It is common practice for the modern business to outsource part or all of its IT requirements to an IT supplier. There are numerous benefits for this, namely immediate access to technical experts without the need to recruit specialised personnel. IT suppliers on the other hand also market themselves as a ‘one-stop’ shop for their clients’ requirements. As the business trust develops, more opportunity opens for IT suppliers to upsell services to customers based on various premises, not least the efficiencies of the service maintenance supply. Naturally the debate arises about the cost effectiveness of such a service and whether this should be contracted out or else by employing an in-house IT specialist. The ensuing debate could be endless.
Often, business owners fail to differentiate between Management of Information Systems and IT governance where it makes more sense for the latter to be left within the organisation. As a strategic resource, outsourcing must be governed accordingly¹. As an IT auditor, I encounter situations where the customer is either:
- sold a system or service which exceeds current and future IT requirements of the firm, or
- stuck with an inadequate system or service due to lack of accountability by the IT supplier.
The correct IT systems and services are intended to enable organisations to be more efficient, competitive and agile. If the need to engage IT suppliers for a specific job is compelling, the following points should be addressed in the Service Level Agreement (SLA):
- Duration of contract – Outlines the start and ending date of an agreed contract of service.
- Regulatory and compliance requirements – Offers the benefits of ensuring that the operation is within the law governing the industry.
- Bill of Quantities or services to be provided – Allows the business owner to know upfront the extent of his/her IT hardware specifications and costs.
- Roles & responsibilities with obligations and clear escalation paths; in case the issue is not resolved in eight hours by the first level engineer, escalate to second level – Provides a structured undertaking of the course of action that should be taken and expected timeframes in case of system outage together with related contact points.
- Communication protocols; Issues should be reported via email? – Accords a faster and more direct method of recording and raising of an issue to the appropriate sources for attention.
- Payment terms – Maps out the payment instalments enabling the business owner to plan his finances.
- Finally, SLA’s should always be signed and dated by both parties. – Implementing these guidelines will not only benefit the customer but it is also an opportunity for the IT supplier to improve the portfolio of services.
‘Estimates of resources needed to manage outsourced services effectively range from 1-7 percent of contract cost’, Venner and Bays, 2002