Information Technology: Leading Commercial Practices for	 
Outsourcing of Services (30-NOV-01, GAO-02-214).		 
								 
As the federal government's largest consumer of information	 
technology (IT) resources, it is critical that the Department of 
Defense (DOD)adopt effective IT acquisition practices. GAO	 
presents a generic framework of practices from leading commercial
organizations to describe activities associated with acquiring IT
services. The framework is composed of a set of leading practices
that represent those most critical to successful outsourcing.	 
Grouped into seven common phases, the practices and underlying	 
critical success factors define an IT outsourcing process.	 
-------------------------Indexing Terms------------------------- 
REPORTNUM:   GAO-02-214 					        
    ACCNO:   A02526						        
  TITLE:     Information Technology: Leading Commercial Practices for 
Outsourcing of Services 					 
     DATE:   11/30/2001 
  SUBJECT:   Defense procurement				 
	     Information technology				 
	     Procurement practices				 
	     Best Practices					 

******************************************************************
** This file contains an ASCII representation of the text of a  **
** GAO Testimony.                                               **
**                                                              **
** No attempt has been made to display graphic images, although **
** figure captions are reproduced.  Tables are included, but    **
** may not resemble those in the printed version.               **
**                                                              **
** Please see the PDF (Portable Document Format) file, when     **
** available, for a complete electronic file of the printed     **
** document's contents.                                         **
**                                                              **
******************************************************************
GAO-02-214
     
A

GAO?s Mission The General Accounting Office, the investigative arm of
Congress, exists to support Congress in meeting its constitutional
responsibilities and to help improve the performance and accountability of
the federal government for the American people. GAO examines the use of
public funds; evaluates federal programs and

policies; and provides analyses, recommendations, and other assistance to
help Congress make informed oversight, policy, and funding decisions. GAO?s
commitment to good government is reflected in its core values of
accountability, integrity, and reliability.

Obtaining Copies of The fastest and easiest way to obtain copies of GAO
documents is through the Internet. GAO?s Web site (www. gao. gov) contains
abstracts and full- text files of GAO Reports and

current reports and testimony and an expanding archive of older products.
The Testimony Web site features a search engine to help you locate documents
using key words and phrases. You can print these documents in their
entirety, including charts and other graphics.

Each day, GAO issues a list of newly released reports, testimony, and
correspondence. GAO posts this list, known as ?Today?s Reports,? on its Web
site daily. The list contains links to the full- text document files. To
have GAO E- mail this list to you every afternoon, go to our home page and
complete the easy- to- use electronic order form found under ?To Order GAO
Products.?

Order by Mail or Phone The first copy of each printed report is free.
Additional copies are $2 each. A check or money order should be made out to
the Superintendent of Documents. GAO also accepts VISA and Mastercard.
Orders for 100 or more copies mailed to a single address are discounted 25
percent. Orders should be sent to:

U. S. General Accounting Office P. O. Box 37050 Washington, D. C. 20013

To order by Phone: Voice: (202) 512- 6000 TDD: (301) 413- 0006 Fax: (202)
258- 4066

Visit GAO?s Document GAO Building Distribution Center Room 1100, 700 4th
Street, NW (corner of 4th and G Streets, NW)

Washington, D. C. 20013 To Report Fraud, Contact: Waste, and Abuse in

Web site: www. gao. gov/ fraudnet/ fraudnet. htm, E- mail: fraudnet@ gao.
gov, or

Federal Programs 1- 800- 424- 5454 (automated answering system).

Public Affairs Jeff Nelligan, Managing Director, NelliganJ@ gao. gov (202)
512- 4800 U. S. General Accounting Office, 441 G. Street NW, Room 7149,
Washington, D. C. 20548

Report to the Chairman and Ranking Minority Member, Subcommittee on
Readiness and Management Support, Committee on Armed Services, U. S. Senate

United States General Accounting Office

GAO

November 2001 INFORMATION TECHNOLOGY

Leading Commercial Practices for Outsourcing of Services

GAO- 02- 214

Page 1 GAO- 02- 214 Outsourcing IT Services

November 30, 2001 The Honorable Daniel K. Akaka Chairman The Honorable James
M. Inhofe Ranking Minority Member Subcommittee on Readiness and Management
Support Committee on Armed Services United States Senate

The Department of Defense (DOD) is the federal government?s largest consumer
of information technology (IT) resources, spending almost $22 billion on IT
in fiscal year 2001. For this reason, it is critical that DOD adopt
effective IT acquisition practices.

To better understand commercial IT acquisition practices and how they
potentially compare with those used at DOD, we reviewed existing research,
held discussions with academic and professional authorities, and interviewed
executives and managers at leading commercial organizations about their IT
acquisition decisionmaking and management activities. We used this
information plus the extensive research and trade literature available on IT
acquisition practices to develop a consensus view of what is critical to
success when acquiring IT services.

On October 31, 2001, we provided the results of our study to your offices
via electronic mail. These results are included as an appendix to this
letter. The purpose of this letter is to officially transmit the information
to you in published form.

