement of business departments in the out-sourcing project positively influence the rela-tionship between strategy alignment and out-sourcing success.
Secondly, the model assumes that the delivery of
business value through IT can be enhanced by
con-tractually agreeing on SLAs, Pricing Structures that are suitable for the respective deal and Benchmarking Clauses. By negotiating SLAs with high quality stan-dards, the delivery of business value through IT with respect to improvement of business performance can be enhanced. Agreeing upon the ‘right’ Pricing Clauses
positively influences the delivery of business value through IT. Variable pricing can be adequate for out-sourced business processes where there is a clear base for determining pricing, such as transaction volumes. In contrast, fixed pricing may be suitable for maintenance tasks as charging per hour does not make sense here. Furthermore, Benchmarking Clauses contribute to the delivery of business value through IT. They prevent the outsourcer from paying too much. Such clauses allow the outsourcer, for example, to benchmark once a year the vendor’s prices with market prices. If prices are above a certain threshold, the outsourcer has the right to renegotiate fees. On an activity level — as with strategy alignment — involving business departments in the outsourcing project can also help to ensure the delivery of business value through IT. Concluding, our propositions regarding delivery of business value through IT are as follows:
P2a: Contract clauses regarding SLAs, Pricing
Clauses and Benchmarking positively influ-ence the relationship between delivery of business value through IT and outsourcing success.
P2b: Involving business departments in an
out-sourcing project positively influence the rela-tionship between delivery of business value through IT and outsourcing success.
Thirdly, our model suggests that SLAs also improve the relationship between performance management and outsourcing success. On the level of a particular activity controlling and monitoring the outsourcing deal contributes to an improvement of the relationship between performance management and outsourcing
Contractual Level (based on Aubert et al (2003), Harris et al (1998), Kern & Willcocks (2000), Lee (1996) and expert interviews) Activity Level (based on Aubert et al (1999), Kern and Willcocks (2000), McFarlan and Nolan (1995) and expert interviews)
IT Governance Framework
(based on Webb, Pollard, and Ridley (2006)) I. Strategy Alignment V. Control and Accountability Outsourcing Success II. Delivery of Business Value through IT IV. Risk Management III. Perfor-mance Management - Change Requests - Renegotiation Clauses
- Service Level Agreements - Pricing
- Benchmarking
- Service Level Agreements - Service Level Agreements - Penalty-Reward-System - Benchmarking - Change Requests - Renegotiation Clauses - Liability & Insurance
- Benchmarking - Audit Rights
P1a P2a P3a P4a P5a
- Regular meetings between key account managers - Regular top management
meetings - Involvement of business
in outsourcing project
- Involvement of business in outsourcing project
- Controlling and monitoring of services delivered
- Regular monitoring, evaluating and mitigating of risks
- Controlling and monitoring of outsourcing deal P1b P2b P3b P4b P5b I. Strategy Alignment V. Control and Accountability Outsourcing Success II. Delivery of Business Value through IT IV. Risk Management III. Perfor-mance Management - Change Requests - Renegotiation Clauses
- Service Level Agreements - Pricing
- Benchmarking
- Service Level Agreements - Service Level Agreements - Penalty-Reward-System - Benchmarking - Change Requests - Renegotiation Clauses - Liability & Insurance
- Benchmarking - Audit Rights
P1a P2a P3a P4a P5a
- Regular meetings between key account managers - Regular top management
meetings - Involvement of business
in outsourcing project
- Involvement of business in outsourcing project
- Controlling and monitoring of services delivered
- Regular monitoring, evaluating and mitigating of risks
- Controlling and monitoring of outsourcing deal
success. Performance measures should not only be con-tractually agreed upon but also have to be controlled and monitored on a regular basis. Thereby, the actual management of performance takes place. The following propositions reflect these aspects:
P3a: Service Level Agreements positively influence
the relationship between performance man-agement and outsourcing success.
P3b: Controlling and monitoring the outsourcing
deal positively influences the relationship be-tween performance management and outsourc-ing success.
