دیدگاه های ریسک کسب و کار در برون سپاری سیستم های اطلاعاتی

Information systems (IS) outsourcing research has continued to evolve over the past decade to reflect changes in its practice and a deeper understanding of its business impact. Typically, the drivers of outsourcing decisions are both internal and external to the outsourcing organization and have been the basis for such studies. Since IS essentially represents an organization's implementation of its business processes, this paper approaches IS outsourcing by explicitly integrating issues related to business process outsourcing. The resulting business risk management framework provides a basis for effective IS outsourcing. The framework is further discussed within the context of outsourcing in e-business. By adopting a risk management perspective, this paper provides a strategic direction to further the field of IS outsourcing research.

Lehman Brothers and Goldman Sachs expect business process outsourcing to grow to $500 Billion by 2004 (Spagat, 2001). In a March 2001 report, Goldman Sachs called business process outsourcing “the next big wave” in information technology services (Spagat, 2001). Companies that focus on providing business process outsourcing services include the likes of International Business Machines (IBM), Electronic Data Systems, Computer Sciences Corporation, and a fledgling unit of PricewaterhouseCoopers, that is the smallest but fastest growing of that firm's six business lines3(Spagat, 2001). The projected growth and “blue-blood” corporate involvement in business process outsourcing, therefore, are indicative of the high relevance of the issue in the current economic environment. Despite the recent focus on business process outsourcing in the popular press, identifying the most compatible fit between Information Systems (IS) functions and organizational goals has been a critical IS management issue since the mid-1980s Brancheau and Wetherbe, 1987, Dixon and John, 1989, Niederman et al., 1991, Watson and Brancheau, 1991 and Brown and Magill, 1994. Research interest in IS outsourcing as one of the elements in the larger quest for IS and organizational alignment can be traced back to 1989. That year marked Kodak's landmark shifting of its responsibility for a significant portion of its IS to IBM and other vendors (Smith et al., 1998). Kodak's new paradigm for IS and organizational alignment also ushered in a body of research that continues to explore the organizational implications of the outsourcing of erstwhile intraorganizational IS functions. Prior studies on IS outsourcing have examined managers' and investors' perceptions of outsourcing, what companies typically choose to outsource, and what constitutes good outsourcing practice Smith et al., 1998, Arnett and Jones, 1994, Lacity and Hirschheim, 1993 and McFarlan and Nolan, 1995. Some studies have analyzed specific IS outsourcing cases Cross, 1995 and Huber, 1993, while others have used publicly available data, such as IS outsourcing announcements in the Wall Street Journal or financial data from the Center for Research in Securities Pricing (CRSP) and Compustat(Smith et al., 1998). Some work has indicated that the IS outsourcing decision is motivated more by internal influence (or imitative behavior) than by external influence Loh and Venkatraman, 1992a and Loh and Venkatraman, 1992b, while others have pointed to a mixture of internal and external influences (Saunders et al., 1997). Prior research suggests several reasons for firms outsourcing their IS. These key drivers include financial reasons such as reducing costs, generating cash, and replacing capital outlays with periodic payments. Firms also outsource their IS in order to simplify their management agenda and to renew focus on their core competencies in the organizational value chain. Technical reasons for outsourcing, such as improving the quality of IS, gaining access to new talent and technology, and the easy availability of vendors with expertise and economies of scale have also been proposed. Political reasons for outsourcing include dissatisfaction with the IS department, dissatisfaction with the chief information officer, viewing IS as a support function, pressure from vendors, and a desire to follow trends that have received wide acclaim in trade journals and in the popular press (Smith et al., 1998). To a large extent, IS outsourcing appears to owe its popularity to the trend of telecommunications management becoming an IS responsibility, and both computer and telecommunications operations becoming widely regarded as utility functions. From this utilitarian perspective, IS outsourcing is seen to offer unique conveniences to user organizations with regard to software currency, hardware obsolescence, computer capacity utilization, etc. Hence, the economies of scale and connectivity benefits of these utility functions have become dominant concerns for organizations Cash et al., 1988, Dixon and John, 1989, McNurlin and Sprague, 1989, Loh, 1993, Loh, 1994 and Teng et al., 1995. Third party participation in a company's business also appears to have evolved from providing auxiliary services outside core business functions to “mission critical” activities. For instance, smaller organizations traditionally used outsourcing when the costs of systems were prohibitive and suppliers were available. Similarly, larger firms made outsourcing decisions when well-understood labor-intensive back-office support applications were more cost effectively managed by third-party providers (Zahler, 1992). Beginning in the early 1990s, however, precedence was established for outsourcing strategic IS applications. At that time, forecasts suggested that most Fortune 500 companies would outsource at least some of their core needs to third-party providers by the turn of the century (Lacity and Hirschheim, 1993). As corporate structures have decomposed and as the IS outsourcing phenomenon has accelerated, the loss of control of the IS function to external parties has become the focal point of discussion (Behara et al., 1995). Today, larger corporations are outsourcing a wider variety of components and services and increasingly relying on smaller firms to supply them. More attention is also being devoted to organizational structure issues and especially to structures that enhance innovation (Conklin and Tapp, 2000). In keeping with these trends, this paper departs from prior IS outsourcing research in a significant manner. It moves the focus from the mere sourcing of technologies to the sourcing of business processes. The next section of the paper proposes three managerial frameworks for IS outsourcing. The section following the managerial frameworks addresses IS outsourcing from both generalized business risk management and specific e-business risk management perspectives. The concluding section of the paper presents a business-risk-oriented research framework for the examination and understanding of organizational adoption and use of IS outsourcing

