Managing IT Outsourcing Risk: Lessons Learned

Aubert, Benoît A.; Patry, Michel; Rivard, Suzanne

doi:10.1007/978-3-662-04754-5_7

Cited by 29 publications

(13 citation statements)

References 29 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Finally they discuss the dynamics of risk, by examining how the various risk factors are linked to undesirable outcomes. In a followup paper Aubert and coworkers [3] define the concept of risks and of risk exposure and apply these definitions to the context of IT outsourcing risk. Moreover, they present a framework of IT outsourcing risk exposure and describe three case studies, each of which lead to a different set of lessons learned on how firms actually manage IT outsourcing risks.…”

Section: Related Workmentioning

confidence: 99%

A probabilistic model for optimal insurance contracts against security risks and privacy violation in IT outsourcing environments

Gritzalis

Yannacopoulos

Lambrinoudakis

et al. 2007

Int. J. Inf. Secur.

View full text Add to dashboard Cite

Day by day the provision of information technology goods and services becomes noticeably expensive. This is mainly due to the high labor cost for the service providers, resulting from the need to cover a vast variety of application domains and at the same time to improve or/and enhance the services offered in accordance to the requirements set by the competition. A business model that could ease the problem is the development or/and provision of the service by an external contractor on behalf of the service provider; known as Information Technology Outsourcing. However, outsourcing a service may have the side effect of transferring personal or/and sensitive data from the outsourcing company to the external contractor. Therefore the outsourcing company faces the risk of a contractor who does not adequately protect the data, resulting to their non-deliberate disclosure or modification, or of a contractor that acts maliciously in the sense that she causes a security incident for making profit out of it. Whatever the case, the outsourcing company is legally responsible for the misuse of personal data or/and the violation of an individual's privacy. In this paper we demonstrate how companies adopting the outsourcing model can protect the personal data and privacy of their customers through an insurance contract. Moreover a probabilistic model for optimising, in terms of the premium and compensation amounts, the insurance contract is presented.

show abstract

Section: Related Workmentioning

confidence: 99%

A probabilistic model for optimal insurance contracts against security risks and privacy violation in IT outsourcing environments

Gritzalis

Yannacopoulos

Lambrinoudakis

et al. 2007

Int. J. Inf. Secur.

View full text Add to dashboard Cite

show abstract

“…There are several possible conceptualizations and definitions of the notion of risk. Risk as a function of the expected loss from undertaking a certain venture and the probability that said loss will occur [12]. furthers this notion of risk by adding an actor's expected utility from undertaking a venture to the risk equation [13].…”

Section: Offshore Outsourcing Riskmentioning

confidence: 99%

“…Thus, risk here is measured not only by the probability and value of loss, but by the value of what is to be gained. In this case, however, we define offshore outsourcing risk as an expected loss in offshore outsourcing contracts, following the perspective used in the context of IT outsourcing in [12]; that is, taking into consideration the magnitude of loss from an undesirable situation and the probability of occurrence of such loss. In the diagram above, two types of offshore outsourcing risk are mentioned.…”

Section: Offshore Outsourcing Riskmentioning

confidence: 99%

“…In the diagram above, two types of offshore outsourcing risk are mentioned. "Non-delivery of product to specifications" refers to a product that does not meet the specifications of the original contract, is flawed, or otherwise unacceptable to the service recipient [12]. "Loss of Intelectual Property" (Loss of IP) includes the sharing of a service recipient's intellectual property, such as source code and personal company information, with other entities that do not have the right to access it [12].…”

Section: Offshore Outsourcing Riskmentioning

confidence: 99%

See 1 more Smart Citation

The Perspectives of a Global Information Technology Outsourcing Model

Amar¹,

Jillbert²

2019

Proceedings of the Proceedings of the 1st Sampoerna University-Afbe International Conference, SU-AFBE 2018, 6-7 December 2018,

View full text Add to dashboard Cite

This paper discusses some major contributors to offshore Information Technology (IT) outsourcing risks and examines some key risk mitigation strategies. Offshore IT outsourcing risks emanating from service provider IT capabilities in terms of their communication networks and human resource assets quality and cultural climate are examined using literature drawn from the areas of resource-based theory and culture theory particulary the transaction cost economies. The role of service recipient risk mitigation strategies including strong contract construction and intelligence gathering in moderating the impact of risk drivers on offshore outsourcing risks is discussed. The role of some key service provider policies and practices including policies regarding employees' acceptable use of client information, practices that seek to increase employee retention, and policies that do not allow employees to work on projects for multiple corporations that are competitors with each other in reducing offshore outsourcing risk is also examined.

show abstract

“…The former stream led to a better understanding of why firms outsource their IT, be it for cutting costs, strategic intents such as service improvement, business impact or commercial exploitation [DiGu98], political motives [LaHi93], institutional influences [AnCu97], or severe problems with respect to information quality and support [TeCG95]. It also provided frameworks for supporting and improving the outsourcing decision process, such as analyzing the candidate activities [Venk92] and performing risk analysis [AuPR02].…”

mentioning

confidence: 99%