This international bank with extensive operations in North America and Europe had decided to off-shore and outsource a significant element of its IT operations from high cost US / European locations to India. The CIO set extremely aggressive targets for completion of this project leading the programme manager to seek independent advice on what his key risks were and how best to manage them.
A key requirement of this engagement was that the risk assessment methodology would be provided to the bank and their own IT risk people trained to use it.
Over the course of eight weeks, an IT off-shoring and outsourcing risk assessment methodology was developed and executed. This included development of an entirely new risk source model, facilitated risk workshops in the US, Europe, India and the Far East, development of a risk and control matrix and associated risk heat maps.
Fundamental to the success of the project was identification of six root causes, generating over 150 significant risks. Management was provided with a summary report of the risks and root causes, along with a detailed action plan for addressing the root causes. The IT risk organisation was provided with an off-shoring / outsourcing risk assessment methodology capable of use by their own people.
Sometime after completion of this engagement the bank successfully completed its off-shoring / outsourcing programme without significant business impact.