Tag Archives: outsource

Emerging Risk of 2015: Outsourcing

Outsourcing might just be the most common business management earnings booster of the past 10 years. Which means that it is also a top candidate for becoming a major emerging risk in the near future.

The idea of outsourcing is an extension of the fundamental logic of capitalism: specialization. Processes are good candidates for outsourcing when there are other firms that can perform the same service at a significantly lower cost.

Cost Advantages

When you start looking at a potential outsourcing situation, you need to understand the source of the cost advantage. There are several possible drivers:

  • Higher efficiency
  • Lower wages paid to the people performing the outsourced work
  • Lower overhead for the outsourcing partner

But there are other ways that a cost advantage might come about that are not as desirable:

  • Lower safety and health standards
  • Lower spending on quality control
  • Lower amount of slack resources that can be available when a machine breaks or a key person gets sick
  • Lower-quality source materials

How to Control Risks of Outsourcing

If an outsourced process is not only out of sight but also out of mind, this emerging risk may become a current problem.

There are two basic ways of controlling the risks of outsourcing: by specifying standards at the outset of the arrangement and by inspection of the process and output on a continuing basis.

But with the explosion of outsourcing over the past 10 years, even firms that had set down extensive and clear standards at the time of the original agreement and that have allocated the needed resources for inspection of the processes and outputs are at risk from the complacency that comes from the the passage of time without serious incident, the changing individuals on both sides of the agreement and the changing pressures on both organizations.

An outsourced process is out of sight. If it also becomes out of mind, then it will likely move out of the emerging risk category into the current problem category.

This article first appeared on WillisWire.

The Myth About Contractors and Risk

The notion that by outsourcing or contracting you have transferred your risk to another party is a myth. Senior executives, both in government and private enterprise, say, “There is no need to worry about that risk – I have transferred that to the contractor.” This is simply untrue.

If you own the consequences (or at least part of them), then you own the risk.

For example;

In the TV series “Air Crash Investigation,” there is an episode titled “Dead Weight.” In this episode, maintenance staff working for a company that is sub-contracted to conduct maintenance on behalf of Air Midwest’s primary maintenance contractor skip nine of 25 steps detailed in the maintenance manual when adjusting the tension on the elevator control cable. As a result, the cable is unable to traverse through its full range of motion.

When Air Midwest flight 5481 took off overweight, the center of gravity shifted rearward when the landing gear was raised, which pitched the nose higher. Because of the issues with the elevator control cable, the pilots were unable to bring the nose down. The aircraft stalled and crashed into a hangar on the ground, killing all passengers and crew on board.

The issue arose because there was no contract oversight/assurance by either Air Midwest or the primary contractor.

A contract is a control — but a control is only as good as the measurement of its effectiveness. Organizations that outsource simply cannot afford to assume that, because there is a contract in place:

  • They have outsourced the risk to the contractor
  • The contractor’s performance will be as contracted and as reported.

This last point may seem a cynical one, but you need to accept that the primary driver for a contractor is to maximize profit. If shortcuts can be taken, they are likely to be pursued.

What is even more important for organizations to understand is that, if the function that is contracted is a compliance requirement, and if there is a compliance breach, it is the organization — not the contractor — that will be held to account.

So, what are the keys to reducing the outsourcing risks?

Firstly, the organization needs to ensure that, before developing the solicitation documentation for an outsourced function, the risks during the contracted period are identified and assessed and treatments (such as oversight and performance measurement) are fully built into the contract. It is absolutely critical that compliance risks with the highest-level consequences are included in this list.

Secondly, the organization needs to ensure that contract performance is actively monitored and measured (i.e. do not simply accept contractor’s performance reports as fact).

In essence, organizations need to remember that, although you can outsource responsibility for the management of functions, you cannot outsource accountability for the consequences of not managing risk. In simple terms, if the contractor fails, the organization fails. If an organization owns the consequence, it owns the risk.

If your organization is one where contact management and contract assurance are not front of mind, or yours is one where the assumption is that the risk has been transferred to the contractor, you are in a dangerous position.

Increasing COI Compliance

There is mounting evidence that third-party providers of certificate-of-insurance management services can go well beyond the rote skill of tracking certificates and can improve COI compliance. That is an important issue for many companies given that, nationally, seven out of 10 COIs have been shown to be noncompliant, opening up companies to all kinds of exposure to risk.    

The most efficient and accurate process to review COIs relies on a human model, where deep insurance knowledge is supported by technology, rather than the other way around.  These professionals are typically highly experienced and credentialed insurance experts who review documents to find the issues that transcend the “dot the i’s and cross the t’s” recognition of machine-based systems and move into the realm of nuance, trend and pattern.  Only after the challenges are corrected does technology intervene to confirm corrections on a quality-assurance basis and to deliver reports.

Employing these experts is a significant burden on costs and infrastructure for most any company.  However, based on economies of scale, these insurance professionals who are so crucial to the process can be employed by third-party COI management firms and shared by the companies that truly need them, thus spreading the cost.  With this in mind, there seems to be a significant upside to consider partnering with outsourced systems.

When it comes to COI management — especially within the Fortune 500 community, in which there is a tremendous tonnage of COIs to track and manage — organizations face a choice.  Does it add value to outsource or not?   In the case of COIs, it’s not only a cost-savings issue — although coming to a complete understanding of all the costs and resources  involved to properly manage the process internally can be eye-opening  — but is an efficacy issue, as well.   If the typical Fortune 500 company receives between 5,000 and 10,000 COIs over the course of a year, between 3,500 and 7,000 (or more) of those COIs will need to be followed up with, tracked down and resubmitted for review.