In brief, we present a generic framework of practices from leading
commercial organizations, which use the term outsourcing to describe
activities associated with acquiring IT services. The framework is composed
of a set of leading practices that represent those most critical to
successful outsourcing. Grouped into seven common phases, the practices and
underlying critical success factors define an IT outsourcing process.

We would like to thank the Private Sector Council and the commercial
organizations that participated in our study. We would also like to thank
academic and professional experts for providing comments and suggestions
during the development of the framework.

United States General Accounting Office Washington, DC 20548

Page 2 GAO- 02- 214 Outsourcing IT Services

Should you or your offices have any questions concerning this report, please
contact me at (202) 512- 7351 or Lester Diamond, Assistant Director, at
(202) 512- 7957. We can also be reached by e- mail at mcclured@ gao. gov and
diamondl@ gao. gov, respectively. Copies of this report are also available
on GAO?s Web site at www. gao. gov. Key contributors to this report were
Michael P. Fruitman, Tamra Goldstein, Sabine Paul, and Catherine Schweitzer.

David L. McClure Director, Information Technology Management Issues

Appendix

Page 3 GAO- 02- 214 Outsourcing IT Services Leading Commercial

Practices for Acquiring Information Technology

Services

Briefing for the Subcommittee on Readiness and Management Support

Committee on Armed Services United States Senate

October 2001

Appendix Leading Commercial Practices for Acquiring Information Technology
Services

Page 4 GAO- 02- 214 Outsourcing IT Services Briefing Overview

! Background

! Objective, Scope, and Methodology

! GAO?s IT Outsourcing Framework

Appendix Leading Commercial Practices for Acquiring Information Technology
Services

Page 5 GAO- 02- 214 Outsourcing IT Services Background

The Department of Defense (DOD) is the federal government?s largest consumer
of information technology (IT) resources, spending $21.7 billion on IT in
fiscal year 2001. For this reason, it is critical that DOD adopt effective
IT acquisition practices.

Since 1996, GAO has conducted a series of studies for the Senate Armed
Services Committee concerning how DOD can improve its acquisition of major
weapons systems by adopting certain practices of leading commercial
organizations. Based on such studies, GAO has made recommendations intended
to improve DOD processes for increasing productivity and reducing costs.
While the department is making efforts to improve its practices for
acquiring major weapons systems, concerns remain about IT acquisition
management improvements and outcomes. For this reason, the Subcommittee on
Readiness and Management Support requested GAO to examine a full range of IT
acquisition issues, including defining requirements, capital planning and
investment controls, and performance- based information management.

To address these broad IT acquisition issues, GAO began work to identify
leading commercial practices for acquiring IT services. These practices are
expected to form a basis for comparison and contrast with existing DOD IT
acquisition practices.

Appendix Leading Commercial Practices for Acquiring Information Technology
Services

Page 6 GAO- 02- 214 Outsourcing IT Services Objective, Scope, and
Methodology

Our objective was to identify leading commercial sector practices for
acquiring IT services. We were interested in identifying effective practices
used across a variety of organization types and structures. We wanted to
address the full range of activities, beginning with how organizations make
sourcing decisions to managing relationships with selected providers.

We focused on practices that were most critical, rather than the full set of
practices that could be implemented. In doing so, we asked commercial firms
to provide examples of how such critical practices are implemented. Our goal
was to use this information to develop an evaluation framework that could
provide a basis for comparison and contrast between commercial and federal
(DOD and civilian) IT acquisition practices.

Our study determined that commercial firms use the term ?outsourcing? to
describe activities associated with acquiring IT services. Based on our
research, we developed the following definition for IT outsourcing:

IT outsourcing describes the activities associated with acquiring IT
services from one or more external providers. During outsourcing, a client
organization transfers responsibility for one or more IT services to one or
more external providers. This responsibility is executed through control and
management of the processes, people, and technology associated with these
services.

Appendix Leading Commercial Practices for Acquiring Information Technology
Services

Page 7 GAO- 02- 214 Outsourcing IT Services Objective, Scope, and
Methodology (cont.)

The diagram below graphically depicts the roles of the client and provider
organizations in an outsourcing relationship as described in our definition:

To identify leading commercial sector practices for IT outsourcing, we first
reviewed existing research and consulted the academic and professional
authorities listed below.

Existing Research

Commonwealth of Virginia Cutter Consortium Gartner Group, Inc. Harvard
Business School Michael F. Corbett Associates MITRE Corporation Sourcing
Interest Group The Conference Board

Academic/ Professional Authorities

John Halvey, International Law Firm of Milbank, Tweed, Hadley & McCloy Mary
Lacity, University of Missouri Wendell Jones, GrayHare Partners Outsourcing
Institute Technology Partners International

Provider

Provi der decides how to accomplish these results and is compensat ed

according to performance-based criteri a.

Client

Client tel ls the provider what results need to be achieved and then manages
for results.

Client may transfer people, equipment and facili ties to the provider.

Appendix Leading Commercial Practices for Acquiring Information Technology
Services

Page 8 GAO- 02- 214 Outsourcing IT Services Objective, Scope, and
Methodology (cont.)

