Morrison & Foerster : Legal Updates & News : Legal Updates : Managing Legal Risk in a Multisource Environment

This legal update was first published by CIO Connect, a leading networking organisation for CIOs and top IT executives. For further information about CIO Connect visit: http://www.cio-connect.com/

Because of its generality, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

Print page

Email page

			Related Practices: Sourcing

Managing Legal Risk in a Multisource Environment

September 2007
by Anthony Nagle, David Skinner

There has been a clear trend over the past couple of years for more and more businesses to move away from full scope, full service IT services and outsourcing contracts. The current preference for many companies is for a “multisource” environment where a number of service providers are managed together, either as part of a hierarchy or in parallel.

One consequence of the shift to multiple service providers is the requirement for more interaction between the different service providers and a resulting need to manage the legal risks. More interaction means more risk. So, what steps can a customer take to manage the risks if it decides to go down the multisource route?

Level of Control

One of the most basic, but key, steps that a customer can take to manage its risks is to ensure it has the right level of control over the multisource environment. Irrespective of the effort expended by the customer in creating the best possible contract, if there are insufficient numbers of appropriate staff in place to carry out the post-signature contract management activities or if such activities are poorly performed, the multisource arrangements will almost certainly fail.

Given that the customer will have to interface with many more parties than in a traditional single-source regime (i.e., where a single prime contractor is responsible for a range of sub-contracted service providers), the customer will need to retain a significant degree of control in order to make the multisource environment work successfully. This is likely to mean retaining more staff than might otherwise be the case in a single-source arrangement. Indeed, in some cases, because of the greater management skills required, additional new staff with appropriate contract management experience may need to be hired by the customer. However, this will be a small price to pay to ensure that the contract is performed as required while at the same time significantly reducing the customer’s risks and liabilities during the life of the contract.

Governance

The onus is on the customer to put an appropriate governance structure in place to ensure that the multisource environment is managed effectively. Governance structures can vary significantly, but they are primarily used either to manage the relationship between the customer, service provider and sub-contractors or to manage the number and quality of sub-contractors that the provider is entitled to use. A typical governance structure will also involve many layers of interaction between the customer and the various service providers. For example, (i) at the top level there will be some type of partnership board which will be attended by senior management from both the customer and each of the service providers, (ii) underneath the partnership board, there are likely to be sub-structures for each service provider consisting of project executive committees (attended by senior executives of both the customer and the service provider) and regional and possibly country level executives/committees (again, with both the customer’s and the service providers’ regional or country specific executives attending); and (iii) at the lower end of the governance structure, there will be “project manager” to “project manager” meetings which will need to be attended by the customer and the service providers.

The governance regime should also govern the frequency of meetings, quarterly and annual reviews, the reports required, etc. It should also contain the informal and formal escalation procedures and the dispute resolution procedures that need to be followed by the customer and service providers.

Allocation of Services & Service Definition

It is a key part of the preparatory work in a multisourcing to define correctly the scope of services allocated to the different service providers and the relationship and dependencies between the different sets of services. The difficulty comes in blending these together, especially in multisource environments where the same service is split across a number of service providers who each enter into separate contracts with the customer.

To minimise the customer’s risks and liabilities as much as possible, it is crucial that the services are clearly defined and comprehensively specified. Statements of work supporting the allocation of responsibility between the various service providers need to be put in place and collectively agreed. It certainly helps if contracts are agreed at the same time rather than consecutively because consecutive projects may mean the earlier contracts or statement of works need to be retrospectively amended which may often result in a price re-negotiation. Therefore, it is important to invest time in clearly allocating and defining the scope of services.

Single Point of Responsibility

In a multisource environment, there are two main dangers in the allocation of responsibility for service provision. Firstly, there is the danger that the customer retains too much responsibility without realising it, i.e., if the customer fails to allocate service responsibility fully to the relevant service provider, the customer will have to pick-up (or pay more to the service providers to do so) any activities that are not clearly in-scope for each service provider. Oversights may not always be evident until a problem arises. Secondly, there is the danger that the customer never knows who is ultimately responsible for any given failure, and even if it knows, may not be able to prove it to a sufficient standard to enable the customer to enforce its rights and remedies under the contract.

