Use of cookies by
Norton Rose Fulbright
We use cookies to deliver our online services. Details and instructions on how to disable those cookies are set out at By continuing to use this website you agree to our use of our cookies unless you have disabled them.
Norton Rose outsourcing survey finds risk management confusion is leaving businesses exposed | Norton Rose Fulbright

Norton Rose outsourcing survey finds risk management confusion is leaving businesses exposed

9 November 2011


  • 61% of suppliers, and 66% of customers, believe that due diligence procedures have tightened in the last three years
  • Just 8% of suppliers thought that they themselves should manage political / jurisdiction risk, compared to 49% of customers who felt that suppliers should manage this risk
  • 78% of customers believe that managing the risk of data loss should be a joint effort, up from 13% in 2008
  • 58% of suppliers have no dedicated risk manager and only 51% of suppliers keep a written risk record for projects
  • 65% of companies do not conduct detailed due diligence on the incoming key personnel provided by their supplier
  • 87% of customers cited cost reduction as a motivating factor for outsourcing
  • 86% of suppliers cited cost reduction as a motivating factor for their customers’ outsourcing
  • 62% of suppliers expressed a view that the global financial crisis had resulted in harder price negotiations

According to a global survey by international legal practice Norton Rose Group on current outsourcing practices and trends, businesses and their suppliers are unclear as to where the responsibility for risk management and due diligence lies between them, with the result that businesses are exposed.

Mike Rebeiro, group head of technology and innovation at Norton Rose Group, commented:

“While due diligence procedures appear to have tightened in the past three years, particularly as the regulatory landscape has changed, it is incumbent on the customer to devise a due diligence process that will properly test and evaluate potential suppliers.”

“As many organisations have found to their cost, there is no ‘one-size-fits-all’ solution for risk management and it should never be seen as a box-ticking exercise - customers need to visit a potential supplier, test their technology and speak to other customers of that supplier.”

The survey has found that sixty-five per-cent of companies do not conduct detailed due diligence on the incoming key personnel provided by their supplier. And while companies are increasingly taking on responsibility for risks associated with an outsourcing project, such as project delay and data loss, opinion is sharply divided on whether the customer or the supplier should take responsibility for political / jurisdiction risk.

Mike Rebeiro, continued:

“The majority of customers assume that their suppliers will have done the necessary due diligence on their own staff and do not see the need to repeat the exercise. This is surprising given the impact a single rogue employee can have on the reputation of a business and all associated organisations, as underlined by the scope of the Bribery Act 2010.”

“Companies that outsource any element of their operations must be confident that due diligence has been undertaken on those who will be working closely with their organisation and their clients.”

“In addition, as the margins for suppliers become thinner, suppliers need to have an open conversation with customers about the risks of doing business in certain jurisdictions. While almost half of customers believe that the supplier should have satisfied themselves that they can operate successfully in the jurisdiction they have chosen, they should also familiarise themselves with that jurisdiction and consider a contingency plan.”

The survey also reveals a disconnect in the way suppliers and their customers view risk. Customers rate reputational damage as a primary risk but suppliers rank it as a secondary risk, and while service performance failure is seen as primary risk for suppliers, their customers view this as a secondary risk.

The survey has also found that 87 per cent of customers cited cost reduction as a motivating factor for outsourcing and 69 per cent of respondents mentioned flexibility as a reason to outsource, up from less than 10 per cent in 2008.  

Mike Rebeiro, continued:

“Customers should draft their contracts to allow for the maximum possible flexibility, with mechanisms for managing contractual and operational change, and processes for requesting and pricing any amendments. A pricing mechanism that includes the costs of investigating and implementing change should also be agreed before the contract is signed.”

“The days when offshoring was considered an easy way of saving money are drawing to a close, and customers are recognising the impact on their own business of squeezing their suppliers’ margins too tightly. Asking suppliers to take on a greater proportion of the risk will have a direct impact on costs, but customers also need to bear in mind that there are some risks that simply cannot be ‘outsourced’ to a supplier.”

The report, entitled Outsourcing in a Brave New World, is the second outsourcing report released by Norton Rose Group and details the views of CIOs, General Counsel and Heads of Procurement from 74 businesses including technology and life sciences businesses, retail companies, financial institutions, transport, energy and infrastructure companies and the professional services sector, and suppliers themselves.

Download Outsourcing in a Brave New World.

Contact Norton Rose Group's Outsourcing team.

For further information please contact:

Sarah Webster, head of PR, Norton Rose LLP
Tel: +44 (0)20 7444 5942; Mob: +44 (0)77 2535 0425

Gavin Collins, PR manager, Norton Rose LLP
Tel: +44 (0)20 7444 2466; Mob: +44 (0)7770 650 113