We identified commercial organizations based on recognition by academic and
professional authorities and publications over the past several years. We
selected organizations with diverse characteristics to gain a broad
perspective on how specific practices are implemented. These characteristics
included business sector, geographic reach, number of employees, and annual
revenues. We interviewed executives and managers at the following
organizations:

Client Commercial Organizations

ALCOA DuPont ENRON Energy Services General Motors JP Morgan Chase Meredith
Unisys

Provider Commercial Organizations

Electronic Data Systems Computer Sciences Corporation

Our study confirmed a number of practices that commercial organizations use
in IT outsourcing. We consolidated these practices and categorized them into
seven phases that were common among our case study organizations. These
phases span the full range of activities that are performed during IT
outsourcing.

Our research also identified three factors that were critical to successful
IT outsourcing. These critical success factors represent capabilities
exhibited by each of the organizations we studied and impacted their ability
to successfully perform the practices across multiple phases.

The relationship of phases, practices, and critical success factors forms a
general IT acquisition management framework.

We obtained comments on a draft framework from leading IT acquisition
experts listed earlier as well as all of the case study organizations used
as examples. All endorsed the value of the framework for helping decision-
makers and practitioners improve IT outsourcing results.

Appendix Leading Commercial Practices for Acquiring Information Technology
Services

Page 9 GAO- 02- 214 Outsourcing IT Services IT Outsourcing Framework

The framework is represented graphically below as a hierarchy of phases,
practices, and critical success factors.

The framework is described in detail on the following pages. Each phase is
briefly defined and described, practices are identified, and an example
provided by one or more of the commercial firms we studied. Finally, each of
the three critical success factors is identified and defined, followed by
examples of how the critical success factors can be demonstrated.

The arrow from phase VII to phase I represents the need to reflect on
lessons learned from previous phases. The arrows between phase III and IV
represent the iterative nature of developing the contract and selecting the
provider. While there is a logical order to the sequence of the common
phases, the order of the practices within each phase does not imply any
priority or sequence. Unless indicated otherwise, the practices are stated
from the perspective of the client organization.

I Determine

Sourcing Strategy Phases

II Define Operational

Model III

Develop the Contract

IV Select

th e Provider(s)

V Transition to Provider(s)

VI Manage Provider(s) Performance

VII Ensure Services

Are Provided

Practices Practices Practices Practices Practices Practices Practices
Executive Leadership Partner Alignment Relationship Management Critical

Success Factors

Appendix Leading Commercial Practices for Acquiring Information Technology
Services

Page 10 GAO- 02- 214 Outsourcing IT Services Phase I: Determine Sourcing
Strategy

Definition: Client organizations determine whether internal capability or
external expertise can more effectively meet IT needs.

Description: It is a fundamental premise that IT plans must align with
corporate strategic plans. Close coordination will lead to more efficient
and effective use of IT resources: corporate strategic objectives can be
better met and investments in information technology better justified.
Optimizing and baselining of internal IT processes provides an organization
with the information to make a sourcing decision of whether to continue with
the internal provision of IT services or changing to an outsourced
arrangement with one or more external providers. When IT services are
outsourced the risk of losing close alignment between corporate and IT
objectives is greater than with internal IT service provision. Many firms
have recognized this risk and consider its impact when making their sourcing
decisions and developing strategies for its mitigation.

Practices:

! Examine how IT will support business processes when evaluating sourcing
strategies.

! Use third- party assistance with experience in a variety of sourcing
arrangements when formulating a sourcing strategy.

! Incorporate lessons learned from peers who have engaged in similar
sourcing decisions.

Appendix Leading Commercial Practices for Acquiring Information Technology
Services

Page 11 GAO- 02- 214 Outsourcing IT Services Practices (cont.):

! Estimate the impact of the sourcing decision on the internal organization
as well as the impact on enterprise alliances and relationships.

! Consider optimizing IT and business processes before deciding on a
sourcing strategy.

! Benchmark and baseline productivity of internal services prior to making
the final sourcing decision.

! Consider starting with a representative service or selective set of
services to outsource; balance against economies of scale.

! Determine the business reasons for outsourcing IT. Leading organizations
identified the following business reasons:

- To expand the geographic reach of the organization without increasing
internal resources for IT

- To respond more quickly to business and industry changes by leveraging the
experience of an external service provider

- To predict operating costs better by contracting for IT services using a
standard unit of measure

- To reduce capital investments by shifting ownership of IT resources to
external service provider

- To focus internal resources on core business competencies by transferring
responsibility of IT services to external provider

Appendix Leading Commercial Practices for Acquiring Information Technology
Services

Page 12 GAO- 02- 214 Outsourcing IT Services Practices (cont.):

! Determine the reasons for outsourcing IT that can improve the
organization?s ability to use and manage technology. Leading organizations
identified the following technology based reasons:

- To gain quicker access to technology skills that are in high demand

- To acquire the flexibility to grow and shrink high- tech skills as needed

- To gain access to enhanced hardware and software

- To acquire the ability to refresh hardware and software as needed

- To aggregate the demand for IT resources (e. g., skills, hardware,
software, and telecommunications) from across the organization