To minimise these two dangers, during the preparatory work for the multisource, the customer needs to do a gap analysis or carry out appropriate due diligence, end-to-end, across the in-scope services, processes and systems to ensure that all the touch points, hand-overs and responsibilities have been clearly identified and that the customer and service providers know (i.e., via the contract) exactly who is responsible at any particular time for any failures that arise under the contract. The customer needs to carry out this analysis across the services even though they are being split across different contracts with the various service providers. In addition, if the same service is being split across a number of service providers, then to minimise the customer’s risks, the suite of outsourcing contracts should be as interdependent as possible with the service providers required to co-operate (and incentives and penalties put in place to enforce co-operation).

Contract Structures / Multisource Models

The benefit of a single prime contractor structure is that it typically allows the customer to focus on a single supplier to deliver end-to-end responsibility, i.e., at the end of the day, the buck clearly stops with the single prime contractor. However, this is not the case in multisource environments. The contractual vehicles for multisourcing are far more diverse. Typically, a number of contracts will be entered into, either as part of a hierarchy or in parallel, for clearly defined sets of services. Some examples are set out below.

(1) Direct Multisourcing. In a “direct”multisourcing arrangement, the customer negotiates individual agreements with each of the service providers. The various service providers do not have any direct contact with each other, contractual or otherwise, and the whole multisourcing process is managed by the customer itself. This means the customer has to take on the role of project manager across the multisource environment and the customer is unable to demand any co-operation between the various service providers unless it specifically builds in such co-operation in each of the contracts.

(2) Contract Manager Multisourcing. In this model, the customer negotiates and enters into direct individual contracts with various service providers. The relationship between the providers and the customer is managed by an independent contract manager with whom the customer has entered into a management contract. The upside of this arrangement is that the contract manager becomes liable for the integration and management of the multisourcing arrangement, while the service providers remain directly liable to the customer for their services. Another upside which also helps minimise the customer’s risk is that the multisourcing can be managed by an independent party who has specialist knowledge and skill in managing complex outsourcing arrangements. A strong governance structure will also be key to the success of the contract manager model, in particular the scope and manner of the interaction amongst the customer, contract manager and the service providers.

(3) Selective Multisourcing. In some multisource arrangements, customers have chosen to enter into separate contracts for different geographical regions for the same sets of services. The theory behind this is that it allows competition between the service providers, e.g., service provider A covering a set of services in one geography is always at risk of being supplemented very quickly by service provider B in a different region if it fails to deliver the right sort of services correctly. Not only does this approach keep the service providers competitive but it also has the effect of providing the customer with a good business continuity option which will certainly reduce its risk in multi-country outsourcing scenarios. This approach will also help provide certainty for the customer in relation to allocating responsibility for any failures, i.e., because the services are self contained by geographic region, it is unlikely that the service provider will be able to blame any touch points or dependencies it has with other service providers. For similar reasons, some customers choose to award specific self-contained service lines to different service providers under separate contracts with the customer.

(4) Hybrid Approach. Some customers have adopted a hybrid approach of putting in place a single end-to-end contract with a large service provider while requiring that service provider to have beneath it a consortium or series of co-partners who will provide specific sets of services. This enables the customer to ensure a single point of responsibility whilst still tapping into “best-of-breed” service providers for the specific services. The trick in implementing this approach is to have a strong governance mechanism to enable the co-partnering to work and a robust set of value for money mechanisms (e.g., a continuum from benchmarking to market testing to the ability to take back in-house) if the co-partnering mechanism does not work.

Conclusion

It is important that the customer puts the right degree of time, hard work and effort into planning the multisource arrangement. In particular, the early focus should be on identifying the appropriate multisource structure and the individuals that will need to be retained by the customer to manage the multisource environment.

It is also important that the customer makes certain that the service provider relationships are put in place in a planned way with clear interactions, hand-offs and defined responsibilities. Companies which establish clear baselines and structures for their multisource environments will minimise their business risk substantially over and above those which allow multiple service provider relationships to develop in a haphazard way. From our experience of setting up complex multisource environments, the use of a detailed governance structure will also be key to minimising the customer’s risk and liabilities and ensuring the successful management of the multisource environment.