For many US companies, understanding the total cost of IT talent services has always been challenging, and is even more concerning now as budgets and resources have tightened in a post-COVID-19 world. But as the need for change and innovation continues to grow, companies are rapidly shifting focus towards outsourcing as a solution to assisting in digital innovation.
Procurement commonly compares hourly rates because it’s an easy comparison. Well, not exactly. But the issue is that the invoice at the end of the month for a committed amount of work is what matters, not what the hourly rate states. Overtime, 45-hour billing weeks, etc. are ways offshore vendors distort billings and make your hourly rate look lower to win deals. So, how can you avoid additional costs associated with services provided by your outsourcing partner?
At SMC2 we find that many Global Insourcing Center RFPs ask for hourly rates as a selection criterion to support cost control or optimization. Hourly rates themselves are easy to compare but do not accurately reflect the actual costs to deliver services or projects. Fixed bids make an attempt at solving this issue, but are often laced with caveats and take a significant effort to understand scope.
Also, many people believe that although the rates in India are lower, it takes more resources to deliver the same value as a US resource. Ratios such as 3:1 or 2:1 are often cited, demonstrating a lack of understanding of India’s technical capabilities and, more so, the opportunity to optimize under a global team structure.
SMC2 has solved this issue by focusing on value generation instead of billable hours. Our teams are measured at the same level as their US counterparts in terms of productivity. This is expressed as 1:1 productivity. We provide the necessary time each week to guarantee a US-full time equivalent of contribution.
Steven Stephan, SVP of Global Services and Co-Founder, SMC Squared
Around the world, new regulations about the collection and usage of personal data are changing workflows for major organizations. Following the passage of legislation like General Data Protection Regulation (GDPR) in the EU and the California Consumer Privacy Act (CCPA), businesses are auditing privacy practices and creating much stricter guidelines when they select partners and vendors.
With tighter regulations about the way consumer data is collected and used, organizations have to increase scrutiny for every party that has access to personal data. The entire system is only as secure as the weakest part, so it’s more important than ever to vet external parties and maintain visibility into their data practices. Here are eight vital steps organizations can take to ensure that vendors aren’t jeopardizing data privacy compliance.
Step 1: Audit Your Existing Data Privacy System
Before you do anything else, examine what’s currently in place to understand the changes that need to be made to maintain compliance with new regulations. You want to avoid reinventing the wheel and make adjustments without slowing down the business or adding risks.
After that self-examination, conduct the same check on your network of vendors. It’s imperative that you have a 360-degree understanding of vendors’ business practices and overall reliability before entering or continuing business relationships.
SIG University student Hanne McBlain enrolled in the Certified Third Party Risk Management Professional (C3PRMP) Program while working at Information Services Group. She shares what she learned from her own experience with a data breach and how she is taking a proactive approach to IT vendor risk management to mitigate future business disruptions.
In times of cost-cutting, vendor management functions that include third party risk are often the first to go or be significantly reduced. Many senior executives fail to see the value these functions bring and are usually happy to cover third party risk as part of a general risk function.
Stakeholder Support is Critical
I previously worked for an organization that prided itself on not relying on third parties for any critical functions. Redundancy was abundant and built into every platform, and on the surface, there was not much to worry about when it came to third party risk.
During my time there things started to change. We convinced the organization to implement a third party risk management framework. But with no experience in this area, we were fighting an uphill battle. We managed to win support and quickly implemented standard due diligence and on-going monitoring of critical suppliers. The business stakeholders generally regarded the added due diligence and tracking as unnecessary and bureaucratic.