Fourthly, the model proposes that contract clauses dealing with SLAs, Penalty-Reward-Systems, Bench-marking, Change Requests, Renegotiation Options, Liability and Insurance improve the relationship be-tween risk management and outsourcing success. The contents of these clauses mitigate the risk of loss of control, loss of flexibility, high additional cost and lack of transparency. On an activity level the regular moni-toring, evaluating and mitigating of risks can strengthen the relationship between risk management and out-sourcing success. Summing up, our propositions re-garding risk management are as follows:
P4a: SLAs, Penalty-Reward-Systems,
Benchmark-ing, Change Requests, Renegotiation Options and Liability and Insurance positively influ-ence the relationship between risk manage-ment and outsourcing success.
P4b: Monitoring, evaluating and mitigating risks
regularly positively influences the relationship between risk management and outsourcing success.
Finally, our model suggests that Benchmarking Clauses and Audit Rights strengthen the relationship between control and accountability and outsourcing success. Benchmarking allows to compare the vendor’s prices with prices offered by other service providers. Audit Rights ensure that the outsourcer can examine the vendor’s processes whenever they want to do so. On the level of a particular activity controlling and monitoring the outsourcing deal contributes to an im-provement of the relationship between control and ac-countability and outsourcing success. The following propositions reflect these aspects:
P5a: Benchmarking Clauses as well as Audit Rights
positively influence the relationship between control and accountability and outsourcing success.
P5b: Controlling and monitoring the outsourcing
deal positively influences the relationship be-tween control and accountability and outsourc-ing success.
Table 1 also states Exit Management, Confidential-ity, Data Protection and IP Rights as commonly agreed upon contract clauses. However, these clauses do not directly contribute to the five IT governance elements and are therefore disregarded within the following.
4. Case Study Methodology and Setting
The following sections 4.1. and 4.2. introduce the underlying methodology to case study research. Section 4.3. will then present the settings of our case studies.
4.1. Case Study Methodology and Approach
We test our research model based on case study analysis. To achieve the necessary rigor, case studies must be prepared and carried out thoroughly. Accord-ing to Yin [39] it is important durAccord-ing design and prepa-ration to make explicit the research question, to deduct propositions, and to state the unit of analysis. The re-search questions employed for this paper have already been introduced in the first section. The propositions used in the cases are grounded theoretically (see sec-tions 2. and 3.) and are explicitly stated (section 3.). As unit of analysis IT governance mechanisms within IT outsourcing deals in the German banking sector have been chosen.
As suggested by Eisenhardt [13] and Yin [39] our questions for testing our propositions are mainly de-rived from literature. We conducted pre-structured in-terviews that lasted for about four hours. All inin-terviews were conducted by two researchers. Our interview partners provided us with additional documentation regarding the outsourced process (e.g. outsourcing con-tracts, organizational charts regarding the governance structure of the outsourced process, project reports, internal policies, etc.).
As a first step, we edited the answers given during the pre-structured interviews. We created a case study protocol which we sent back to our interview partners for validation. If necessary, we implemented suggested changes. Second, we created a case study report in which we analyzed and refined the information of the case study protocol together with the additional docu-mentation and academic literature. The interviewees also validated this report. This procedure is in accor-dance with the literature on case study methodology based on Eisenhardt [13], Lee [29], and Yin [39].
4.2. Case Study Rigor
This section briefly highlights the requirements for achieving the necessary rigor within case study
re-search. According to Yin [39], construct, internal and external validity as well as reliability need to be en-sured during case study design.
We ensured construct validity by establishing a chain of evidence. As stated before, key informants provided us with additional documentation. Further-more, they reviewed and validated the case study pro-tocol as well as the case study report. Internal validity refers to the fact that a relationship between two vari-ables may be inferred as causal or non-causal. To en-sure internal validity, pattern matching may be pursued. This involves qualitative but logical deduction [29]. In our case studies we compared the collected data with propositions derived from literature. By doing so, we wanted to detect whether or not our theoretical proposi-tions could be supported. External validity refers to the degree to which findings can be generalized. We applied replication logic to ensure external validity and thereby established a domain to which the study’s find-ings can be generalized (i.e. German banking industry).
Reliability is concerned with consistency and stability
of the study across researchers and time. We therefore documented our approach and – as stated before – cre-ated a case study protocol and a case study database.
4.3. Case Study Setting
The outsourcing arrangements of our cases deal with the development and maintenance of transaction banking applications. Table 2 states the general settings of each deal analyzed.
