The commercial world is moving away from spending its own capital, to spreading payments for technology-based services. Despite the outsourcing horror stories of the last 15 years, the trend is inexorably growing - but organisations are looking for greater quality control in their third party relationships. Moreover, outsourcing has come to mean many things, from passing full functional responsibility to a third party, to having a single, highly defined task processed out of house, to simply renting usage of a third-client software application.
Several factors are driving the need to outsource: the escalating cost of regulatory compliance, the financial pressure on increasingly indebted companies and the inexorable acceleration of technology obsolescence. Information and document access tend to be major potential costs behind the technology that addresses each of these factors.
But what is the viability of pay-per-transaction typified by the outsourced option? How do you decide the level of business processing that should remain onshore, as opposed to that which can be confidently offshored? And how should that onshore-offshore balance be secured and assured?
In the current business environment, company managers' minds are inclined to be focused on compliance and transparency. Developments in corporate governance legislation and regulation as a reaction to post-millennial fraud and corporate collapses, have placed risk under the spotlight. Although not yet absolutely mandatory, many companies have published their first annual report under the new international financial reporting standards (IFRS), which require similarly new financial business processes to be put in place. International accounting standards (specifically IAS39) are requiring much more detailed and transparent 'fair value accounting' for exposure to derivatives - also requiring business process change in treasury departments.
Nor is the public sector being let off the hook. In the UK, the Freedom of Information Act requires legitimate enquiries to be satisfied within three weeks, with an auditable trail to prove this has been done. Pressure is also on to improve the quality of public services through joined up government, whereby the information needed to satisfy a query can be efficiently and effectively drawn from many government agencies, but through a single interface. Yet no substantial additional budget is being made available within public or private corporations to accommodate the ongoing costs of meeting these requirements. Efficiency gains must pay for them.
The upshot of these pressures is, in the main, to steer financial managers away from capital expenditure and towards methods of spreading the cost of business processes. Using modern IT to manage, control and automate business processes helps corporations to eliminate inefficiencies and, of course, take advantage of skilled workers in lower cost economies. The pros and cons of outsourcing and offshoring have been much discussed, and even over the last few short years, the sophistication of both purchaser and provider has grown exponentially. But there remain risk factors with every business process, or element thereof, that moves out of house. The scope of this article is to discuss some of those risks insofar as they relate to capturing, distributing and accessing the documents that are necessary to managing every business process.
As stated earlier, the practice of outsourcing and offshoring business processes is growing inexorably. Forrester, the technology research company, has increased its estimate of how many US services jobs will go offshore in the near term. The analyst believes that 3.3m US jobs will move to lower cost economies by 2015. The risk associated with such initiatives is also well recognised. Back in 2003, the Federal Deposit Insurance Corporation was publishing advice in a white paper entitled Cross-Border Outsourcing and Risk Management for Banks, which outlines the risk management challenges banks face when information technology and business processes are outsourced to offshore locations.
Business Process Outsourcing (BPO) occupies a significant IT services growth sector - although opinions on exactly how significant it is vary widely. In Europe, Gartner estimates current BPO spend to be around EUR19bn, predicted to grow to about EUR25bn by 2007. Examples of business functions where BPO has a strong foothold include:
- customer service enquiry management
- finance and accounting
- capital markets deal processing
- software development
- insurance application and claim processing
- prospect database hosting and management
- payroll and employee benefits management.
Research from Handysoft Corporation from early 2005, revealed that 48% of Europe's top 10,000 companies are actively considering BPO, but just 15% of those companies have outsourced business processes. The active consideration of BPO at senior level reflects the consolidated view of technology analysts that there will be rapid growth in this market over the next four to five years. The fact that only 15% of organisations have yet taken the plunge is perhaps testimony to the cautious optimism of early BPO adoption, along with the observation that it tends to be larger organisations that most obviously benefit from it. Concentration, to date, has been on non-core business processes, yet some future-gazers have been including more complex activities in their BPO projections.
It is also imperative to look at the other side of the coin - namely that 52% of Europe's top 10,000 companies who are not actively considering BPO. This overall majority of major companies cannot ignore the various imperatives to streamline their business process management in order to automate and monitor business processes, capture and enforce best practice, ensure regulatory compliance and reduce risk.
