10 Things You Need To Do If You Are Outsourcing an Activity

There is a growing trend towards organisations relying on outsourced service providers (OSPs) to deliver (often key) elements of their overall service. When you surrender service activities to a third party, how can you be certain that the OSP is operating to the standards you require? This can be of particular concern if your organisation is a regulated entity as regulators often demand that certain standards of practice are maintained.

There are many things that you should or could be doing to ensure that OSP performances do not put your service levels at risk. In this blog post we have picked what we consider to be the ten most important measures that will allow you to quickly assess how your outsourced arrangements are standing up against expected behaviour. For larger organisations, it’s worth noting that pretty much all of the points below can be applied to intra-group outsourcing as well.

  1. Before appointing an OSP, conduct your own careful due diligence on the service providers being considered – we recommend using an industry standard Due Diligence Questionnaire. Continue to do due diligence throughout the relationship. This is often a regulatory requirement / expectation.
  2. Put a formal written contract in place with the chosen service provider and ensure that it has the approval of the Board / Governing Body and review it periodically.
  3. Be clear about the levels of service and standards that need to be achieved and establish the Key Performance Indicators (KPIs). Be sure to document these in any Service Level Agreements you put in place with your OSP.
  4. Put one person in charge of the relationship with the OSP.
  5. Monitor your service providers on a regular basis against the agreed levels of service and standards.
  6. Conduct periodic reviews of service providers’ operations and processes.
  7. Review your service providers’ business continuity plans, data back-up procedures and data protection arrangements to ensure they are appropriate.
  8. Put a plan in place for responding to a service provider suffering a disruption to their business.
  9. Maintain awareness of alternative service providers who can provide the same service.
  10. Retain a reasonable level of the skills and expertise required to carry out the outsourced activity or function in-house in case the need ever arises for you to take back the activity.

Lastly, you should retain evidence that demonstrates you are doing all of the above.

Good guidance stems from a robust policy. If you would like to receive an example of an Outsourcing Policy to help get you on the road to better outsourcing, click here.

Click here to register for our upcoming webinar on the Fundamentals of Third-Party Risk Management. This webinar takes place on Aug 26th at 10.30am BST.

Recent News

Federation of Irish Sport announce three-year partnership CalQRisk

The Federation of Irish Sport is delighted to announce GRC software provider CalQRisk as its latest partner. The ...
Read More

10 Things You Need To Do If You Are Outsourcing an Activity

There is a growing trend towards organisations relying on outsourced service providers (OSPs) to deliver (often key) elements ...
Read More

Oaklee Housing implement CalQRisk

Oaklee Housing, one of Ireland’s most ambitious providers of customer-focused housing and support services have partnered with CalQRisk ...
Read More

The Five Pillars of Operational Resilience

The Five Pillars of Operational Resilience The Basel Committee (on Banking supervision) defines operational resilience as “the ability ...
Read More

The Charitable Purpose – the Touchstone for the Organisation

The Charitable Purpose – the Touchstone for the Organisation Many corporate mission statements are simply clever PR, designed ...
Read More

Webinar – Fundamentals of Anti-Money Laundering for Credit Unions

Webinar - Fundamentals of Anti-Money Laundering for Credit Unions We have teamed up with ID-Pal and Corrib Point to organise a CPD ...
Read More

10 Things you should know about Operational Resilience

10 Things you should know about Operational Resilience   Operational Resilience is the ability of an organisation to ...
Read More

Evidencing compliance with the Charities Governance Code – Webinar

Evidencing compliance with the Charities Governance Code - Webinar Good governance involves putting in place systems and processes ...
Read More

Risk Appetite – what does ‘good’ look like?

Risk Appetite - what does 'good' look like? Let’s begin with a definition of Risk Appetite. ISO 31000 ...
Read More

Charities Governance Code – Principle 4: Exercising Control… what’s that all about?

CalQRisk Analysis - Inside the Charities Governance Code Charities Governance Code – Principle 4: Exercising Control … what’s ...
Read More