Table 2: Overview – Cases
Bank A Bank B Bank C
Outsourced Service
Regulated Outsourcing Yes Yes Yes
Number of Transactions (executed on the respective application per year)
> 500,000 < 100,000 > 500,000
Deal Volume (in bn Euros) 5-10 1-5 10-15
Percentage of process steps that have been outsourced compared to the overall process
70% 50% 70%
Outsourcing Objectives 1. Cost Savings 2. Quality Improvements 1. Cost Savings 2. Quality Improvements 1. Cost Savings 2. Quality Improvements Development and Maintenance of Transaction
Banking Applications
The following aspects allow for controlling external variables and therefore make results comparable:
- All banks analyzed are subject to the same outsourcing regulations (i.e. §25a German Banking Act) [8].
- All banks analyzed outsourced the same function.
- The average fee per outsourced transaction the respective bank has to pay to their ser-vice provider is about the same.
- All banks have only one technical interface to their service provider.
- The managers of all three banks are experi-enced with outsourcing.
Our interview partners were project managers, man-agers of the retained organization and a bank’s risk managers. From the project managers we wanted to learn more about the original goals that had resulted in the respective outsourcing deal. In addition, project managers usually initiated risk analysis for contract negotiations and thereby knew the intention behind each contract clause. Risk managers and managers of the retained organization provided us with details on how the contract is actually ‘working’ and whether or not the implemented risk mitigation strategies are suit-able.
During our interviews we asked questions regarding - the five elements of the IT governance
frame-work,
- our propositions concerning the contractual as well as the activity level,
- outsourcing success, and
- the relationships between all of these aspects.
5. Case Study Results and Analysis
5.1. Case Study Results
Table 3 provides an overview of our empirical re-sults which are presented in further detail in the follow-ing section 5.2.
Table 3: Case Study Results
Bank A Bank B Bank C
Change Requests Process regarding
Change Requests has been defined
Process regarding Change Requests has been defined
No process regarding change requests has been defined
Renegotiation Option Renegotiation Option
exists
No Renegotiation Option exists
No Renegotiation Option exists Service Level Agreements
(SLAs)
SLAs and how they are measured have been agreed for all services delivered
SLAs and how they are measured have been agreed for major services delivered
SLAs (without details how they are measured) have only been agreed for major services delivered
Pricing Variable Pricing Varible Pricing Fixed Pricing
Benchmarking Once a year prices are
benchmarked No Benchmarking Clause No Benchmarking Clause Penalty-Reward-System
Penalty-Reward-System has been set up
No Penalty-Reward-System
No Penalty-Reward-System
Liability and Insurance Liability and
Insurance Clauses have been agreed upon
Liability and Insurance Clauses have been agreed upon
No agreements regarding liability and Insurance
Audit Rights Audit Rights have
been agreed upon
Audit Rights have been agreed upon
Audit Rights have been agreed upon
Influencing Factors C o n tr a c tu a l L ev e l
Bank A Bank B Bank C
Regular meetings between key account managers
Yes (fort-nightly) Yes, four times a year Irregular meetings
take place Regular top management
meetings
Yes (once a year) Yes (twice a year) Yes (once a year)
Involvement of business in outsourcing project
Yes No No
Controlling and monitoring of services delivered
Yes Yes No
Regular monitoring, evaluation and mitigation of risks
Yes Irregular monitoring,
evaluating and mitigating of risks
No
Controlling and monitoring of outsourcing deal
Yes No No
Satisfaction with outsourcing deal
High Medium Low
Control Cost Ratio: Deal Volume / Control Costs
12,5% 12% N.A. (no controlling
of deal) Achievement of outsourcing
goals
Yes To some extent No
O th e r Influencing Factors A c ti v it y L e v el
5.2. Case Study Analysis
The following sections present our case study analysis which follows the structure of our research model introduced in section 3.
5.2.1. Strategy Alignment
Bank A state that their business and IT strategy are very well aligned. Due to the existence of Change Re-quests and Renegotiation Options the IT support for new products can be implemented quickly. Fort-nightly meetings between Bank A’s key account manager and her counterpart at the vendor take place. According to our interview partners, these regular meetings contrib-ute to a better understanding of Bank A’s business and IT strategy. Top management from both parties meet once a year to discuss important issues. As Bank A included their business in the outsourcing deal, Bank A’s overall strategy has also been considered within the scope of the outsourcing project. Furthermore, aspects that are important to business were contractually agreed upon. For example, Bank A’s business staff asked for detailed SLAs on the system’s availability and usability to ensure service quality.
