Follow sourcingfocus on Twitter

Mitigating risk in a post-Carillion world

by Barry Matthews, Partner, ISG

The shock waves from Carillion’s collapse continue to reverberate through businesses across all sectors. Its demise will have a knock-on impact in a whole host of ways: from those who had pensions with the construction firm, to those they banked with. It goes without saying that those who used Carillion as a supplier will be looking for a speedy solution to plug the gap.

Businesses and policy-makers alike have come forward to offer solutions. From introducing new codes of conduct, to “living wills” setting out what should happen in the event of a supplier’s insolvency, to a complete overhaul of public sector contracting, ideas abound as to how to ensure history is not repeated.

Sadly, a series of high-profile stories, from Carillion’s failure to Capita and BT Global Service’s financial difficulties, has served to dent the reputation of the outsourcing sector as a whole. These episodes have ignited a discussion about the balance of value and risk involved in contracting out portions of business. Many of these debates have been one-sided and ideologically driven. Outsourcing provides businesses with capabilities they don’t have in-house, and the ability to flex and scale those capabilities as it suits them. In many ways, not outsourcing can prove riskier – investing capital in property, skills and equipment that may not be needed in 12 months’ time can greatly expose an enterprise.

Nonetheless, many businesses will be asking whether their contracts are on safe ground. To those, I say that the key takeaway from these unfortunate episodes is not to abandon outsourcing, but that organisations must identify, manage and mitigate their risk.

First, conduct a review of your existing contracts. The modern sourcing landscape is complex, with organisations often managing multiple suppliers to deliver numerous niche functions. By revisiting these contracts, organisations will be able to gain a better understanding of which functions may be exposed. This doesn’t stop at a one-off or annual audit – there should be a continual process of reviewing and managing risk and exposure.

Once risk has been identified, it’s a case of mitigating it. A key part of this is to put together a disaster recovery plan. What will you do if the worst happens? Would you transfer the outsourced functions to another supplier? Would you move it back in-house? Businesses need to understand their options.

Beyond the worst-case scenario, there are a host of other considerations. General Data Protection Regulation (GDPR), for example, has become a key focus for those who advise organisations in this space. Enterprises must now understand who is responsible for protecting their data in an outsourcing relationship and that the arrangements are GDPR-compliant before ensuring that this is baked into contracts.

Finally, unfortunately, some outsourcing contracts do fail. Situations like Carillion are rare. More often, they fail because they’re unable to meet their original ambition. Advisors reduce that risk – independent consultants can monitor the health of relationships and providers and raise a red flag at the first sign of trouble. Getting this external, expert perspective is something that should be carefully considered by all organisations who outsource.

From revolutionising back-end business processes, to delivering a better service to customers in the front end, getting the right partner to tackle a problem is important. When contracts work, they can have transformational effects. The experience of Carillion shouldn’t deter businesses from outsourcing, but we can all learn lessons to defend against enterprise risk and build healthier, more fruitful supplier relationships.


  • Favicon
  • Digg Favicon
  • Facebook Favicon
  • NewsVine Favicon
  • Reddit Favicon
  • StumbleUpon Favicon
  • Technorati Favicon
  • TwitThis Favicon