Friday, August 06, 2004

The Risks of O.

B. process O. is expected to grow from $38.9 billion in 2003 to $1.2 trillion by 2006, according to data from the Gartner Group and IDC Consulting, Inc.
O. began transcending IT and payroll to include software applications through the "application service provider" model and a "managed service provider" system whereby vendors host and maintain a company's software on the vendor's off-site system or manage company networks of hardware and software at the company's site. By the late 1990s, the rise of the Internet had enabled companies to outsource entire B. processes and professional staff that traditionally were internal. Internal auditors and financial reporting and tax professionals, for example, are now candidates for out-sourcing. Now also ripe for O. are more critical B. processes, such as customer support, cash management, tax preparation, accounts receivable, and accounts payable.

In a comprehensive article on the risks of O. in Strategic Finance (July 2004,, Mark Beasly CPA, Marianne Bradford and Don Pagach CPA argue that O. can also cause significant risks if it isn't managed effectively and should be analysed beforehand from the perspective of enterprise risk management (ERM). O. can involve the following risks to an enterprise:

  • Strategic/Market Risks
  • Operational Risks
  • Financial Risks
  • Human Capital Risks
  • IT Risks
  • Legal/Regulatory Risks
  • Reputation Risks

Not only should these risk exposures be evaluated and monitored across the enterprise, but their interactive or cumulative effect must also be managed on a portfolio basis. Failure to evaluate and manage O. risks from an enterprise risk management perspective can lead to an accumulation of risks far greater than the risk savings offered by the O. arrangement, thereby exposing key stakeholders to greater amounts of risk than they desire.

The article also contains an explanation of each of these risk categories in relation to O. plus the effects of some proposed federal O. legislation on enterprise risks.