Types of risks associated with outsourcing

Question:

Describe about the report of Aztek Company?

This report has been prepared on analysing the risks that a company would have to face while outsourcing the IT business activities to a third party. The benefits and the challenges involved in the process of outsourcing the task has to be analysed, and the same needs to be communicated with the stakeholders of the company. Risk analysis needs to be reviewed as important details of the company are being shared with the third party for execution. It is essential to analyse, the types of risks that can be faced by the company. This would help in solving the issues in the best possible manner. This report has been prepared for Aztek Company that renders financial services to the clients. The present system of the company has to be analysed, as this would help in analysing the benefits that are associated with the outsourcing of the works (Adamova, 2012).

Risks associated with the outsourcing the financial sector services can be classified into two different factors like –

1. External risks
2. Internal risks

In the external risks, the external factors that can affect the process of outsourcing have to be analysed. This can directly impact the performance of the business. The company can mitigate the risk, by selecting the best service provider that can handle the tasks in the best possible manner. Value of currency exchange has to be analysed, as the company needs to pay for the services that has been rendered by the outsourcing company. A higher fluctuation in the currency value can increase the operational expenses for the company. If this happens, then the management would not be able to save on the operational expenses. In this case, the laws introduced by the federal authorities have to be analysed, as this will help in implying the task. It is quite important to understand the factors that would cause breach of contracts, which would increase the possibility of litigation charges against the company. Such activities need to be reduced as this can directly impact the performance of the company. The risks related to the data protection and privacy methods expected to be followed by the financial industries are always high. This is one of the reasons, the factors that can directly impact the performance of the company needs to be analysed, and corrective steps needs to be taken to reduce any sort of negative impact on the performance of the management (Babcock, 2009).

In the similar manner, the legal and other compliance requirements in Australia and other country need to be analysed. This will help the management in adopting the best strategy through which the changes can be introduced by the company External risks are also associated with the political factors that can directly impact the performance of the company. Such external factors needs to be analysed in a corrective manner, as this will reduce the possibilities of any risk incurrence that can due to inefficient practices followed by the company.

Internal risks are related to different factors like –

• Communication
• Following transparent procedure

External risks

In this case, it is essential to develop a strategy through which the expectations of the company would be clearly and precisely communicated with the outsourced company. This will reduce any sort of risks that are involved with the process of business execution. In some cases, the company can decide to train some of the staffs of the outsourced company. This has been done to increase the quality of customer services that has been rendered to the clients In case the communication system is ineffective then, it can increase the turnaround time for the execution of the tasks. This can directly affect the performance and goodwill of the company. The IT Company needs to store and retire the financial information in the prescribed manner. This will reduce any sort of risks that can directly impact the business performance (Benson, Akella, and Maltz, 2010).

The federal authorities of the country usually impose strict rules and regulations through which the outsourced jobs and their performance are analysed. This is done by imposing strict rules for monitoring the process that has been followed by both the companies. Such a factor is quite important as this would help the management in analysing the loss and other factors that can impact the performance of the company. In order to mitigate such losses it is quite important to draft the best policies that will be suitable for the financial industry supervision. The security measures have to be analysed, and the corrective steps to introduce the required changes needs to be implemented by the management. This has to be done in compliance with the rules that have been framed by the federal authorities. Some of the factors that needs to be handled in this case are –

1. Analyse the policies that are related to the financial sectors. Such rules are related to the process adopted for implementing changes that are associated with financial sectors.

2. Evaluate the challenges that are associated with the process followed for outsourcing the business. In this method, the financial and labour market needs to be analysed. This would protect the management from suffering from heavy losses. The tasks that are expected to be performed but the company needs to be communicated in writing (Brauckhoff, 2006).

3. Communicate the process that is intended to be followed by the company in the best possible manner. This would reduce the possibilities of reducing the losses that are involved in the process.

It is quite important to adopt and implement the best practice through which the issues related to outsourcing can be handled in the right manner. The challenges involved in the process, has to be communicated with the stakeholders as this will help in building long term relationship with the investors. The details, along with the benefits and challenges involved in the process have to be discussed in details.

