Establishing a management organization, clarifying the scope of outsourcing, strictly reviewing the system, and strengthening risk monitoring and incentive mechanism construction are important guarantees for commercial banks to prevent IT outsourcing risks. The grasp of outsourcing risks directly determines the success of information technology outsourcing. Fundamentally speaking, the process of preventing information technology outsourcing risks is to implement a comprehensive and effective management process for outsourcing activities.
Establishing an outsourcing affairs management organization To implement comprehensive and effective management of outsourcing, an outsourcing affairs management organization must first be established. Currently, in the outsourcing process of commercial banks, temporary agencies are only established to handle corresponding outsourcing matters when making outsourcing decisions, selecting outsourcers, or when legal disputes occur. The instability of the management organization results in the frequent transfer and loss of management personnel, weakens the full understanding of the outsourcing project, and affects the relationship between the two parties. Instability of personnel will inevitably cause discontinuity in management strategies, weaken the basis of cooperation and trust between the two parties, bring unnecessary trouble to the management and supervision of outsourcing projects, and affect the quality and progress of outsourcing services.
The outsourcing affairs management organization should be composed of bank strategic planning experts, outsourcing consulting experts, representatives of various departments who are familiar with the bank's business information flow relationships, information technology professionals, cost budget personnel, legal consultants, implementation management and coordination Personnel composition. Mainly responsible for conducting investigations and research on domestic and foreign industries, competitors and own information needs before outsourcing; identifying the core competitiveness of information technology; balancing benefits, costs and risks and making outsourcing decisions; formulating outsourcing construction technology standards; design outsourcing plans to avoid duplication of investment and information islands; evaluate the technical level and development capabilities of outsourcers, select contractors; sign outsourcing contracts; conduct comprehensive supervision, coordination and control of the outsourcing service process; handle disputes with existing outsourcers Outsourcing relationships; oversee and review technology decisions made by outsourcers; accumulate outsourcing experience and help make future outsourcing decisions; negotiate and implement future outsourcing contracts; align the overall IT strategy with the ever-changing overall strategy of the bank.
Clear the scope of IT outsourcing: Which information technologies constitute core competitiveness and which are non-core technologies that can be outsourced. Determining the scope of outsourcing is the primary issue faced by commercial banks in information technology outsourcing. J.P. Morgan proposed the M1-M2-M3 layer information technology architecture theory through research on the electronic development of American commercial banks (as shown in Figure 1). M1 refers to the computer system’s hardware, system software, tool software, network facilities and Special machines used by other banks; M2 layer mainly consists of application software and human-machine interface; M3 layer mainly includes business process reorganization, strategic planning, application system integration and management and maintenance of existing application systems. The technology at the M1 layer belongs to technology providers rather than banks. For commercial banks, competition at the M1 layer is mainly manifested in merging dispersed data processing centers to pursue better economies of scale; in the information construction of the M2 layer, American commercial banks The bank took a tortuous path and began to adopt a completely independent development approach. While paying huge development costs, it also had to bear the risk of development failure. After the development was completed, it was found that all banks were basically the same, which was a low-level repetitive construction. . Therefore, in the 1980s, American commercial banks not only jointly invested in building networks and realized resource sharing, but also gradually cooperated with IT companies to develop software or directly use commercialized software. After research, it was found that American Commercial Bank’s development investment in the M1 and M2 layers only resulted in technical training at the M1 and M2 layers. The benefits generated by leading at the M1 and M2 layers were not as fast as those at the M3 layer. Drawing on the electronic development experience of American commercial banks and the M-framework theory of Morgan Company, my country's commercial banks should outsource the M1 and M2 layers in the process of information technology outsourcing, use the outsourcer's economies of scale, reduce costs, and concentrate on building M3 Only in this way can core competitiveness be cultivated and characteristic operations be achieved. Establish a qualification review system for outsourcers. One of the key factors for successful outsourcing is to select outsourcers as strategic partners with a good social image and reputation, rich experience in implementing relevant financial industry systems, and the ability to lead or keep up with the development of information technology. Therefore, the qualification review of outsourcers should start from three aspects: technical ability, operation and management ability, and development ability. Technical capabilities: Whether the information technology products provided by the outsourcer are innovative, open, secure, and compatible, have a high market share, and can realize the full sharing of information data; whether the outsourcer has the information technology qualification certification, such as system integrator certificate issued by the Ministry of Information Industry, recognized software vendor certificate, etc.; whether the outsourcer understands the characteristics of the financial industry and can come up with solutions that are truly suitable for commercial banking business; whether the design plan of the information system Whether it applies stable and mature information technology, meets the requirements of the bank's development, and fully embodies the bank's customer-centered service concept; whether it has experience in the operation, maintenance, and management of large equipment, and the ability to integrate multiple systems; whether it has Technical experts and project managers with in-depth understanding of high and new technologies.