- To achieve a more standardized IT environment, including hardware,
software, and telecommunications

Appendix Leading Commercial Practices for Acquiring Information Technology
Services

Page 13 GAO- 02- 214 Outsourcing IT Services Example: Determine Sourcing
Strategy

In 1996 GM spun off EDS and established an outsourcing relationship with it
as a separate company. GM hired a corporate CIO to set a vision, develop
strategy, address issues, and manage the new relationship with EDS. As a
member of GM's highest level governing board, the corporate CIO believes
that he is able to elevate technology issues with business leaders and
generate executive support for integrating IT into the corporate strategy.
In his role since 1996, he has pursued competitive outsourcing and business-
line ownership of IT initiatives. As a result, GM now outsources with
multiple vendors guided by highly skilled managers. GM has also taken
advantage of the tighter integration of corporate and IT strategic planning
to enable its organization to provide more rapid adaptation to changing
markets and to better plan for future needs.

Appendix Leading Commercial Practices for Acquiring Information Technology
Services

Page 14 GAO- 02- 214 Outsourcing IT Services Phase II: Define Operational
Model

Definition: Client organizations formalize executive leadership, team
composition, client responsibilities, and operating relationships between
client and provider organizations.

Description: Critical to a successful outsourcing relationship is an
operational model for guiding the structure of the contract and plans for
transition. The operational model helps the organization compare its plans
against the expectations that were set as the initial decision to outsource
was made, and to ascertain whether these plans will enable the organization
to meet those objectives. One aspect of the operational model is an explicit
understanding of how the client organization plans to communicate its needs
and feedback to the provider. Communication between business lines and the
IT organization is always critical to the success of the IT organization.
When the IT service provider is outside the client organization, as it is in
the case of IT outsourcing, discontinuities between organizations are more
likely and organizational processes to facilitate good communication are
even more critical.

Practices:

Client executive leadership

! Establish executive leadership for IT to facilitate the outsourcing
initiative.

! Continually communicate and clarify outsourcing objectives, while
correcting any misinformation that affects the organization.

Appendix Leading Commercial Practices for Acquiring Information Technology
Services

Page 15 GAO- 02- 214 Outsourcing IT Services Practices (cont.):

Client team composition

! Establish a core group of people who will be involved in all phases of
outsourcing.

! Select a person who will be involved in the negotiation of the contract to
manage the outsourcing relationship. The outsourcing project manager should
be on the negotiation team, though not the lead negotiator.

Client responsibilities

! Align IT and business objectives.

! Monitor and fully understanding billing statements.

! Manage provider performance, including auditing provider performance data.

! Define strategic objectives and consider the creation of a position
responsible for strategic sourcing decisions.

! Create and define contract management structure with operational points of
contact and managers.

! Define the role of internal IT managers and business leaders.

! Consider the number of managers needed when outsourcing to multiple
providers (i. e., two or more providers do not necessarily require more
managers than one provider).

Appendix Leading Commercial Practices for Acquiring Information Technology
Services

Page 16 GAO- 02- 214 Outsourcing IT Services Practices (cont.):

Client responsibilities (cont.)

! Ensure that the right skills are in place to support the outsourcing
relationship, including those dealing with

- contract management

- financial management

- IT management

- negotiation strategies

- teaming and interpersonal relationships

- project management

- relationship management

Appendix Leading Commercial Practices for Acquiring Information Technology
Services

Page 17 GAO- 02- 214 Outsourcing IT Services Practices (cont.):

Client- provider relationship

! Establish a point of contact high in the provider management structure for
elevating provider performance concerns.

! Have provider establish an on- site support team to serve as liaison
between client and provider.

! Train provider on client business environment and goals.

! Select or develop standard tools for managing the relationship (e. g.,
performance scorecards, an enterprise resources management system).

! Identify and use standard processes for managing the relationship and use
consistent (though not necessarily the same) processes when dealing with
multiple providers.

! Use third- party assistance to take advantage of expertise from a variety
of outsourcing arrangements in defining the operational model (i. e.,
defining roles and responsibilities).

! Ensure the provider management team has prior experience in the client?s
field of business.

! Understand the organizational structure of the provider and who is
empowered to make decisions.

Appendix Leading Commercial Practices for Acquiring Information Technology
Services

Page 18 GAO- 02- 214 Outsourcing IT Services Example: Define Operational
Model

DuPont's IT management structure, illustrated at right, is intended to
facilitate the alignment and integration of IT with DuPont's business units.
The corporate CIO is at the head of the structure (the fan's pivot point)
and receives input from a collective leadership team composed of the top
100-- 150 senior IT leaders from across DuPont.

The management structure also includes DuPont's two- vendor alliance
members, CIOs for each of its six regions worldwide, and CIOs for each
business unit. Finally, "functional" IT management groups service each
business unit. This management structure is designed to build consensus by
facilitating communication across the client organization and provider
organizations on IT issues.