BPO and document management outsourcing should not, however, be confused. Contracting out a document archive is not BPO. Outsourcing securities trade processing or employee benefits management is BPO. However, the flow of documents within an outsourced business process is critical to it delivering quality and risk management to the client organisation, and commercially viable cost management for the BPO provider.
In fact, the twin benefits of outsourcing a whole business process, but retaining transparency and control, is the essence of successful BPO. Reporting transparency allows the BPO supplier to audit and justify, without any shadow of argument, its service quality and fees, while management transparency allows expert managers on the client side to exercise and demonstrate real control of the outsourced process. Where BPO steps into the realm of any financial or accounting processes, such as banking or investment services, then this combination of transparency and control is essential to meeting corporate governance strictures. It is also critical to containing data protection risk over personal information, as well as the risk of commercially sensitive information leaking out of the process.
That information security is a clear and present danger has recently been exemplified through the tabloid furore about personal records being sold by unscrupulous staff in an offshore BPO centre. The furore was absolutely justified, but is not representative of the offshore BPO industry as a whole. In fact, sensitive data and documents are nowadays being secured through an onshore/offshore hybrid.
An EDM case study
To illustrate these issues, let us describe a real-life example of an insurance company having adopted an electronic document management (EDM) system in order to mitigate risk, to combine onshore and offshore outsourcing, to meet varying retention requirements and to achieve competitive advantage.
The insurance firm, specialising in insurance administration and underwriting services, took the decision to digitise claims processing by investing in a remotely-hosted, outsourced EDM solution to coincide with moves to FSA regulation at the beginning of the year. Its justification was that FSA regulation had an immediate, dual impact: they were legally required to create a secure, demonstrable audit trail of business activity and correspondence; and the volume of customer documentation nearly doubled, due to new legal requirements.
Firstly, all customer correspondence that was previously archived in paper format was digitised. Having chosen to outsource the hosting, it was able to draw on the third-party's document security expertise and could therefore dispose of the paper originals, safe in the knowledge that its e-documents would be properly protected and valid for legal purposes. To add extra reassurance, both sides of all correspondence were scanned, to keep an exact representation of the original.
Secondly, all correspondence that is sent by post to the insurer is automatically forwarded to the third-party provider for immediate scanning, indexing and uploading onto the online system, for the insurer to pick up electronically, and providing an auditable back-up. With the paper copy retained for regulatory requirements, the service provider effectively acts as a centralised, digital repository for the company's documents, and users are assigned different permission levels to access the scans via a web-based browser, as and when required.
Digital copies of claims documents are electronically passed to an offshore business-processing centre in India. For some policies, the business process management system suppresses certain elements of personal data before the digitised documents are sent abroad, substituting a unique reference number - or URN - to link the documents pertaining to each claim together. In others, selective items of information are suppressed before being passed offshore - notably the policy's renewal date. Renewal dates are the most powerful piece of marketing data for competing companies, so hiding them greatly mitigates the risk of offshore abuse.
This onshore digitisation, combined with offshore business process outsourcing, is something of a revolution in insurance; many firms still operate a post-room and expose themselves to significant risk, cost and inefficiency by having copies shipped abroad, and paper originals waiting around for digitisation. By outsourcing the process from the beginning, processing can take place electronically and risk is minimised at every stage. At present, over 100,000 pieces of paperwork are being scanned and processed each month.
The indexing of the documents also means that when an offshore call centre agent receives a call, the telephone number is identified and the appropriate correspondence automatically brought up on their computer screen. This has already had a significant impact on customer service response rates, as well as opening up new marketing and data capture opportunities.
In conclusion, there is no question of turning the clock back on offshoring. The combined cost and available skills benefits of sending business processing abroad is so compelling that to ignore it would be commercial suicide. But in our increasingly regulated environment, putting work into another legislature without suitable safeguards is untenable. And that is why there is so much interest and early practice under way to combine the security of an onshore information and document guardian, in combination with the undoubted advantages of offshore processing.