Bank B have agreed upon a process regarding Change Requests. However, Bank B’s contract does not contain a clause regarding Renegotiation Options. They therefore report problems for setting up the IT of new products. Within Bank B’s outsourcing deal top management and key account managers meet regularly, however, rarely. As, for example, key management meets only four times a year, Bank B feels that their service provider does not truly understand their overall strategy. Unfortunately, business has not been involved in this project. Otherwise, they eventually would have considered an agreement on how new products could be implemented on the IT side. Due to theses problems Bank B state that the alignment of their business and IT strategy could be improved.
The contract of Bank C neither contains a Renego-tiation Option nor a clause regarding Change Requests. Meetings between key account management take place irregularly and Bank C’s business department has not been involved in the outsourcing deal. Consequently, there is no common ground on which this outsourcing relationship is based on. Bank C are very dissatisfied with their strategy alignment. They state that they nei-ther have the contractual tools nor the kind of relation-ship to improve their strategy alignment.
We therefore take these findings as an indicator that contractually agreeing on Change Requests and Rene-gotiation Clauses (P1a), implementing regular meetings
of the key and top management level as well as involv-ing business in the outsourcinvolv-ing project (P1b) strengthens
the relationship between strategy alignment and out-sourcing success.
5.2.2. Delivery of Business Value through IT
Bank A contractually agreed upon SLAs and how they are measured for all outsourced services. Their pricing is variable and effort-based. The outsourcing contract contains a clause that allows them once a year to benchmark their service provider’s prices with mar-ket prices. If prices lie above a certain threshold, Bank A have the right to renegotiate fees. These mechanisms prevent Bank A from paying excessive fees and sup-port them in realizing the expected cost savings. Due to these contract clauses and their ongoing communica-tion with the business department, Bank A believe that their outsourcing deal improves the delivery of busi-ness value through IT.
Bank B and Bank C also agreed on SLAs. How-ever, they are less detailed than the SLAs of Bank A and they are not linked to a Penalty-Reward-System. Both, Bank B and Bank C, experience a decline in ser-vice quality. Due to their fixed pricing agreement, Bank C is locked-in with their service provider as Bank C have to pay their fixed monthly fee, no matter what kind of quality they receive. Bank B and Bank C did not agree on a Benchmarking Clause. The service pro-vider of Bank B increases fees continuously. As neither a Benchmarking nor a Renegotiation Option has been contractually implemented, Bank B feel that they pay too much for the services received. As stated before, both, Bank B and Bank C, did not involve business in the respective outsourcing deal. For both banks the respective outsourcing project does not deliver any business value through IT.
These results indicate that implementing SLAs, ap-propriate Pricing Clauses and Benchmarking on a con-tractual level (P2a) as well as involving business (P2b)
on an activity level enhances the relationship between delivery of business value through IT and outsourcing success.
5.2.3. Performance Management
On a contractual level all banks agreed upon SLAs to control performance of the service provider. Within Bank A two employees are responsible for controlling and monitoring the services delivered on a regular ba-sis. Bank A report that their control cost ratio (ratio between their deal volume and their control costs) is about 12.5%. They state that they have achieved their outsourcing goals (i.e. cost savings and quality im-provement).
Within Bank B, currently the members of the IT department control the services delivered and track whether or not SLAs have been met. They report that their control cost ratio is about 12%. This shows that the actual process of controlling the fulfillment of ser-vices alone is not a guarantee for outsourcing success. In terms of manpower Bank A and Bank B nearly put the same effort in controlling and monitoring the out-sourcing deal as their control cost ratios are about the same. However, Bank B’s satisfaction with the services delivered is only moderate. This shows that controlling a deal alone is not sufficient – the substance of what is being controlled also needs be right (i.e. the contents of the outsourcing contract).
Bank C could not even comment on their perform-ance management, since no dedicated controlling of the services delivered takes place. Therefore, Bank C can-not determine exactly to what degree their outsourcing goals (i.e. cost savings, quality improvement) have been fulfilled.