IT Management Groups Business Unit CIOs

Regional CIOs Alliance Partners Senior IT Leadership

Collective Leadership

CIO

Appendix Leading Commercial Practices for Acquiring Information Technology
Services

Page 19 GAO- 02- 214 Outsourcing IT Services Phase III: Develop the Contract

Definition: Client organizations establish the legal terms for the IT
outsourcing relationship.

Description: The contract defines the legal terms of the relationship
between client and provider. It sets the expectations for service levels,
delivery of essential services, continuous improvement, and is intended to
protect the interests of all parties. The client protects its most critical
requirements by capturing them as fundamental expectations, upon which
simplified agreements are later built. While other phases in the outsourcing
process describe the need for mutual trust and a close, flexible, working
relationship; this phase focuses on the development of a contract that is
the foundation on which that working relationship will be built. For this
reason, it is critical for the client, perhaps with third party assistance,
to articulate clear contract terms.

Practices:

Performance requirements and service level agreements

! Base performance requirements on business outcomes.

! Include measures that reflect end- user satisfaction as well as technical
IT performance.

! Review and update performance requirements periodically.

! Require the provider to meet minimum performance in each category of
service.

! Require the provider to achieve escalating performance standards at
agreed- upon intervals.

Appendix Leading Commercial Practices for Acquiring Information Technology
Services

Page 20 GAO- 02- 214 Outsourcing IT Services Practices (cont.):

Performance requirements and service level agreements (cont.)

! Incorporate sufficient flexibility so that minimum acceptable performance
can be adjusted as conditions change, as the provider becomes more adept at
satisfying customer demands, and as improvement goals are achieved.

! Use service level agreements (SLAs) to clearly articulate all aspects of
performance including management, processes, and requirements.

! Client and provider work together to define an appropriate number of SLAs
and appropriate structure for each. The type of service being provided and
the number of services being supplied by the provider may drive the number
and structure.

! Specify circumstances under which the provider is excused from performance
levels mandated by master service agreements.

! Client and provider work together to identify SLAs for which compensation
is based, while additional ones may be defined to manage performance.

Appendix Leading Commercial Practices for Acquiring Information Technology
Services

Page 21 GAO- 02- 214 Outsourcing IT Services Practices (cont.):

Contract content

! Contract must be flexible enough to adapt to changes in the business
environment (e. g., mergers/ acquisitions).

! Contract should include clauses for, among other things,

- determining pricing structures (e. g., include explicit remedies if
benchmarking demonstrates that multiyear price schedules are no longer
competitive)

- performing customer satisfaction surveys and using the results to redefine
performance levels

- terminating the contract, including early termination (e. g., consider
prohibiting the provider from making unusual offers to retain provider
employees, while enabling the client to hire provider employees in the event
of contract termination)

- resolving disputes in a timely manner

- taking work away, without penalty, from provider for nonperformance

- declaring a significant event that can lead to a change in the contract
(e. g., volume deviation by fifteen percent (15%))

- defining performance requirements (e. g., continuously improving
performance levels)

- conducting regularly scheduled meetings

Appendix Leading Commercial Practices for Acquiring Information Technology
Services

Page 22 GAO- 02- 214 Outsourcing IT Services Practices (cont.):

Contract development/ negotiation process

! Allow time to negotiate the contract (e. g., up to 12 months).

! During negotiation process, protect fundamental requirements identified in
the request for proposals.

! Consider setting up a master services agreement under which all
arrangements between client and provider operate.

! Include appropriate representation from each major organizational unit on
contract negotiation team.

! Specify the use of volume purchases to obtain optimal discount.

! Consider performing work over the duration of the contract (e. g.,
incremental refresh of technology instead of a single comprehensive
technology refresh).

! Negotiate contract to fill needs in most cost- effective way possible.

! Set aside funds to pay for services that may have been overlooked during
contract negotiation and to resolve disputes.

! Use third- party assistance in negotiating and developing the contract.

! Conduct periodic contract modifications and renegotiations.

! Ensure continuity of contract knowledge and experience throughout the
effective life of the contract.

! Sign contract after contract negotiations and final vendor selections.

Appendix Leading Commercial Practices for Acquiring Information Technology
Services

Page 23 GAO- 02- 214 Outsourcing IT Services Example #1: Develop the
Contract

Based on its experience, Meredith Corporation offers advice to client
organizations that are considering external service providers. When
executing IT outsourcing contracts, Meredith highly recommends that the
client hire an outside legal firm. The client should insist on terms that
allow for the early termination of the contract and specify language that
allows the client to immediately hire the outsourcing firm?s employees in
the event of contract termination.

Example #2: Develop the Contract

GM uses a master services agreement to structure arrangements with each of
its primary service providers. It uses a third party to help negotiate
contracts. GM identifies an initial set of metrics for all three parties to
discuss and agree to, prior to executing a contract, in the service- level
agreements. The metrics are reviewed monthly and updated as appropriate.
Additionally, continuous improvement is built into the contract to elevate
performance levels annually and for the entire term. Penalties are assessed
based on failures associated with the delivery of specific services as well
as certain one- time deliverables specified in the servicelevel agreement.