Operation and management capabilities: Understand the outsourcer’s leadership structure, employee quality, number of customers, and social evaluation; project management level, such as software engineering tools, quality assurance systems, cost control, configuration management methods, and the aging rate or turnover of management and technical personnel efficiency; whether there are successful cases that can prove its good operation and management capabilities; whether there is teamwork spirit among employees, and the satisfaction level of outsourcer customers. Development capabilities: Analyze the audited financial reports, annual reports and other financial indicators of the outsourcing service provider to understand its profitability; examine the time, market share and fluctuation factors of the outsourcing company's outsourcing business; examine the impact of the bank's outsourcing contract on outsourcing services How important is the financial status of the outsourcing service provider? Evaluate the outsourcing service provider's technology expenses and product innovation in the field of information technology to determine whether their level of investment in technology can support the bank's outsourcing project. Risk monitoring for outsourcing implementation The purpose of information technology outsourcing is to quickly realize the informatization of service means and service methods by integrating the corporate resources of information technology partners to meet the needs of customers. Any risks arising from information technology outsourcing will seriously affect the image of the bank. Therefore, risk management must be implemented throughout the entire process of information outsourcing. Risk management should be divided into four steps: The first step is to identify macro- and micro-level risks at each stage of outsourcing implementation and set up monitoring points. From a macro perspective, pay close attention to the development of information technology and outsourcing markets, as well as changes in the bank's own operating environment, competitors' outsourcing strategies, and outsourcer operating conditions, to prevent technology and market risks. At the micro level, listen to the outsourcer's reports at different stages of project implementation, evaluate the information system and corresponding control measures (such as resource security, integrity, confidentiality) operated by the outsourcer, and regularly review the outsourcer's related internal controls and systems. Develop and maintain, as well as contingency planning measures to ensure that they comply with contract requirements and are consistent with the current market and technical environment; understand whether outsourcing services are timely, whether service quality and service levels have been improved, and prevent transaction and reputation risks. The second step is to analyze the essence of the problems that cause the work to deviate from the predetermined standards, investigate the causes of the problems and draw conclusions; the third step is to formulate feasible solutions to the problems and select the best ones; implement the selected Plan to bring the outsourced work back to the original and expected standards. Establish an incentive mechanism for outsourcers. The business goal of outsourcers is to maximize profits, while banks hope to obtain good services at fair prices. Therefore, commercial banks should develop incentive mechanisms to link their operating performance with outsourcing service requirements, so that both parties can The goals are the same. The following incentives can be adopted: High quality and good price: Based on the scope of information technology outsourcing and the normal operation time and efficiency of the system, three-tier standards of qualification, satisfaction and high quality will be formulated, and different prices will be given if different standards are met. The formulation of standards should be continuously improved with the development of technology. If the outsourcer's technological innovation can enable the bank to achieve certain business profits, the outsourcer should be given certain rewards. This encourages outsourcers to use new technologies and continuously improve services.
Level management: Based on the qualification review of outsourcers, the length of cooperation, and the degree of satisfaction during the cooperation process, a corresponding rating system is formulated to divide outsourcers into access level, cooperation level, and partner level. The level assessment can go up or down. If the outsourcer's service level and service quality decrease, it will be downgraded. Level management hopes to strengthen the cooperative relationship between banks and outsourcers through a series of consecutive contracts, reminding outsourcers of the importance of establishing a good reputation and obtaining benefits through quality services.