This report has been prepared on Aztek Company, and the benefits and risks associated with the outsourcing of the key IT functionalities of the company. Some of the important IT related tasks are handling the network issues, developing and implementing desktop management system, and application. These factors are quite important for the successful business operations. The system and the process that is expected to be adopted and implemented by the company need to add benefits to the current system that is followed by the management (Chandola V, Banerjee A, and Kumar V, 2009).

Internal risks

The stakeholders of the company include –

• Clients, both regular and irregular
• Investors in the company
• Staffs including managers of the company
• Government agencies that work towards regulating the policies towards the process related to outsourcing (David, 2010).

The prime objective to evaluate the relevance of the regulations and policies that are associated with the selection and hiring of the third party for outsourcing is to assess the kind of risks the company would face.  Management of the company need to identify, evaluate, manage, and control the system that has been selected to be imposed by the third party. If the risks are not analysed, then it can directly impact the financial performance and goodwill of the company. Apart from this, the information of the clients would be at stake. If this happens then the company might lose many of the customers for good.

Information technology has helped companies of different sizes to retain customer information, analyse the reports, and conduct other important factors in the best possible manner. In fact, data of different size and importance can be retained by the company for a longer period of time. However, handling IT department and the tasks is not an easy task. Depending upon the size of the company and the IT system followed, the management might have to hire additional staffs and create a special department that would handle the tasks. This is quite an important factor, and the benefits and the challenges associated with the same needs to be analysed. The costs associated with the process of having an additional department within the company, is quite a challenge. In this process, the company needs to allocate additional funds and hire specialised staffs that would be able to handle the task. Not many companies are capable of allocating the fund requirement. This is one of the reasons; the management select to outsource (Dekker, 2012).

Aztek offers financial services to the clients in Australia. In order to render the best possible services, the company intends to retain the details of the clients and use the same in the right manner. The management at present is considering the idea to outsource the tasks related to network handling and others to third party. Through this process, the management intends to reduce the operational expenses that would be incurred in terms of additional payment to the IT staffs. Also, the tasks that are related to customer management are expected to be handled in an effective manner. This would improve the quality of performance that has been rendered by the company. The company intends to analyse the risks that are involved in the process of outsourcing the task to a third party.  There are higher possibilities of project failure, in case the company fails to select the appropriate outsourced company (Grobauer, Walloschek, and Stocker, 2011).

Some of the risks are associated with the process adopted for communicating the expectations of the company with the third party. It means the expectations of the company need to be listed down in a precise and accurate manner. This would help the management in executing the tasks related to IT in the best possible manner. The management needs to list down the types of tasks that would be outsourced, as this will help in analysing the risk that is involved in the process. Some of the factors that needs to be considered are –

Compliance with federal regulations

1. Total dependence – The management of the company would have to depend upon the third party completely for execution of the tasks. This is one of the most risky part, and thus effective measures needs to be taken to monitor and control the risks. The agreement needs to clearly specify the type of work that would be performed by the outsourced company. Also the term for carrying out the task needs to be analysed. This would help in developing positive relationship with the outsourced company.

2. Analysing the IS security factors  – By deciding to outsource some or all of the IT tasks, the company choose to share the internal and important information about the clients and the management. This is one of the highest risks that need to be worked upon. This would reduce the possibilities of business impact due to information sharing (Gruman, 2008).

3. Legal consequences – In case, the internal and important information about the clients and the stakeholders are leaked out, then it can create serious problem for the company. In this case, the company needs to analyse the impact of the legal consequences that can affect the performance of the company.

4. Human resource issues – In case, the management choose to outsource the entire IT related task to the third party, and then it might be a challenging task. Here, the company might have to terminate the services of some of the IT managers and staffs, and this can create bad impression about the performance of the company. Such a factor can affect the credibility of the management, and thus the right steps needs to be followed for handling the issue in an appropriate manner.

5. Sharing of confidential information – The details of the company and the clients are confidential. This cannot be shared with any third party, unless it is required to be done. Thus, the management needs to adopt and implement the right type of strategy through which the details would be shared and used in the best possible manner for execution of the task (Joint Forum, 2004).  

