Presentation is loading. Please wait.

Presentation is loading. Please wait.

“Mitigating Offshoring Risks in a Global Business Environment“

Published byGervase Gregory Modified over 9 years ago

Similar presentations

Presentation on theme: "“Mitigating Offshoring Risks in a Global Business Environment“"— Presentation transcript:

1 “Mitigating Offshoring Risks in a Global Business Environment“
May 26 & 27 “Mitigating Offshoring Risks in a Global Business Environment“ Marsh Technology Conference 2005 Zurich, Switzerland.

2 Definitions Offshoring is the performance of certain business functions in another country primarily to achieve economic benefits. Outsourced to a vendor, who manages the process for a fee or percent of the savings; Company-owned process, where operations are developed in a host country Typical business functions targeted for offshoring include: Software development Technology design, build or assembly Customer service Business process operations

3 Offshoring has Compelling Economics
Cost reduction- From 2003 through 2008, U.S. businesses will save a projected $20 billion using offshore resources1 Production costs are 30-50% lower in China vs. traditional U.S. manufacturing2 Quality - Offshoring provides good quality e.g. Indian service providers often provide CMM Level 5, Six Sigma, ISO 9000 and BS 7799 certifications. Competition- Time zone advantages exist as well as larger pools of talent. It enables a company to remain competitive in their market. New Markets- By operating “in-country”, new growth opportunities may be opened up and leveraged. - A data switch is made by 3-Com in China for about $180,000. Cisco’s competitive switch is $245,000--a 25% price gap. 3-Com is “getting four engineers for the price of one” 3 - India's National Association of Software & Service Companies (Nasscom) alone expects its outsourcing business will surge more than 26 percent to 28 percent in 20054 1 Global Insight report 2003 2 Business Week 3 Ibid 4 Nasscom Study 2005

4 Offshoring also has Serious Threats
IP theft Natural disaster Political instability Risk Mitigation Capabilities Terror incident Internal cyber-threats Offshore Operations Business Plan Response & Recovery Capabilities Counterfeiting products Major IT outage External cyber-incident What Defines a Serious Threat? Impacts the business plan Fast developing Creates long-term change High stress to organization Large-scale

5 Offshore Risk & Security Process
Phase Phase Phase 3 INPUTS Assess and Analyze Design and Plan Deploy and Monitor MAJOR STEPS Project Initiation and Assessments Program Design and Strategy Planning Plan Deployment ACTIONS 1. Offshore risk assessment process: Threat and Risk assessment: Business impact Technology trends Security environment Threats and vulnerabilities Project Management Regulatory compliance Policies & standards Technology continuity Statement of applicability Protection of IP Analyze offshore risk gaps: Current security policies & controls Regulatory compliance Technology continuity Project management Security governance Incident response process 2.Create offshore risk mitigation plan: Define offshore risk controls Align risk controls to the business plan Outline processes for measuring results Deploy improvement components of offshore risk master plan Security policies & controls Regulatory compliance Technology continuity Project Management IP Protection 2. Implement monitoring process for continuous improvement Risk/Impact matrix Documented offshore risk controls status 3. Offshore Project Management strategy Offshore Risk Mitigation Master Plan Prioritized activities Funding and resources Timeline Success criteria Team structure Offshore project risk management framework Regulatory Compliance Report Incident response plan Continuous improvement process for risk mitigation DELIVER-ABLES

6 First Step: a Threat and Risk Assessment
Kroll Offshore Risk Workshop Deliverable (Example) High Define Threats, their probability and the business impact Classify Risk impact of the threats Analyze Existing controls Business processes Overall preparedness posture Design Develop an initial option to address each risk Technology Outage Product Counterfeiting Kidnap & Ranson Cyber-terror Risk Impact Product Design Loss Transfer Change Business Impact Risk Management Options Monitor Control Low R&D theft Low Cyber-fraud Regulatory Non-compliance Low High Risk Probability

7 Consider These Questions:
Have you conducted a thorough offshore risk assessment and analysis Do you have written policies for IP protection with your service provider and your customers? Is there a seasoned offshore specialist in charge of the program? Do you have external legal advice? What is the track record for the target region/vendor for risk incidents? Are there country-specific issues e.g. bribery, corruption, counterfeiting, ineffective law enforcement, data protections laws? What is the security status of the region’s IT and network infrastructure where your service provider is located? What is the region/country record for successful prosecution of cyber-crimes? What is the in-country policy for employee privacy, background screening, hiring/firing, etc? Are there exposures due to ancillary agreements with other contractors? Do they meet your standards as well as those of your customers?