So, if outsourcing not only provides a significant cost savings but also an increase in COI compliance and accuracy, there would be a pretty strong business case for its implementation. Obviously, corporate management is thinking the same way because the demand for COI management outsourcing is growing.  In fact, more than 70% of senior executives predicted that demand for outsourcing would become even more prevalent over the next three years, in a 2011 study conducted by Accenture and the Economist Intelligence Unit.  

The expertise required for COI compliance is extensive, and not readily found in-house.   Here are some questions you need to ask yourself in evaluating the quality of your personnel and infrastructure with regard to COI management:

  1. Do your people really understand insurance? 
  2. Do your resources know what they should be looking for on the certificate?
  3. Do they know how to figure out if the certificate meets your requirements? 
  4. Do you also require endorsements and other supporting documents from your insureds?
  5. What reporting tools exist?
  6. How do you audit in the case of a claim?

Not only does COI management require administrative personnel to handle the daily clerical to-dos and followup activities, but COI management also takes the risk manager’s focus away from the strategic initiatives and other critical functions that deserve full attention.  The risk manager’s plate is more than full — it is overflowing.  Outsourcing COI management cleans up a task that should not hit the risk manager’s desk in the first place.   

Recently, technological innovations such as partially automated systems have taken hold in outsourced COI management.  This value has been enhanced with state-of-the-art, cloud-based systems that operate transparently, away from a client company’s infrastructure.  Not only does this approach provide tremendous savings in IT infrastructure and training, but it allows specialists in COI management to treat the work as though they were right down the hall.  In fact, there are some best-of-breed outsourced COI management companies that maintain full-time professionals who operate as an extension of a client’s risk management department.

Things to consider

1. What is the status of your current positioning in relation to managing vendor risk?

  • Type of insurance program you have
  • How much of it is under your control?
  • Knowledge of staff
  • Internal policies and procedures
  • Support from the top
  • Ramifications/penalties for vendor noncompliance
  • The contract language you use
  • What is the contract for?
  • Effective contractual risk transfer
  • Separate departments in various locations
  • Disconnect between the importance of vendor and the need for a compliant certificate
  • Decentralized vendor and contract tracking
  • Standardized insurance requirements

2. Elements to consider in your vendor contracts

  • Clear, concise and standardized
  • Insurance provisions support indemnity provisions
  • Language on certificates — applicable law
  • The contract is your binding document!
  • Don’t ask for things you don’t need and, if you need them, be ready to explain why!
  • Use your broker or agencies with similar exposures as a resource when determining new requirements
  • Limit any waivers or changes
  • Authority to agree to any changes or waivers should be extremely limited
  • Always consult with your legal team

3. Key vendor issues

  • Do not always understand the requirements in the contract before signing
  • Do not pay premiums on time, letting coverage lapse
  • Change insurance agencies often, making it difficult to maintain compliance
  • Do not communicate effectively with broker before signing agreement or after certificate is submitted

4. Certificate holder operational objectives

  • Central certificate tracking methodology
  • Standardized workflow
  • Centralize organization via single access point
  • Centralize deports
  • Easy access to information
  • Accountability
  • Provide clear contractual requirements
  • Provide single collection point for certificates
  • Provide a sample certificate that can be easily accessed by vendor and broker
  • Provide a centralized communication process for both vendor and broker
  • Outline specific consequences for non-compliance

5.  Smaller vendors = larger liability

  • Risk control programs are not as advanced
  • More willing to cut corners (let insurance lapse)
  • Oftentimes do not fully understand insurance requirements and why they apply
  • The most efficient way to deal with these vendors is through direct contact with their broker

6. Characteristics of larger vendors

  • Often use standardized COIs, which cannot easily be modified to reflect additional information if requested for clarity purposes
  • Self-insurance plays a larger role
  • Strong risk control programs
  • More likely to push for limited risk transfer
  • Often request contract language modifications
  • They resist whenever possible – these changes are usually not to your benefit
  • More emphasis is placed on policy language, which requires work with the broker and the insurance company to verify specific information not included on their COI


So when does outsourcing COI management make sense?  Does it cost more money for your organization to hire the talent in-house or to outsource? Just as important, can a trusted vendor do the work better?   

If your company has a compliance-centric culture, there is a clear benefit to leveraging a flexible COI support team that understands insurance language and  can quickly refine its talent mix to support your needs — a capability you probably do not have in-house.   An increasing number of executives are finding that outsourcing can create a strategic advantage, especially for a dynamic and distributed organization whose needs are often rapidly changing.

With regard to economics, an outsourcing provider has economies of scale, knowledge expertise and the dedicated infrastructure that make its solution more affordable and cost-effective than doing the work in-house.  Outsourcing the COI management processes can cost half as much as doing the work in-house, and, with the right system, you can ultimately make yourself more attractive to insurance markets for your business.

With few exceptions, outsourcing is a viable option for you that can result in operating cost reductions and better strategic insight. 

10 Tips to Achieve Increased COI Compliance

  • A strong insurance program
  • Clear contract language
  • Effective internal policies and procedures
  • Gain support from the top
  • Good relationships with your broker and counterparts
  • Willingness to reach out to the vendor’s broker or insurer if questions arise
  • Provide a centralized tracking methodology that can be shared among all departments, divisions and locations
  • Create a standardized workflow for internal and external users
  • Provide a centralized communication among vendor, broker and client personnel
  • Training, training, training. . . .