In physical IS security issues, the concerns and other challenges can be handled if the right expectations have been set forth by the management of the company with the outsourced company. There are possibilities of losing control over the physical security of the IT system, and thus the management of Aztek has to be careful in implementing the right steps for controlling the negative impact of the same. In order to mitigate the problem related to retention and sharing of information, it is essential for the management to create an effective and reliable back-up system. This would help in securing the confidential information about the company and the clients, whenever required. In the similar manner, there is always a risk related to loss of some or all the confidential information of the company. Thus, planning needs to be done to introduce the right steps through which the required changes can be implemented for securing and retrieving of the information from different sources (Lohr, 2009).

Outsourcing the IT tasks by the company is always a crucial decision. The facts, benefits and threats associated with the process have to be analysed. This will help the management in selecting the better option that would help the company in accomplishing the task. It is quite important to analyse the type of risks that can directly impact the business conduct for the organization. Aztek offers financial services to different types of clients in Australia. In this process, the management of the company retain the crucial information about the clients and process them whenever required. The risk associated with unauthorised usage of the information by the third party for personal usage is always high. This needs to be mitigated, as it will directly affect the performance of the company (Lopez, 2002).  

If the associated risks related to IT factors are not analysed by the management of the company in the right manner, then it will impact the business performance and cause heavy losses to the management. Thus, it is quite important to analyse the real risks that can directly impact the performance of the business. The challenges involved in the process can be analysed through the threat risk model. Through this process, the management of the company can analyse the risks associated with the security system. Such an analysis will help in adopting and implementing the right strategy through which the security system can be improved. Through the model the management attempts to develop an improvement program that will secure the information about the company. In this case, the company needs to put forth the expectations of the management with the outsourced organization. This will reduce the negative impact of the performance of the company.

In this process, the management can develop a framework through which the below mentioned factors can be analysed and worked upon-

• Develop strategies for identifying the security objectives – This includes identifying the challenges that are associated with the information storing. Such a step is quite crucial for the business success. It will help the management in drafting the best policy through which the important information can be stored in by the company (Lu, and Tong, 2009)
• Analyse the application – The requirements of the company might differ from the others. This is one of the reasons the application that has been chosen to be implemented by the company needs to be analysed. This will help in analysing the challenges that are involved in the process. Besides this, it is also possible to take the right steps through which the changes can be implemented by the management in securing the information.
• Highlight the features of security objectives – This is one of the most important tasks that need to be analysed by the company. Through this process, it is possible to analyse the risks that are involved in the process, and adopt the best strategies through which the changes can be introduced by the management. The crucial information about the company needs to be protected and for these necessary measures has to be taken. In this process, the challenges have to be analysed, as this will help in taking the corrective steps (Mell and Grance, 2011).
• Identify the threats – System failure and hacking of the important financial information are some of the threats that can directly impact the business. Thus, it is quite important to make the right decision through which the details can be retained by the company for a longer period of time. In this process, the challenges related to the securing the information and the different ways through which the same can be accessed have to be analysed. This will help in making the corrective decision through which the details can be secured. The threats can be internal and external. Both of them are quite risky and needs to be analysed. Such things would help in analysing the steps that needs to be taken to control the threats.
• Identify vulnerabilities – There are quite a few external and internal factors that can directly impact the performance of the company. in this case, the venerable products needs to be analysed, as this will help in analysing the challenges and taking the right steps through which the risks can be reduced. Unauthorised usage of the details related to financial information of a client, can risk the business performance. The factors that can encourage the members to perform such activities have to be analysed. Such an analysis will help in reducing the risks that are associated with the wrong usage of the information (Miller, 2009).

Thus the management needs to adopt and implement the right strategy through which the risks related to the security management and security controls can be controlled. In this method, it is quite important to adopt and implement an effective strategy for establishing, controlling, implementing, and operating the information security system that has been selected by the company. The standards need to be drafted as this will help in improving the deliverance process. The code of practice can be built upon the ISO strategy, which is considered to be quite useful for the management. Through such process, it is possible for the management to introduce the required changes that is required for securing the information about the business activities. In the control mechanism the foreseeable and unpredicted risks has to be analysed. This would help in drafting the policies through which the security measures can be improved by the management. In the control mechanism, the guidance can be introduced to implement the required changes through which the quality of the tasks can be improved (Nelson, Lim, and Hutchins, 2005).

