Archivi categoria: outsourcing

The Sarbanes-Oxley Act: implications for large-scale IT outsourcing

James A. Hall, Stephen L. Liedtka, “The Sarbanes-Oxley Act: implications for large-scale IT outsourcing”, Comm ACM 03-2007

“Until they are certain that outsourcing IT management is the best possible option, firms would do well to maintain and invest in their own in-house IT assets.

Two sections of SOX are especially important to corporate IT departments:
Section 404. Called “Management Assessment of Internal Controls,” it mandates that corporate CEOs implement internal controls over their financial reporting systems, physically test these controls, and certify in writing that they function correctly. As a practical matter, the vast majority of controls are embedded in computer technologies that involve virtually
all of an organization’s financial transaction processing systems; and
Section 302. Called “Corporate Responsibility for Incident Reports,” it requires senior financial executives to disclose deficiencies in internal controls and fraud (whether material or not). Also, public accounting firms must attest in their audit opinions to the adequacy
and function of their client firms’ internal controls. Prior to SOX, auditing standards required
auditors only to be “familiar” with internal controls.

While large-scale IT outsourcing may appear to be a way to address the costs of SOX compliance, outsourcing contracts can actually increase the likelihood that a firm will fail to
comply with both the detail and the spirit of SOX.
Specifically, large-scale IT outsourcing increases the risk that top management and boards of directors will be unable to fulfill their oversight duties; that firms will employ ineffective internal controls over financial statements; that financial reports will be inaccurate
and/or misleading; and that firms will fail to protect shareholder wealth.

Finally, we note that an outsourcing client’s competitive success depends on the vendor’s ability to perform. Electronic Data Systems Corp. (EDS) has demonstrated the potential for vendor failures to have drastic, perhaps unforeseeable, financial repercussions.
EDS has struggled due to a variety of factors, including its own financial reporting failures and the bankruptcies of two of its largest customers—WorldCom and US Airways. In order to cut costs, EDS terminated 7,000 employees, which affected its ability to serve its clients. Following an 11-year low in share prices in 2002, EDS stockholders filed a class-action
lawsuit against the company. Vendors experiencing such serious financial and legal problems clearly threaten the viability of their strategic partners, as well as their ability to maintain internal controls and completely and accurately present financial information.”

CIO Magazine – Postmodern Manifesto

CIO magazine 1 may 2006

The Postmodern Manifesto, by Christopher Koch

In a 2005 SIM survey of skills that CIOs expect to most value in their IT staffs over the next three years, project management led the list, followed closely by company, functional and industry knowledge. Other skills in demand included business process reengineering, user relations management, negotiation, change management, communication and managing expectations. Only two technical skills (systems analysis and systems design) made the top 15—and both of those skills focus more on architecture and process than on hard-core programming.

To some extent, the deconstruction of IT has already occurred, especially in big companies where the large scale of IT and the separation of IT functions such as help desk, application maintenance and some programming have made them candidates for outsourcing. More and more jobs in IT will become components in a distributed services supply chain modeled on today’s distributed manufacturing supply chains.

IT departments already have undergone a structural shift. The number of programmers employed in the United States has dropped by 25 percent since its peak in 2000, even though the total number of IT workers has increased slightly since then, according to the Bureau of Labor Statistics. In our “State of the CIO 2006” survey, 76 percent of respondents said they outsource application development, maintenance or support—more than double the next highest category.

In one respect, the distributed services supply chain model is actually creating more work. As pieces of the IT supply chain break off and become more specialized, the need for coordination of the pieces increases. That means the number of internal jobs dependent upon external people is increasing. This shift is reflected by the new emphasis in IT departments on relationship management and project management.
Economists call these kinds of skills tacit work, which requires the ability to analyze information, grapple with ambiguity and solve problems, often based on experience. Tacit interactions are complex and require interaction (such as managing a software development project) rather than being simple and solitary (fielding help desk calls with a script, for instance).

Tacit jobs have been growing three times faster than employment in the entire national economy, according to consultancy McKinsey, and they make up 70 percent of all U.S. jobs created since 1998 and 41 percent of the total labor market in the United States. These roles track pretty closely with the categories where the Department of Labor says IT employment has made the biggest gains since 2000: application engineers, systems engineers and network analysts.

Lean and contracting situations – Mary Poppendieck

post il 3-1-2007 RE: [leandevelopment] Budgeting a Lean Project


It seems that you are in a contracting situation, as opposed to developing software for use within your own organization. If I can make that assumption, then I would suggest that lean principles are not particularly viable unless lean contracting is also part of the equation. When you reach organizational barriers and lean organizations run up against non-lean organizations, it is often impossible for the supplier to act in a lean manner.

As an example, many automotive suppliers have adopted lean practices in order to supply Toyota. The lean areas of their plants are much more efficient and cost-effective, but they are usually not able to supply other automobile companies with the lean area of the plant – they have to maintain a non-lean (and less efficient) area of the plant to serve those other customers. Why? Because the Detroit automotive companies still want parts delivered in large batches – they thin the economies of scale are the dominating factor in their business, despite decades of evidence to the contrary.

Similarly, if you have customers that believe that accumulating huge batches of detailed requirements is the most efficient way to contract with suppliers, then you may have to operate in a non-lean way with those customers. When you find customers that want a lean supplier, you can partner with them in a lean way, and as the automotive suppliers found out, deliver better, more cost effective software. However, in general, the choice lies with the customer, not the supplier.

Mary Poppendieck