In February 2019, I attended the International Association of Outsourcing Professionals’ (IAOP) Outsourcing World Summit (OWS) – a place for those in the IT or business process outsourcing (BPO) space to come together. This is an event where sourcing and procurement leaders come for information, and of course to be accosted by sourcing advisories, systems integrators, and the latest nearshore promotion council reps all plying their trade.

Having spent some time with the industry’s best and brightest minds in sourcing, I found myself uniquely puzzled, even a little exasperated. As my plane taxied through Orlando airport, I couldn’t help but reflect on the huge gap which exists in the IT sourcing universe.

We live in a software-driven world where leading enterprises jump over each other to claim they’re becoming software businesses. According to ING’s keynote at OWS, they are a technology company that happens to manage some money. The zeitgeist of the day.

Cloud and the digital process

In this model, buying core software functionality seems tantamount to outsourcing core business functions like marketing or customer care. While many IT shops say they want to move to Cloud and SaaS, it only makes sense for the firm’s commoditized processes like finance and HR. The differentiating capabilities must be built by the firm.

Plus, let’s not confuse Cloud as a hosting and development environment with the magic potion to obviate the need for custom software. Whether they are hosted or built on the Cloud, the core capabilities that allow you to differentiate and build digital presence are not going to be bought off the shelf.

That said, some organizations are able to build up their own software development team, manage talent acquisition and retention, but most can’t staff enough skilled developers to do all they need to do. So, they have to source the services to help them build software, and some software packages from specialty vendors to fill in specialized functions. This is where sourcing comes in – to help source the stuff that will form digital platforms.

Where sourcing pros are completely unprepared

Sourcing software development is hard. The process is hard to measure and predict. The output is kind of intangible. The only thing you can easily measure is man-days, so this is what most organizations resort to. Time and materials sourcing. Usually, our contracts pay some lip service to quality, reliability, security, but nothing definitive. So, all that stuff is left up to chance. Security, despite being the most visible concern, is written explicitly into just 5% of contracts, according to OWS’ panel on the topic.

For the last year, I have been talking to vendor management and procurement professionals about a way to measure the quality of the software they procure, and to protect from security and reliability risk. When I started this journey, as part of my board responsibilities for CISQ, I thought I would get a warm reception from sourcing pros. I expected to hear things like “wow, this is exactly what we’ve been missing” or “this will make me a champ within my organization”. It seemed like such a no-brainer to just ask your CISQ-ready sourcing partners to follow this new standard for software reliability, security, and quality. Why wouldn’t you?

Instead, what I’ve seen is a lot of scepticism. Questions like: “but if I ask for higher quality, my vendor will find some way to charge me for it”, or “I don’t know if my dev team would be on board with that,” or varying flavours of “this seems too technical”.

Moving sourcing with the times

I would posit that this is an extremely outdated way of thinking. Sourcing has a role to play in the digital transformation. Vendor managers, procurement pros and strategic sourcing cannot apply old solutions to modern problems. They also cannot throw their hands up in the air in the face of problems like sourcing Agile development, or supply chain risk, or application security. The sourcing organization is there to protect the company, and to help the business get the most from vendor relationships. It’s impossible to do that without knowing something about the software your vendors are delivering to the firm.

Technology sourcing is obviously changing. A lot of momentum has gone into cloud sourcing. The audit profession has a relatively new set of audit protocols like SOC2 and SOC for Cybersecurity. Sourcing and vendor management are changing, but hopefully for the better. People are right to be sceptical, and a supplier may well charge more for a higher quality product. But consider the cost of the consequences of sourcing poor code and what you stand to gain from fighting for something better. I think that’s a price worth paying.

Written By Lev Lesokhin, EVP of Strategy and Analytics at CAST