8 Discussion

Download ppt "“Mitigating Offshoring Risks in a Global Business Environment“"

Similar presentations

Course: e-Governance Project Lifecycle Day 1

Course: e-Governance Project Lifecycle Day 1
Nick Vennaro, NHIN Team (Contractor), Office of the National Coordinator for Health IT Michael Torppey, CONNECT Health IT Security Specialist (Contractor)

Nick Vennaro, NHIN Team (Contractor), Office of the National Coordinator for Health IT Michael Torppey, CONNECT Health IT Security Specialist (Contractor)
© 2008 Cisco Systems, Inc. All rights reserved.Cisco Confidential 14854_10_2008_c1 1 Holistic Approach to Information Security Greg Carter, Cisco Security.

© 2008 Cisco Systems, Inc. All rights reserved.Cisco Confidential 14854_10_2008_c1 1 Holistic Approach to Information Security Greg Carter, Cisco Security.
IT Governance Infocom India Presentation December 6, 2006.

IT Governance Infocom India Presentation December 6, 2006.
Clean Water Act Integrated Planning Framework Sewer Smart Summit October 23, 2012.

Clean Water Act Integrated Planning Framework Sewer Smart Summit October 23, 2012.
Tax Risk Management Keeping Up with the Ever-Changing World of Corporate Tax March 27, 2007 Tax Services Bryan Slone March 27, 2007.

Tax Risk Management Keeping Up with the Ever-Changing World of Corporate Tax March 27, 2007 Tax Services Bryan Slone March 27, 2007.
Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch

Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch
“Limiting electronic fraud through an Information Security Management System (ISMS): An Introduction to ISO 27001 Presented to the ICGFM Annual Conference.

“Limiting electronic fraud through an Information Security Management System (ISMS): An Introduction to ISO 27001" Presented to the ICGFM Annual Conference.
The Outsourcing Process

The Outsourcing Process
ISO 17799: Standard for Security Ellie Myler & George Broadbent, The Information Management Journal, Nov/Dec ‘06 Presented by Bhavana Reshaboina.

ISO 17799: Standard for Security Ellie Myler & George Broadbent, The Information Management Journal, Nov/Dec ‘06 Presented by Bhavana Reshaboina.
Introduction to International Business Discussion Section April 6, 2007 Sanny Liao.

Introduction to International Business Discussion Section April 6, 2007 Sanny Liao.
Security Posture Assessment (SPA) Headquarters: Ofisgate Sdn Bhd (610820-A), 2-15 Jalan Jalil Perkasa 13 Aked Esplanad, Bukit Jalil, 57000 Kuala Lumpur,

Security Posture Assessment (SPA) Headquarters: Ofisgate Sdn Bhd ( A), 2-15 Jalan Jalil Perkasa 13 Aked Esplanad, Bukit Jalil, Kuala Lumpur,
© 2012 McGladrey LLP. All Rights Reserved.© 2014 McGladrey LLP. All Rights Reserved. © 2012 McGladrey LLP. All Rights Reserved. © 2013 McGladrey LLP. All.

© 2012 McGladrey LLP. All Rights Reserved.© 2014 McGladrey LLP. All Rights Reserved. © 2012 McGladrey LLP. All Rights Reserved. © 2013 McGladrey LLP. All.
Technologies Pvt. Ltd. MOVING NODE BPO Services. ¤Company Overview ¤Business Portfolio ¤BPO Infrastructure ¤Services Provided ¤Outsourcing ¤Quality ¤Risk.

Technologies Pvt. Ltd. MOVING NODE BPO Services. ¤Company Overview ¤Business Portfolio ¤BPO Infrastructure ¤Services Provided ¤Outsourcing ¤Quality ¤Risk.
Software Asset Management

Software Asset Management
IT Outsourcing Andy Darnell Jennifer Lawrence Jessica Pruitt.

IT Outsourcing Andy Darnell Jennifer Lawrence Jessica Pruitt.
Consultancy.

Consultancy.
Financial Advisory & Litigation Consulting Services Risk Management 2006 September 14-15, 2006 The Metropolitan Club, New York, NY Workshop B: Information.

Financial Advisory & Litigation Consulting Services Risk Management 2006 September 14-15, 2006 The Metropolitan Club, New York, NY Workshop B: Information.
Nick Wildgoose 8 March 2012 BCI Workshop DELETE THIS TEXT AND PUT COMPANY LOGO IN THIS WHITE SPACE Understanding Risk within your Supply Chain SC1(V1)Jul/05/10GC/ZCA.

Nick Wildgoose 8 March 2012 BCI Workshop DELETE THIS TEXT AND PUT COMPANY LOGO IN THIS WHITE SPACE Understanding Risk within your Supply Chain SC1(V1)Jul/05/10GC/ZCA.
Topic: Information Security Risk Management Framework: China Aerospace Systems Engineering Corporation (Case Study) Supervisor: Dr. Raymond Choo Student:

Topic: Information Security Risk Management Framework: China Aerospace Systems Engineering Corporation (Case Study) Supervisor: Dr. Raymond Choo Student:

Similar presentations

Ads by Google