Many companies choose the services that are based on cloud computing. This has been done as the system offers lots of benefits to the users. However, the risks that are associated with such a system have to be analysed. This will help in overpowering the challenges and executing the tasks in the best possible manner. At the beginning of the task, it is quite important to define the security objectives as this would simply the task. The objectives have to be communicated with the outsourcing company as it will increase the quality of the tasks that is intended to be performed by the company. In this process, the below mentioned factors has to be taken care of –

1. Confidentiality
2. Issues related to integrity
3. Availability of the options (Pascoal, 2012).
4. Multi-party or company trust
5. Transparency followed between both the companies
6. Usability of the features of the services.

By highlighting the features of such factors, the company would be able to develop an effective strategy through which positive and long term relationship with the stakeholders can be developed. Apart from this it is also possible to store the information and use the same in the best possible manner. In this case, it is essential to understand the threats that can directly impact the performance of the business. The web-based threats, especially when the tasks have being outsourced are usually high.  Risks can be controlled or mitigated by adopting expert based analysis approach. This will help in sorting the issue and drafting the best policy through which the changes can be introduced within the system (Peng and Harris, 2010).

In order to reduce the possibilities of the risk, the company need to prepare an effective service level agreement factor. This will help in analysing the challenges and drafting the best policy through which the changes can be introduced. Through this method, the company can highlight the expectations, and factors that need to be handled by the outsourced company in the right manner. This would reduce the risks that are involved in the process of execution of the task.

Aztek has been offering financial services to the clients. The company retains important information about the clients and ensures to use the same in the best possible manner to process the requests. At present, the management of the company has proposed to outsource the IT tasks to a third party. This has been proposed to make the best use of the resources and reduce on the operational expenses. Thus, it becomes quite imperative to introduce a system through which the data of the company can be secured by the management. In this process, the company needs to introduce an effective software based solution for protecting the information. Such details have to be secured from thefts. Also, the system needs to be effective, as this will prevent the hackers from intervening into the details that has been secured by the company. Such factors can directly increase the risks for the company. Thus, it has to be minimised and controlled. In the hardware based solution for security, the management can present the access of the important information and data from being hacked or read by anyone who isn’t authorised to do so. Such prevention will secure the important information of the company. In case of the assisted computer security system, the company can also work on the alternative solution that would be based on the software only computer system. In order to execute the task, the company introduces security token system, which prevents any unauthorised individuals from hacking the important information. In some cases, the users might have to also secure the physical access to the information that has been stored not the system This is quite an important factor, as this will help the management in developing the best step through which the changes related to the security system can be intrigued by the company. The users can access the information that has been stridden into the system, only after entering into the token that has been provided to the users (Ringberg, 2007).

It is quite important to implement an effective back-up system through which the important information can be stored in by the company. Through this process, it is possible to retrieve the important details in case he same has been lost due to reason. In order to protect the data, many countries have implemented an effective data protective act. Through this process, the management of the company ensure to introduce the best strategies that will protect the rights of the company. In this process, the act provides redress to the company or individuals who have suffered form loss due to access of information. The company needs to adopt and implement an effective strategy through which the data can be protected. This is quite an important factor through which the details can be retained by the company, without any fear of losing the same. With the help of the data erasure method, the company can destroy the used or not required data belonging to the client. This is done through the digital medial method, where no sensitive information is leaked to any third party (Smith, 2009).

Conclusion

The objectives of the data management and the outscoring process have to be analysed in the corrective manner. This will help the management in imposing the rules that are considered to be necessary for making the best use of the system. The challenges involved in the process of outsourcing the tasks have to be analysed as this will help in analysing the challenges that are involved in the process. The risks need to be analysed, as this will help the management in selecting the best option through which the challenges can be overpowered by the company. the rules and SLA factors has to be outlined in the right manner, as this will help the company in selecting the best option through which the issue related to data security can be handled in the right manner.