The magnitude and duration of outsourcing contracts are an indication of the fundamental and permanent changes that are beginning to take place in business process outsourcing. The continued growth of business process outsourcing contractors is largely dependent on their ability to effectively manage the managerial and business risk of the outsourcing effort. This paper presents an initial framework to understand the risk associated with the capabilities of firms and their outsourcers. From the perspective of accounting information systems researchers, the outsourcing of IS functions must be reconciled with the outsourcing of business processes. This is because in the final reckoning, business process effectiveness is usually the ultimate determinant of IS outsourcing success. A framework for such reconciliation has been proposed here. Our framework extends existing IS outsourcing models by addressing the emerging reality of business process outsourcing and risk management to such models. These extensions include issues such as the need for SLAs that guarantee service levels regarding network and application availability, reliability, and scalability. SLAs must also include performance measurement metrics that stretch beyond a single corporate perspective to one that includes a network of organizations. Since financial compensation and relationships are closely tied to performance measures among outsourcers and vendors, there is also the need for derivative-like instruments that measure single-firm success in the context of group success. Business process outsourcing also opens up new opportunities for assurance and attestation functions. Hence, project risk assessments, the need for timely incidence and internal audit reports, and the need for operational risk assessments provide new opportunities over auditors' traditional assurance tasks. In the same vein, the demand for fraud reports and legal opinions also add to the traditional mandate of external audit reports for accountants. These new attestation and assurance functions raise issues regarding the veracity of electronic data collection and transmission, party origination and authentication, data encryption, and timeliness of processing that, while closely allied to traditional accounting and audit functions, are devoid of official pronouncements and guidance, and hence require significant risk exposure on the part of accountants as well. Some of these risk exposures are already being debated in the form of questions regarding the efficacy, acceptance, and usefulness of the AICPA's WebTrust and Systrust initiatives, and its recent focus on “new commerce.” In this paper we have argued the need for the accounting profession to continue to evolve from being attestors of historical and single-firm financial statements to becoming value-added service providers in an increasingly networked world. Business process outsourcing among partner firms may appear to be just IS outsourcing arrangements at first glance but in reality represents a global phenomenon whereby organizations today are defined more by the nexus of their partners than by their individual performance alone. We consider that these new dimensions of potential accounting involvement enrich the IS and business process outsourcing debate and provide a fertile area of future research for accounting and IS scholars alike