These findings indicate that the relationship be-tween performance management and outsourcing suc-cess can be improved by agreeing on SLAs (H3a) on the
one hand, and controlling and monitoring the services delivered regularly (H3b) on the other hand.
5.2.4. Risk Management
Bank A contractually implemented several clauses (e.g. SLAs, Benchmarking, Change Requests, Renego-tiation Options, Liability and Insurance Clauses) that mitigate outsourcing risks. Bank A state that the link-age of their SLAs to a Penalty-Reward-System is an especially efficient risk management tool. This means that the non (over)-fulfillment of a service leads to the payment of a reduced (increased) fee by the outsourcer. Therefore, Bank A gets immediate financial compensa-tion when their service provider delivers low quality.
The contracts of Bank A and Bank B contain a clause regarding liability and insurance. Bank A and B state that in addition to the Penalty-Reward-System this clause ensures financial compensation for the delivery of minor services in the cases of gross or willful negli-gence.
Compared with Bank A, Bank B and Bank C only agreed on few clauses that are important risk manage-ment tools. For example, they did not link their SLAs to a Penalty-Reward-System. Both banks state that when their service providers deliver minor quality (which happened in the past) they cannot take any ac-tion to penalize them financially. Bank C is in a special disadvantageous position as they neither agreed upon a Penalty-Reward-System nor on liability or insurance clauses. They state that they are powerless if their ser-vice provider delivers serser-vice of poor quality.
Bank A monitor, evaluate and mitigate potential risk regularly. They are very satisfied with their risk management process. Bank B monitor their risks ir-regularly. However, they evaluate and mitigate their outsourcing risks once a year. They are about to set-up a more standardized approach with regard to risk man-agement. Bank C neither implemented respective clauses nor do they monitor outsourcing risks regularly. They state that they are about to improve their risk management process as they regard the lack of a risk management process as the root cause for the problems they are currently experiencing.
These observations show that contract clauses such as SLAs, Penalty-Reward-Systems, Benchmarking, Change Requests, Renegotiation Options, Liability and Insurance (P4a) as well as the regular monitoring and
mitigating of outsourcing risks (P4b) can improve the
relationship between risk management and outsourcing success.
5.2.5. Control and Accountability
Due to regulatory constraints all banks agreed upon Audit Rights. They all feel that these rights provide an appropriate tool for controlling the service provider. However, not all banks make use of this tool. Bank A, for example, make use of their Audit Rights. During the last three years they examined their service pro-vider’s processes twice. In general, they control and monitor their outsourcing deal as a whole on an ongo-ing basis. Due to the existence of Benchmarkongo-ing Clauses and Audit Rights, Bank A feel comfortable with their control and accountability.
Bank B only control the services delivered. They do not monitor the outsourcing deal as a whole. As stated above, Bank B and Bank C also agreed upon Audit
Rights but they do not make use of these rights. Both, Bank B and Bank C are aware that the controlling of their respective outsourcing deals should be improved. At the moment, both banks are not able to exactly de-termine the degree to which their outsourcing goals have been fulfilled.
We take these findings as an indicator that the rela-tionship between control and accountability, and out-sourcing success benefits from Benchmarking Clauses, Audit Rights (P5a) and from controlling and monitoring
the outsourcing deal as a whole (P5b).
6. Conclusion and Contribution
Summing up, the IT governance of Bank A com-prises all contract clauses as well as all activities sug-gested in our research model. Bank A believe that their key to outsourcing success lies in their detailed and comprehensive contract as well as in the communica-tion between key management of both parties involved. Bank A’s overall satisfaction with the outsourcing deal is high. They state that outsourcing fulfilled their ex-pectations as their reached the desired goals. Bank B is quite satisfied with their outsourcing deal although their outsourcing goals have only been achieved par-tially. Bank B are aware that they have to improve sev-eral aspects on the contractual and activity level to en-sure outsourcing success in the long run. Bank C are dissatisfied with their outsourcing deal. They did not achieve their outsourcing goals. Bank C admit that they did not consider several aspects on the contractual and on the activity level.