References

Adamova K, 2012. “Anomaly detection with virtual service migration in cloud infrastructures,” Master’s thesis, D-ITET, ETH Zurich, 2013. Retrieved from  ftp://ftp.tik.ee.ethz.ch/pub/students/2012-HS/MA- 2012-17.pdf

Babcock C, 2009.  “Why ‘Private Cloud’ Computing Is Real—And Worth Considering,” www.informationweek.com.

Benson T, Akella A, and Maltz D, 2010., “Network traffic characteristics of data centers in the wild,” in Proceedings of the 10th ACM SIGCOMM conference on Internet measurement, Melbourne, Australia, November 2010, pp. 267–280.

Brauckhoff D, 2006. “Impact of packet sampling on anomaly detection metrics,” in 6th ACM SIGCOMM conference on Internet measurement, Rio de Janeiro. pp. 159–164.

Chandola V, Banerjee A, and Kumar V, 2009. “Anomaly detection: A survey,” ACM Comput. Surv., vol. 41, no. 3, pp. 15:1–15:58.

David C, 2010. Cloud computing around the world,” Multilingual.

Dekker M, 2012. “Critical Cloud Computing A CIIP perspective on cloud computing services,” white paper, European Network and Information Security Agency (ENISA)

Grobauer B, Walloschek T, and Stocker E, 2011. “Understanding cloud computing vulnerabilities,” IEEE Security Privacy, vol. 9, no. 2, pp. 50–57.

 Gruman G, 2008.  “Early experiments in cloud computing,” InfoWorld.com.

Joint Forum. 2004. “Outsourcing in Financial Services.” Consultative document, Basel Committee on Banking Supervision. Bank for International Settlements. https://www.bis.org/publ/joint09.pdf.

Lohr S, 2009. “ Best Buy Prepares for the Post-DVD Era,” bits.blogs.nytimes.com, November 3, 2009.

Lopez J, 2002. “What Is Operational Risk?” FRBSF Economic Letter 2002-02 (January 25). 
/economic-research/letter/2002/el2002-02.pdf

Lu W, and Tong H, 2009. “Detecting Network Anomalies Using CUSUM and EM Clustering,” in Advances in Computation and Intelligence, Macao, China vol. 5821, pp. 297–308

Mell P and Grance T, 2011. “The NIST Definition of Cloud Computing,” National Institute of Standards and Technology (NIST), Tech. Rep. Special Publication 800-145.

Miller R, 2009, “DoD: Cloud Will Save Us `Hundreds of Millions’,” Datacenterknowledge.com

Nelson M, Lim B, and Hutchins G, 2005 “Fast transparent migration for virtual machines,” in USENIX Annual Technical Conference. Anaheim, CA, USA: USENIX Association, pp. 25–25.

Pascoal C, 2012. “Robust feature selection and robust PCA for Internet traffic anomaly detection,” in IEEE INFOCOM 2012, Orlando, FL, USA, pp. 1755–1763.

Peng A, Harris, 2010. “State-sponsored cloud computing could increase in 2010,” civsourceonline.com.

Ringberg H, 2007. “Sensitivity of PCA for traffic anomaly detection,” SIGMETRICS Perform. Eval. Rev., vol. 35, no. 1, pp. 109–120.

Smith E, 2009. “Disney Touts a Way to Ditch the DVD,” Wall Street Journal.

Summers, G. (2004). Data and databases. In: Koehne, H Developing Databases with Access: Nelson Australia Pty Limited. p4-5.

Syarif I, Prugel-Bennett A, and Wills G, 2012. “Unsupervised Clustering Approach for Network Anomaly Detection,” in Fourth International Conference on Networked Digital Technologies (NDT 2012), Dubai, AE, pp. 24–26

Tellenbach B, 2011. “Accurate network anomaly classification with generalized entropy metrics,” Comput. Netw., vol. 55, no. 15, pp. 3485– 3502.

Vishwanath K and Nagappan N, 2010.  “Characterizing cloud computing hardware reliability,” in Proceedings of the 1st ACM symposium on Cloud computing, Indianapolis, Indiana, USA, pp. 193–204.

Waksman, A Sethumadhavan, S, 2011. “Silencing Hardware Backdoors”, Proceedings of the IEEE Symposium on Security and Privacy (Oakland, California)