Risk in general can not be eliminated but it should be managed. The likelihood of geo-political risk and security exchange risk of any IT sourcing partners located at India was very low three months ago. It is not low any more due to the recent terror attacks at Mumbai and last week financial scandal by the Satyam services and recent world bank backlists Wipro
Tension between India and Pakistan has been there for past 45 years and Kashmir is the center piece of the conflict. Three wars were fought between these nations after their independence. Yearly, there were thousands of people died on both sides for so many years. Both nations have nuclear weapons tested in last ten years. This is a known fact and the likelihood of any major conflict that would impact the out sourcing business was not ignored but, before few months ago, the probabability of occurence was assigned as low as zero.
Mumbai terror attack caught many corporate America’s attention because the attack was strategically planned by terrorist mainly to get corporate America’s attention. It was executed during the Thanks giving holiday when majority of the American people spend their time with family eating turkey and watching TV (Lions and Dallas cowboys football games). Unlike terror bomb blast attacks, this attack was prolonged for three to four days and constanly the progress of the attack was updated in the television. (Human mind believes what it sees more) The geo-political risk what was considered as low as zero before in selecting the sourcing partner from India has increased significantly after this terror attack. It is not as low as zero from any out sourcing assessment.
Satyam scandal is India’s Enron scandal. What happend after Enron collapse? There were more regulation introduced, more stringent fedral, SEC policies and resulted in SOX. Does SOX will ensures that Enron similar debacle will never repeat in US again? In my opinion, I do not think so. It created more regulation and audit controls on IT general controls including processes, procedures, policies and etc. It is not guranteed to never repeat the similar corporate collapse, but it will make the corporate executives not easy to make the similar mistakes. Taking the reaction to Enron’s situation into consideration, I speculate, the similar steps will be taken by SEBI (similar to SEC in India) to tigthen the regulation in India.
How this is related to IT sourcing risk? Coincidently, Satyam is one of the top 5 sourcing provider to major clients in US. Had a client in US picked Satyam as their souring partner, they need to go through the motions and cycles to over come the Satyam’s situation which will not help the client in any form or shape to increase their productivity or their bottom line. In some case, if a client depends on Satyam for major core business functions, there are potential risk that their core operation would be interrupted due to this astronomical scandal by a sourcing provider. What happend to Satyam could happen to any sourcing provider or to any company managed by SEBI ? Adding fuel to the fire, world bank back lists Wipro, another major sourcing provider from India.
Based on the sourincg strategy and solution design, the risk management plan of sourcing strategy should consider these recent risks which are made visible to corporate America.