Concluding, we take these empirical results to sup-port our propositions. Our research therefore makes contributions in two ways. For academia, our research expands the existing frameworks on IT governance by analyzing how governance elements can concretely be implemented within an outsourcing deal. This implies that the findings by Webb, Pollard and Ridley [36] are also valid for outsourcing deals. Practitioners can bene-fit from our research by knowing which contract clauses should be negotiated especially carefully, as they greatly influence the governance structure and relationship management in the long run. They can also take advantage from our insights regarding what kind of activities strengthen the relationship between IT governance and outsourcing success if sound IT gov-ernance is among the desired goals.
Generalization of our research is limited. Results are only valid for IT governance mechanisms in IT outsourcing deals of the German banking sector. How-ever, we believe that they are also indicative for other industries.
10. References
[1] Alborz, S., Seddon, P.B., and Scheepers, R. "A Model for Studying IT Outsourcing Relationships," 7th Pacific Asia Conference on Information Systems PACIS, Adelaide, Aus-tralia, 2003, pp. 1297 - 1313.
[2] Alborz, S., Seddon, P.B., and Scheepers, R. "Impact of Configuration on IT Outsourcing Relationships," 10th Americas Conference on Information Systems AMCIS 2004, New York, USA, 2004, pp. 3551-3560.
[3] Aubert, B.A., Dussault, S., Patry, M., and Rivard, S. "Managing the Risk of IT Outsourcing," 32nd Hawaii Inter-national Conference on System Sciences HICSS, Hawaii, 1999.
[4] Aubert, B.A., Houde, J.-F., Patry, M., and Rivard, S. "Characteristics of IT Outsourcing Contracts," 36th Hawaii International Conference on System Sciences HICSS, Ha-waii, 2003.
[5] Aubert, B.A., Patry, M., and Rivard, S. "A Tale of Two Outsourcing Contracts - An Agency-Theoretical Perspec-tive," Wirtschaftsinformatik (45:2) 2003, pp. 181-190. [6] Aubert, B.A., Patry, M., Rivard, S., and Smith, H. "IT Outsourcing Risk Management at British Petroleum," in:
CIRANO Working Paper 2000s-31, Montreal, 2000. [7] Bahli, B., and Rivard, S. "An Assessment of Information Technology Outsourcing Risk," International Conference on Information Systems ICIS, New Orleans, USA, 2001, pp. 575-580.
[8] Bundesbank "Circular 11/2001 - Outsourcing of opera-tional areas to another enterprise pursuant to section 25a (2) of the Banking Act," in:
http://www.bakred.de/texte/rundsch/rs11_01e.htm, Frankfurt am Main, 2001.
[9] Clark, T.D., Zmud, R.W., and McCray, G.E. "The Out-sourcing of Information Services: Transforming the Nature of Business in the Information Industry," Journal of
Informa-tion Technology (10) 1995, pp. 221-237.
[10] Davis, K.J. "IT Outsourcing Relationships: An Explora-tory Study of Interorganizational Control Mechanism," in:
Graduate School of Business Administration, Harvard Uni-versity, Cambridge, MA, 1996, p. 310.
[11] Dibbern, J., Goles, T., Hirschheim, R., and Jayatilaka, B. "Information Systems Outsourcing: A Survey and Analy-sis of the Literature," The DATA BASE for Advances in
In-formation Systems (35:4) 2004, pp. 6-102.
[12] Domberger, S., Fernandez, P., and Fiebig, D.G. "Model-ing the price, performance and contract characteristics of IT outsourcing," Journal of Information Technology (15) 2000, pp. 107-118.
[13] Eisenhardt, K.M. "Building Theories from Case Study Research," Academy of Management Review (14:4) 1989, pp. 532 - 550.
[14] Fitzgerald, G., and Willcocks, L.P. "Contracts and Part-nerships in the Outsourcing of IT," International Conference on Information Systems ICIS, Vancouver, Canada, 1994, pp. 91-98.
[15] Gartner "Outsourcing Market View, What the Future Holds, Gartner Dataquest."
[16] Goo, J., Kishore, R., and Rao, H.R. "Management of Information Technology Outsourcing Relationships: The Role of Service Level Agreements," International Conference on Information Systems ICIS, Washington, D.C., USA, 2004, pp. 325-338.
[17] Grover, V., Cheon, M.J., and Teng, J.T.C. "The Effect of Service Quality and Partnership on the Outsourcing of Information Systems Functions," Journal of Management
Information Systems (12:4) 1996, pp. 89-116.
