Protiviti: Companies highly exposed to outsourcing risks

15 July 2014

Organisations are taking large risks in the manner with which they work with external parties. A new research from consulting firm Protiviti reveals that risk management practices for external vendors are still far off best practices, exposing the business and outsourced functions to unwanted risks.

Over the past decades outsourcing has grown to become one of the most important business themes for global businesses. Driven by the ambition to gain a competitive advantage, in particular in the area of costs and service quality, large companies have decided to outsource key business processes to mainly low cost labour countries. According to the latest data from analysts, the global BPO and IT Services market is estimated to be worth a massive $952 billion, of which IT Services represents roughly two-thirds of the market*.

Global Size of the BPO and IT Outsourcing Market

In addition to the outsourcing trend, the past years has seen a large increase in cooperation among firms or networks of firms. The number of partnerships with external partners either per line of business or functional area (e.g. research & development, innovation, etc) has grown rapidly.

Vendor Risk Management
Against the backdrop of these two developments the management of risks associated with external partnerships – known as Vendor Risk Management (VRM) – has becoming an increasingly important focus area for executives. As running the day to day operations of companies is more and more reliant on external partners, a shortfall in the partnership could potentially have a disastrous effect on business. As a result, managing vendor risk has become a key priority for departments that have outsourced services (IT, Finance, etc) and departments that are responsible for the performance of the cooperation such as Legal and Procurement.

Despite the importance, a new report from Protiviti, labeled ‘Vendor Risk Management Study 2014’, reveals that companies are not performing too well in terms of vendor outsourcing risks. Earlier this year the consulting firm asked nearly 450 IT and risk management professionals to rate their organization against a best practice model, known as the Vendor Risk Management Maturity Model**. For each of the eight categories, the average score did not surpass a 3.0 on a scale of 5.0, implying that Vendor Risk Management has been established (maturity of 3.0) but not yet fully operational (maturity of 4.0), and nowhere near a state of continuous improvement (maturity of 5.0).

Maturity of Vendor Risk Management

“Many companies aren’t adequately or effectively protecting themselves from exposure to vendor outsourcing risks. This could result in their potential exposure to system compromise, fraudulent abuse of data and, in some cases, regulatory exposures and fines, which could have significant impact on their brands and reputations,” says Rocco Grillo, Protiviti’s global leader for incident response and forensic investigations.

* Analysis from, based on data from HfS Research, 2013.

** The Vendor Risk Management Maturity Model (VRMM) is a maturity model that measures the quality and maturity of risk management activities associated with working together with external vendors. The model consists of five maturity levels: 1. Initial visioning. 2. Determine roadmap to achieve goals. 3. Fully defined and established. 4. Fully implemented and operational. 5. Continuous improvement – benchmarking, and moving to best practices.


More news on


Outsourcer Interserve's rescue plan sparks share slide

13 December 2018

Embattled government contractor Interserve has announced a plan to reduce its debt by issuing new shares. The material dilution for current Interserve shareholders has prompted a further collapse in the firm’s stock value – which fell by more than 50% following the news.

Almost a year after Carillion fell into shock administration, the shadow of the collapsed government contractor still hangs heavy over the outsourcing industry. At the time of its demise, Carillion was involved in the HS2 high-speed rail line, the management of schools and prisons, and was the supplying of maintenance services to Network Rail. Such was the extent of its influence at the Ministry of Defence – for which it maintained 50,000 homes – that news of the collapse forced Defence Secretary Gavin Williamson to trigger a meeting of the Government's Cobra emergency committee to discuss the situation.

The events of early 2018 put thousands of jobs at risk, while the outsourcer – used by the Government to theoretically save money – ultimately cost taxpayers £148 million. Following that, in a bid to safeguard public services and funds from a future collapse of an outsourcing provider, the British Government has since called on a number of professional services companies to draft IT cheat-sheets to be used in the event of their administrations. Volunteers Capita, Serco and Sopra Steria are understood to have created so-called ‘living wills’ already, with others to follow suit.

Outsourcer Interserve's rescue plan sparks share slide

That news will do little to calm the fears of observers that a second Carillion has long been on the cards, however, in the shape of beleaguered outsourer Interserve. One of the UK's largest providers of public services, the multinational support services and construction company based in the UK previously boasted a revenue of £3.2 billion in 2015, and a workforce of more than 75,000 people worldwide – 45,000 of whom are based in Britain. In October 2017, however, the firm’s shares tanked sharply in what has proven to be a protracted crisis for the company.

Thanks to increasingly competitive markets, the cleaning-to-building group has been grappling with poor trading results and climbing costs which initially provoked a stock value slide of more than 30%. This followed the embattled firm’s suggestion that it might breach its banking covenants – as operating profit in the second half of the year was set to be around 50% lower than previously expected. In February 2018, this led to the UK Government enlisting professional services giant Deloitte to keep watch over Interserve.

Since then, the firm managed to evade further negative press for the bulk of the year, but it has now emerged that share prices have once again collapsed – this time following the revelation that Interserve is seeking a ‘rescue deal’. Details of the plan are yet to be finalised, with a concrete outline expected to be announced early next year.

With the situation currently balanced on a knife’s edge, creditors are cautious about their next steps. According to the BBC, sources close to Interserve's creditors have said that they may have to write off some of the loans to ensure the company's survival, while lenders also described talks around the company's future as "extremely fluid." However, with a figurative millstone of £500 million in debts still hanging around Interserve’s neck, the firm announced that it would issue new shares as part of a long-term recovery plan endorsed by the Government.

Rescue plan

Shareholders reacted badly to the news that the value of their stake in the company was in line to be slashed, in what Interserve terms a "material dilution for current Interserve shareholders." Interserve’s shares initially fell as low as 6.5p, and while they rallied to an extent to close at 11.5p, this represented a 53% fall. One year ago Interserve's share value stood at 100p each.

While the company’s future would seem to hang in the balance, some factors point toward certain quarters thinking Interserve is too big to fail. In line with Carillion – which received multiple new contracts from the Government even after a number of profit warnings – Interserve has been boosted by a number of lucrative engagements. Following its 80% stock slide in 2017, the firm secured a five-year facilities management deal worth £227 million with the Department for Work and Pensions. In December 2018, meanwhile, Interserve was awarded a new £25 million contract for the redevelopment of Prince Charles Hospital in Merthyr, Wales.

According to a number of media outlets, Interserve is expected to imminently announce it has secured new public service contracts on top of this. Thanks in no small part to this influx of business from the public sector, Interserve claims its prospects are improving, and it will increase profits this year. At the same time, the UK’s opposition party has insisted that no new government contracts should be awarded to the company while it is in a parlous financial position. The Labour Party's position has been criticised within the industry as being detrimental to the future of a company that employs a large number of UK staff; however, the party argues it would save money and bolster standards of provision to simply move those roles back ‘in house’, rather than risk paying outsourcers with patchy financial outlooks.

Commenting on the situation, a Cabinet Office spokesperson said, "We monitor the financial health of all of our strategic suppliers, including Interserve, and have regular discussions with the company's management. The company successfully raised new debt facilities earlier this year, and we fully support them in their long term recovery plan."

Related: Growth in UK outsourcing industry nears 20%, cloud main driver.