Terror times; Is outsourcing safe?
large global firm runs its trading desk out of Mumbai. Bookings for a leading airline are happening out of another office in a neighbouring city, while the telecom infrastructure of an overseas operator is being remotely monitored from another location in the country.
A terror attack on any of these sites can have significant implications for corporations in the US and other parts of the developed world as India emerges as the world’s back-office.
For instance, if a trade is not squared off on time, the firm will have to carry higher liabilities. Wednesday’s attack raises questions about the vulnerability of these locations to terror threats and the preparedness of firms and authorities to tackle them.
The issue assumes importance as nearly seven out of every 10 outsourced processes come to India, according to industry estimates. While 6-7 years ago, business process outsourcing (BPO) mostly involved basic data entry, a number of mission critical processes such as airline bookings and investment research are now taking place out of offices in Mumbai, Pune and Bangalore.
In its strategic review, Nasscom, the apex industry body, notes, “Indian BPO has undergone significant transformation since its inception over a decade ago... The past few years have seen the scope of these services expand progressively to include more complex processes involving rule-based decision making and research requiring informed judgment and domain knowledge,” the apex industry body notes.
Indian firms also manage infrastructure worth over $3-4 billion remotely for clients. Damage to these locations can bring down desktops and servers, besides crippling entire sections of organisations outside India. “After 9/11, there is a greater appreciation of the risk arising from a terror attack,” admits KPMG executive director Akhilesh Tuteja.
“But the level of preparedness even for mission critical operations is below average,” he adds. The redundancy plan usually involves a backup and mutiple service providers to ensure connectivity. But process capability and an ability to swiftly execute the process at another centre are not a reality in most cases.
“Disaster recovery plans are like an insurance you may never use. There is now an awareness about the need to have them, but the decisions are usually postponed because this is not an investment that will result in growth. Firms usually make investments for growth,” says PriceWaterhouseCoopers managing consultant Nikhil Donde.
Companies are saving costs amid the slowdown, as every bit can eat into margins. Multinational parents are managing a majority of the mission critical operations by way of captives. Ideally, 70% of the process should be offshored and 30% retained at the onsite location to minimise the risks, according to Mr Tuteja. But again there is a trade-off on costs, with real benefits kicking in only when the process is completly offshored.
In client contracts with third-party firms, it is not uncommon to find clauses related to business process continuity (BCP). However, these clauses rarely go into specifics and are usually interpreted in terms of having a multi-locational presence, back-up capability and multiple connectivity providers. Rarely do they consider whether the alternate locations will have people with the necessary skills. And this is really the biggest threat in a terror attack, when people at one location can be killed, say the experts.
Source: Economic Times
No comments:
Post a Comment