[18] Harris, A., Giunipero, L.C., and Hult, G.T.M. "Impact of Organizational and Contract Flexibility on Outsourcing Con-tracts," Industrial Marketing Management (27:5) 1998, pp. 373-384.
[19] Henderson, J.C. "Plugging into Strategic Partnerships: The Critical IS Connection," Sloan Management Review (31:3) 1990, pp. 7 - 18.
[20] Hitt, L.M., and Brynjolfsson, E. "Productivity, Business Profitability and Consumer Surplus: Tree Different Measures of Information Technology Value," MIS Quarterly (20:2) 1996, pp. 121-142.
[21] Kern, T. "The Gestalt of an Information Technology Outsourcing Relationship: An Exploratory Analysis," Inter-national Conference on Information Systems ICIS, Atlanta, USA, 1997, pp. 37-58.
[22] Kern, T., and Willcocks, L. "Contracts, Control and 'Presentation' in IT Outsourcing: Research in Thirteen UK Organisations," Journal of Global Information Management (Oct-Dec) 2000, pp. 15-29.
[23] Kern, T., and Willcocks, L.P. "Exploring Information Technology Outsourcing Relationships: Theory and Prac-tice," Journal of Strategic Information Systems (9) 2000, pp. 321 - 350.
[24] Klepper, R. "The Management of Partnering Develop-ment in I/S Outsourcing," Journal of Information
Technol-ogy (10) 1995, pp. 249-258.
[25] Lacity, M.C., and Hirschheim, R. "The Information Systems Outsourcing Bandwagon," Sloan Management
Re-view (Fall) 1993, pp. 73-86.
[26] Lacity, M.C., and Hirschheim, R.A. Information
Sys-tems Outsourcing: Myths, Metaphors and Realities, Wiley, New York, 1993.
[27] Lacity, M.C., and Willcocks, L.P. "An Empirical Inves-tigation of Information Technology Sourcing Practices: Les-sons from Experience," MIS Quarterly (September) 1998, pp. 363-408.
[28] Lancellotti, R., Schein, O., Spang, S., and Stadler, V. "ICT and Operations Outsourcing in Banking,"
Wirtschafts-informatik (45:2) 2003, pp. 131-141.
[29] Lee, A.S. "A Scientific Methodology for MIS Case Stud-ies," MIS Quarterly (13:1) 1989, pp. 33 - 50
[30] Lee, J.-N., Huynh, M.Q., Chi-Wai, K.R., and Pi, S.-M. "The Evolution of Outsourcing Research: What is the next Issue?," 33rd Hawaii International Conference on System Sciences HICSS, Hawaii, 2000.
[31] Lee, J.-N., and Kim, Y.-G. "Effects of Partnership Qual-ity on IS Outsourcing Success: Conceptual Framework and Empirical Validation," Journal of Management Information
Systems (15:4), Spring 1999, pp. 29-61.
[32] Lee, M.K.O. "IT Outsourcing Contracts: Practical Issues for Management," Industrial Management & Data Systems (96:1) 1996, pp. 15-20.
[33] McFarlan, F.W., and Nolan, R., L. "How to Manage an IT Outsourcing Alliance," Sloan Management Review (Win-ter) 1995, pp. 9-23.
[34] Reponen, T. "Outsourcing or Insourcing," International Conference on Information Systems ICIS, Orlando, USA, 1993, pp. 103-113.
[35] Van Grembergen, W. "IT Governance and its Mecha-nisms - Introduction to Minitrack," 39th Hawaii International Conference on System Sciences HICSS, 2006.
[36] Webb, P., Pollard, C., and Ridley, G. "Attempting to Define IT Governance: Wisdom or Folly?," 39th Hawaii International Conference on System Sciences HICSS, 2006. [37] Willcocks, L., and Choi, C.J. "Co-operative Partnership and 'Total' IT Outsourcing: From Contractual Obligation to Strategic Alliance?," European Management Journal (13) 1995, pp. 67-68.
[38] Willcocks, L., and Kern, T. "IT Outsourcing as Strategic Partnering: The Case of the UK Inland Revenue," European
Journal of Information Systems (7:1) 1998, pp. 29-45. [39] Yin, R.K. Case Study Research: Design and Methods, Sage Publications, Thousand Oaks, California, 2003.