Accounting and IT outsourcing risks (cont.)
Read in Latvian
Read in Russian
To pick up where we left off last week, this article explores the main defects of an outsourcing agreement and outlines our recommendations.
An accounting outsourcing agreement fails to specify a mechanism for verifying that the accounting system meets core security requirements. Neither the management nor auditors can rely on the accuracy of electronically prepared financial information, and so additional resources and time will need to be invested to check the information manually. The outsourcing exercise may not pay off because extra costs arise.
An accounting or IT outsourcing agreement fails to specify a mechanism for verifying that quality services are rendered within agreed time limits or a mechanism for preventing any problems. For example, reports are filed on time or, in the case of IT services, information flow security mechanisms are in place and steps have been taken to protect the company’s confidential data against external attacks. If personal data or confidential client information falls into the hands of third parties this may lead to expensive lawsuits, a damaged reputation, and in certain instances even termination of business.
The agreement provides for appropriate division of responsibility, but the company fails to supervise the performance of all the terms of the contract. What this often means in practice is that the external provider simply does not provide any unsupervised services, while the customer’s management rely on the provider to carry out the terms of the contract. Such a breach usually goes unnoticed until major problems arise, but the company may be left without some essential internal processes, which may affect not only its staff but also client interests.
Carefully select an external provider that is capable of supplying your company with quality services tailored to your needs. The main mistake might be choosing a small company that charges a lower price but is unable to supply the required scope, or choosing a larger company where your requirements could be much lower.
Define the scope in sufficient detail of what you expect from the external provider.
Your agreement should specify not only how the services should be rendered and how the parties should interact but it should also provide the management with tools for supervising quality and task performance. The main clauses required:
1) Provide the company as well as its internal and external auditors with access to the accounting information system's settings;
2) For supervision purposes receive information electronically or in writing on a regular basis about the execution of operations, successful data transfer and copying, as well as overall IT availability and security;
3) Set time limits for troubleshooting.
The company should appoint a sufficiently competent employee to be responsible for supervising the outsourced services. In certain instances this supervision can also be outsourced, or co-sourced to give your IT or finance expert a full workload.
Ensure that the external provider is supervised on a regular basis. Frequency depends on the type of service: for accounting services on a weekly or monthly basis, while for IT services depending on their nature it may be on a daily basis, such as data backup copying, or weekly or monthly.
The management should determine how to verify that the responsible employee or expert supervises the external provider’s work. This could be a weekly or monthly report or a meeting to discuss any problems.