The vetting process can take companies from three months, to more than a year, before a good decision is possible on whether to hire a service provider. During that time, say outsourcing experts, the companies should check customer references, make onsite visits, and get to know the vendor’s leaders and its employees to be assigned to the specific client work. “It’s surprising how many companies will sign on to an offshoring agreement without a company visit or more than just a perfunctory, one-day visit,” Kennedy says.
In addition, companies should use their internal experts to assess the vendor’s resources. Have your IT staff look at the contractor’s infrastructure. Ask internal auditors look at the vendors’ financial records. And CFOs, too, should meet with their counterparts to confirm that finance executives of the potential contractor have principles that mesh with their own, suggests Singh, who as Patni’s CFO regularly meets with prospective clients. Singh further recommends that companies get to know the vendor’s board members, and review their independence and governance policies.
Outsourcers are also promoting their competition, to some degree. They recommend that their clients spread their risk among geographies and vendors. Singh notes that this option may not be available for smaller companies that need to consolidate their services with one vendor to get the best prices.
Experts also advise sticking with well-known brands that trade on the U.S. exchanges, and are subject to the U.S. securities laws. That could help, as far as it goes. However, Satyam is registered with the U.S. Securities Exchange Commission, because its American depository shares trade on the New York Stock Exchange, and it files financial statements with the regulator in U.S. GAAP. Both Raju and Vadlamani certified the company’s most recent annual report, as required under the Sarbanes-Oxley Act.
Another data point to consider when hiring an outsourcer is a SAS 70 audit. One type among these reports provides insight into a service provider’s controls; however, reports often are limited in scope, and driven by the vendor itself rather than its audit firm, notes Benvenuto. “SAS 70s are a good starting point, but they’re only one of the tools of good practice,” adds Robert Stroud, international vice president of ISACA, a trade organization for IT governance professionals.
To manage the many aspects of assessing vendor credibility, and whether there is a good fit, Kennedy recommends that companies hire advisory firms, such as Equaterra or TPI. These consider themselves unbiased mediators that record vendors’ hang-up rates, likelihood of meeting service-level-agreement terms, and the number of renegotiated contracts, among other measurements.
They also act both as matchmaker and marriage counselor, before and after an outsourcing contract is signed. They’re not auditors, however, and they don’t audit the financial statements of the service providers — in fact, such a request that would probably be denied by a vendor, says Rutchik. “Nobody expects a cooking-the-books problem,” he tells CFO.com. “It would have been impossible to detect unless you were one of the people involved in the fraud.”