Appendix Leading Commercial Practices for Acquiring Information Technology
Services

Page 24 GAO- 02- 214 Outsourcing IT Services Phase IV: Select Provider( s)

Definition: Client organizations find one or more providers who can help
them reach their IT outsourcing goals.

Description: Once an organization has determined the strategic goals of
outsourcing its IT services, has defined the operational model for its
outsourcing, and has begun to develop an understanding of the essential
contractual requirements, it can then begin to identify providers that can
meet its needs. It is critical that the client organization conduct market
research to determine which vendors can provide services to achieve its
objectives. In some cases, the field of competitors may be small. In fact,
some large private- sector corporations have found that no single provider
can meet all of its needs. Managing multiple vendors can be challenging for
client organizations that must oversee each vendor separately as well as
coordinate among vendors. An alternative approach is to develop an alliance
among a group of providers, with a prime contractor and a team of support
vendors.

Practices:

! Conduct research on state of the market, vendors, and technology before
defining vendor selection criteria.

! Identify and evaluate various sourcing solutions (e. g., single vendor,
multivendor, and alliance).

! Define a process for selecting vendors to be providers (e. g., issuing a
request for proposals and prequalifying vendors).

! Define vendor selection and evaluation (acceptance) criteria at the outset
(e. g., cultural fit, skill set, industry knowledge, proposed transition
plan, past performance, and reputation).

Appendix Leading Commercial Practices for Acquiring Information Technology
Services

Page 25 GAO- 02- 214 Outsourcing IT Services Practices (cont.):

! When issuing a request for proposals, identify services with expected
performance levels and define client and provider roles and
responsibilities.

! Use third- party assistance with expertise in a variety of outsourcing
arrangements when selecting provider( s), including developing the request
for proposals.

! Conduct due diligence activities to verify vendor capabilities before
signing the contract (e. g., conduct past performance and reference checks
as part of the evaluation).

! Make final vendor selections after contract negotiation.

Appendix Leading Commercial Practices for Acquiring Information Technology
Services

Page 26 GAO- 02- 214 Outsourcing IT Services Example #1: Select the
Provider( s)

JP Morgan asked three leading IT service providers in the market to identify
partners for providing IT services. It chose to select a team of providers
(1) because it believed that no one company could provide all services
needed, and (2) to get access to the best skills as needed (i. e., JP Morgan
could increase or decrease resources depending on the needs of the
business). JP Morgan believed that an alliance provided access to the full
breadth of expertise required and reduced risk, without having to contract
separately with each provider and then coordinate among them.

Example #2: Select the Provider( s)

DuPont explored multivendor as well as single- vendor strategies for meeting
its needs, before settling on a two- vendor alliance. DuPont believed that
multivendor solutions required too many points of contact and difficulty in
integrating multiple vendors with many in- house groups. Conversely, one
provider could not provide all of the IT services DuPont required. A two-
vendor alliance, in contrast, required a small increase in administration
and coordination, and allowed DuPont to leverage the strengths of two
providers, while fostering competition in strategic areas. In this alliance,
DuPont chose to segment IT services such that one vendor has primary
responsibility for infrastructure and business- specific applications, while
the second has responsibility for enterprise- wide applications. New
solutions or the replacement of any application solution can be bid
competitively to either alliance partner or any other qualified third party.

Appendix Leading Commercial Practices for Acquiring Information Technology
Services

Page 27 GAO- 02- 214 Outsourcing IT Services Phase V: Transition to
Provider( s)

Definition: Client organizations transfer responsibility of IT functions to
one or more providers.

Description: A transition plan can help make the move from internal to
external IT services a smooth and successful one. The clear definition of
responsibilities and the careful consideration of employees? needs matched
against the organization?s needs enables both the client and provider to
focus on responsibilities that they can execute successfully, and will give
staff confidence in their future employment.

Practices:

! Communicate a clear transition process to all key players from both client
and provider organizations.

! Clearly communicate to employees what is going to happen and when it is
going to happen.

! Continue to communicate changes to employees as they occur.

! Handle resistance to change with meetings between upper management and
employees.

! Shift management mindset from allocating resources to managing for
results.

! Shift corporate attention from non- core business functions to core
business functions.

! Establish client transition team with representatives from across the
organization to facilitate the transition.

Appendix Leading Commercial Practices for Acquiring Information Technology
Services

Page 28 GAO- 02- 214 Outsourcing IT Services Practices (cont.):

! Place transition under single program manager.

! Create client/ provider transition teams to address short- term transition
tasks as required.

! Recognize that it takes time to effect transition and plan accordingly.

! Encourage transition of staff to provider, where appropriate, using
bonuses, stock options, and other appropriate methods.

! Develop employee- retention programs and offer bonuses to keep key people,
where appropriate.

! When consistent with organizational objectives, assist employees who do
not want to transfer in finding other jobs, either within the organization
or at another organization.

! Document key information to preserve organizational knowledge in the event
that one or more providers change.

