Entering into an outsourcing relationship is a bit like setting off on a journey into a new land. One of the best ways to protect yourself in this new environment, and to ensure you stay on course, is to know your traveling partner well before you ever set out. Due diligence allows you to do just that.
There are many definitions of due diligence. However, in the commercial context, it usually means the research and analysis a company undertakes in preparation for a business transaction, and in particular, the investigations a company carries out into its potential counterparty. This analysis helps the parties to enter into the transaction with their eyes open and allows them to anticipate and manage key risks.
In any outsourcing transaction, both the customer and the supplier will want to carry out due diligence on the other before signing on the dotted line. This article considers the due diligence process from the customer’s point of view only. It looks at why due diligence is so important, how a customer can prepare for this phase, and provides practical tips for investigating suppliers.
Why is due diligence important?
Due diligence helps customers to:
Assess the supplier’s ability to deliver the services to be outsourced;
Determine whether the supplier is a good fit for the customer organization;
Understand the practicalities of the proposed service delivery; and
Evaluate and mitigate the risks associated with outsourcing the services to that supplier.
Preparing for the due diligence phase.
Before even engaging with potential suppliers, it is sensible to establish the business case for outsourcing. The business case document is used to help secure internal funding and approval to commence negotiations with potential suppliers. However, the business case should not be forgotten as soon as discussions begin. Rather, it should inform every step of the process, including the due diligence phase. Only by fully understanding its own objectives and requirements can the customer be sure that it is measuring the supplier against the correct standard.
To evaluate the supplier, the customer will first need to know:
How the services are presently being provided and what the current transaction volumes are.
The internal staff and other costs (direct and indirect) involved in providing the services in-house or the costs of outsourcing the services to the existing supplier.
The customer’s anticipated future requirements for the services.
Whether there are any third party contracts that are required to supply the services (for example software licenses), and how the proposed outsourcing will impact those contracts.
How the outsourced services will interface with any retained functions.
Whether there are any assets on which both the outsourced and retained functions will depend.
What the regulatory environment looks like. For example, will there be a need for approvals or consent from regulators?
What the risks associated with the services to be outsourced are.
Carrying out this thorough internal analysis will help the customer to (i) understand what information it requires from the supplier and (ii) determine how that information should be evaluated.
What should the supplier be asked to provide?
The supplier must, of course, provide a detailed proposal setting out how it intends to meet the customer’s requirements, its pricing proposals (including any price variation mechanisms), its plans for managing the transition, implementation, and exit phases, and any assumptions on which the supplier has based its proposal. However, the proposal is only part of the story. The customer will need a good deal more information from the supplier before it can make a final decision.
The exact information required will depend on the business case and the particular circumstances. However, the customer should start by asking the supplier for the following:
If the supplier belongs to a group of companies, details of the group structure and its geographical reach. Involvement of the supplier’s group in some jurisdictions may raise a red flag that requires further investigation and consideration.
The supplier’s annual audited financial statements to ensure it is of good financial standing.
Evidence of the supplier’s qualifications, including its experience in delivering similar services. It is usually prudent to request references and speak to former customers to get a more complete picture.
Details of the supplier’s current staff turnover levels (so they can be compared to industry norms). High staff turnover can sometimes be a symptom of broader problems that might impact performance.
If local regulatory approvals are required, evidence that the supplier has the correct approvals in place.
Also, if the supplier intends to subcontract any aspect of the services, then similar information should be requested on those entities too.
In addition to analyzing the above information, the customer should carry out its own independent research into the supplier. This might include checking the supplier’s regulatory and accounting history with the relevant authorities, checking news articles about the supplier and, possibly, checking court records to see if the supplier has been or is involved in any litigation that in some way calls into question its ability to provide the services or could impact its financial standing. Further, the customer will typically want to undertake one or more site visits so it can see the supplier’s operation for itself.
Analysis is the key.
Gathering the information is only part of the process. The real work is analyzing it to identify potential risks. No supplier is perfect. The due diligence process will undoubtedly uncover some areas of risk (in fact, you might question the thoroughness of a due diligence process that does not reveal any risks).
The customer can then make an informed decision about whether or not it wants to proceed with the transaction. Often, risks can be dealt with by working together with the supplier to create a risk management process that identifies, assesses and manages any risks that emerge during the due diligence process, and which might impact the later phases of the project. To assist with this, a risk register is often set up based on the information arising from the due diligence phase, so the parties can agree how those risks will be managed. The risk register then becomes a living document that will be completed, updated, and acted upon on an ongoing basis throughout the life of the project.
Taking time at the start to get to know your traveling partner well won’t guarantee an entirely smooth journey, but it will help ensure that, from the outset, a good number of risks are avoided or at least mitigated to an acceptable level.