I’m not saying that Satyam will not stay in business, that their clients will be abandoned, or that the clients did not spread their risk by retaining internal expertise or sharing activities across two or more different service providers. However, I would question whether they did. I doubt that client organizations are comfortable right now and would think that many are likely rushing to put contingency plans together.
I strongly advocate taking a risk-based approach to decision-making with respect to outsourcing. My contention is that, while I agree with those detractors who say that it is particularly difficult, if not impossible, to quantify these risks with any precision, one can at least list as many as possible, which I do in my book. Then one can apply some weighting factors based on how seriously risks might impact a particular decision. In my experience, those who evaluate vendors frequently omit many of the more important, perhaps less tangible risks, believing them to be events that will never happen. As the financial crisis and the Satyam fraud have demonstrated, the highly unlikely does indeed happen and can have a particularly deleterious impact on customer confidence.
If you pare away the fraud and deceit from the reports on the Satyam case, you are still left with a couple of really serious security issues. One stems from the allegation that Satyam injected malware, in the form of spyware, into software delivered to the World Bank. The other is the revelation that the U.S. government is a Satyam client.
Popularity: 1%