! Use change management strategies to help client employees deal with the
transition.

Appendix Leading Commercial Practices for Acquiring Information Technology
Services

Page 29 GAO- 02- 214 Outsourcing IT Services Example: Transition to
Provider( s)

In July 1995, JP Morgan transferred 1500 people, including existing
contractors, to its new service providers. Employees were transferred to
each of the provider companies based on their roles at that time, and the
providers worked to make sure that comparable benefits were offered to
transferred employees. Planning for the transition of the provision of
technology was a joint responsibility of all the companies, but managed by
JP Morgan. Building the new joint IT team was primarily JP Morgan's
responsibility, with cooperation from the other providers. For example, a
management committee made up of senior IT executives from JP Morgan and all
provider companies was put in place to get the new arrangement up and
running.

JP Morgan had planned for this by designing a new operating model that had
three distinct disciplines: Plan, Build, and Operate. Plan included the
overall IT Strategy and Architecture and was JP Morgan?s responsibility.
Build, which include technology product selection and roll out, was the
combined responsibility of JP Morgan and the providers. Operate was the
primary responsibility of the providers. Interfaces at each level along with
new roles created on both sides to accommodate the operating model. JP
Morgan believes the roles allowed for the authorization of work, decisions
to be communicated, and problems to be managed. Over time, as roles and
responsibilities became clear, JP Morgan?s focus shifted from operating to
managing. The transition plan provided for the transfer of people to the
provider, as well as a framework for understanding future roles and
responsibilities of the client and providers. JP Morgan is now reviewing
this model since its merger with Chase Manhattan.

Appendix Leading Commercial Practices for Acquiring Information Technology
Services

Page 30 GAO- 02- 214 Outsourcing IT Services Phase VI: Manage Provider( s)
Performance

Definition: Client organizations make sure each provider is meeting
performance requirements.

Description: Frequent, clear communication between client and provider
ensures that potential problems are identified and resolved before they
cause disruptions. Publication of performance data creates an open
atmosphere that builds confidence and enables stakeholders to review
progress toward goals.

Practices:

Incentives and Penalties

! Consider incentives to motivate provider( s) to exceed performance
requirements (e. g., exceed number of hardware installations).

! Use penalties to motivate provider( s) to meet performance requirements.

- Assess penalties for failure to perform as required by individual service
as well as aggregate service levels.

- Apply penalties in the form of credit to the client.

- Increase penalty for recurring deficient performance.

- Hold back percentage of provider?s pay for a particular service until
performance requirements are met.

- Refund the penalty if the provider returns to agreed- upon performance
levels within a designated period of time.

- Ensure the provider will cover costs, but not profit when a particular
performance requirement is not met.

Appendix Leading Commercial Practices for Acquiring Information Technology
Services

Page 31 GAO- 02- 214 Outsourcing IT Services Practices (cont.):

Performance monitoring mechanisms

! Periodically undertake studies to assess how the provider?s performance
compares with value being delivered to similar clients and the extent to
which the provider's performance is improving over time (e. g., validate
cost assumptions for multiyear contracts).

! Schedule periodic working- level meetings with both the end- user groups
and the provider to review provider?s performance.

! Conduct executive- level oversight meetings with the provider?s senior
management to review provider?s performance.

! Distribute performance data to stakeholders.

! Reserve audit rights on performance data supplied by the provider.

! Ensure that provider measures and reports on performance.

! Work with provider to redefine service levels, as appropriate.

! Sample performance data frequently enough to perform trend analysis and to
permit extrapolation based upon historical data.

! Allow employees and possibly stakeholders to rate provider on a regular
basis (e. g., scorecards and quarterly report cards).

Appendix Leading Commercial Practices for Acquiring Information Technology
Services

Page 32 GAO- 02- 214 Outsourcing IT Services Example: Manage Provider( s)
Performance

GM reports weekly and monthly to business unit CIOs on the performance of
its service provider. In addition, frequent meetings are held with the
service provider to discuss issues, review service- levels, and conduct root
cause analysis of reported problems. These meetings ensure that both
companies have the same view of the quality of the service being provided,
as well as a set of action items designed to improve performance when
necessary. Weekly steering committee meetings are held with the program
managers to address problems and perform strategic planning. Additionally,
frequent interactions with end users and regular evaluation of service
levels help ensure that end users understand the service level commitments
versus attainment, and the provider understands end user needs.

Appendix Leading Commercial Practices for Acquiring Information Technology
Services

Page 33 GAO- 02- 214 Outsourcing IT Services Phase VII: Ensure Services Are
Provided

Definition: Client organizations make sure that services are provided and
enduser needs are met.

Description: Although the focus of outsourcing is on provider performance,
client organizations remain ultimately responsible for making sure that
services are provided and end- user needs met. The previous phases addressed
the extensive preparation that must precede the providers? assuming
responsibility for services. Much of this responsibility is defined by the
terms of the contract developed in phase III, then monitored by the
performance management practices described in phase VI. However, during the
course of work, the client organization learns more about the capability of
the provider, and opportunities to improve services thereby arise.
Additionally, market conditions may change and an arrangement that was once
advantageous to a client may become less so over time. Therefore, it is
important for the client to monitor service levels internally as well as
maintaining an external view of the performance of other providers in its
industry. Periodic benchmarking allows the client to ascertain whether it is
still obtaining good value from its provider.

Practices:

! Monitor the provider?s work to anticipate issues for resolution.

! Conduct periodic meetings to resolve issues jointly with provider.

! Document and maintain organizational knowledge.

! Make sure provider uses the standard tools and processes defined as part
of the operational model.

! Use provider performance data to continuously improve processes.

! Pursue improvement based on customer satisfaction surveys.

Appendix Leading Commercial Practices for Acquiring Information Technology
Services

Page 34 GAO- 02- 214 Outsourcing IT Services Practices (cont.):

! Have provider ensure that adequate and appropriate resources are available
to perform services.

! Ensure that an appropriately empowered individual from the client
organization oversees work.

! Set realistic time frames that are agreed to by the provider.

Appendix Leading Commercial Practices for Acquiring Information Technology
Services

Page 35 GAO- 02- 214 Outsourcing IT Services Example: Ensure Services Are
Provided

In recent years the cost per unit of telecommunications service to major
businesses has been steadily declining. For example, a major information
technology company has, historically, entered into multiyear (2- 3 year)
contracts with its major telecommunications providers. However,
telecommunications companies are commonly reluctant to commit to ?forward
pricing? that adequately reflects a continuing price decline 2 or 3 years
into the future, in a contract in effect today. To ensure that the company
pays competitive rates for service, it monitors the fees assessed by its
telecommunications providers vs. the marketplace, and includes mid- term
renegotiation clauses in all of its major agreements. This has led to
continual refreshing of contracted rates which has allowed the company to
consistently benefit from industrywide price reductions.

Appendix Leading Commercial Practices for Acquiring Information Technology
Services

Page 36 GAO- 02- 214 Outsourcing IT Services Critical Success Factors

Our research identified three factors that are critical to successful IT
outsourcing:

executive leadership, partner alignment, and relationship management. The
organizations we studied identified certain capabilities that were essential
for implementing the practices defined in the framework. We term these
important capabilities critical success factors.

Executive leadership strengthens the interaction between executive
management and the employees of the client organization. A strong executive
commitment is intended to secure organizational buy- in from the client for
the external providers. Partner alignment strengthens the interaction
between the client and provider organization at the executive level, which
ensures that the goals and objectives of these organizations support each
other. Relationship management

strengthens the interaction between the client and provider organization at
the operational level. A smooth and constructive daily interaction between
client and provider at the operational level is crucial to achieving the
expectations of the outsourcing arrangement. The presence of these factors
is essential for the successful execution of the outsourcing arrangement.

Appendix Leading Commercial Practices for Acquiring Information Technology
Services

Page 37 GAO- 02- 214 Outsourcing IT Services Critical Success Factor #1:
Executive Leadership

Executive leadership is key to obtaining and maintaining organizational
support for IT outsourcing. Communication begins with top- level executives
and flows downward. This flow of information is initiated when the
organization starts its efforts and should continue through the outsourcing
process as new decisions are both considered and reached. The following
activities are examples of how executive leadership can be demonstrated:

! Keep the entire organization informed throughout the outsourcing
initiative.

! Conduct regular peer- to- peer meetings at each level in the organization.

! Secure key executive support before eliciting organizational support.

! Establish a communications team to promote the idea of outsourcing.

Appendix Leading Commercial Practices for Acquiring Information Technology
Services

Page 38 GAO- 02- 214 Outsourcing IT Services Critical Success Factor #2:
Partner Alignment

Aligning client and provider objectives in a partnership is key to building
consensus and is imperative to establishing early trust among all
stakeholders. For this alignment to occur, the client and provider must work
together to establish common project goals beyond the objectives stated in
the request for proposals. Both sides must recognize and understand each
other?s underlying motives and strive to achieve established expectations.
The following activities are examples of how partnership alignment can be
demonstrated:

! Enlist upper- management support from both sides.

! Work with provider to determine business direction, identify available
technology, and requirements for meeting end- user needs.

! Client works with provider?s senior executives to develop a multiyear view
for the outsourcing relationship.

Appendix Leading Commercial Practices for Acquiring Information Technology
Services

Page 39 GAO- 02- 214 Outsourcing IT Services Critical Success Factor #3:
Relationship Management

Relationship management is key to ensuring daily communication and resolving
issues. Relationship management goes beyond the structure of the contract.
The client develops and employs standard processes to manage the
relationship in areas such as resolving issues/ concerns and initiating/
directing work. Responsibility is executed through control and management of
the processes, people, and technology associated with the IT functions. The
following activities are examples of how relationship management can be
demonstrated:

! Client and provider management strategies are flexible enough to adapt to
business changes.

! Handle resistance to change with meetings between upper executives from
both sides and lower- level client employees.

! Active lines of communication are kept open between the client and
provider throughout the process.

(310429)
*** End of document. ***