Build, Buy, or Partner: 8 risk factors to consider

When it comes to business outsourcing models, there’s certainly no shortage of opinions.  One of the first stand out comments I came across in my career was from Jack Welch. Essentially, If it’s not your core business, you should outsource.

I stood by this comment like it was religious gospel.  To be fair, pretty much every other comment I come across was of a similar vein.  Factors such as business purpose and criticality seem like common ones. 

What about if it is your core business?  Does that mean you should never outsource it? And how do you define your core business these days anyway?

From accountants to construction companies, I’m hearing more and more businesses that are taking an ecosystem view of their business. Frankly, I think it’s the business model of the future

The way we see it, core business or not, there is one measure and one measure alone that should dictate whether you build, buy, or partner that capability into your business; Risk.

Everything we do in business is a trade-off between positive risk (the good things) and negative risk (the bad things).  What we generally look for is opportunities that bring more good things with less chance of the bad things.

For the most part though, we tend to focus on and even overstate the benefits and understate the negatives of a given option.  Business cases then tend to get built on these overstated (or understated) factors with the economics of it all left to fill in the blanks. 

That is to say, the Build, Buy or Partner business case you’ve just built is probably full of bias or worse, an outright fabrication. Seemingly flippant comments like “is it critical?” just exposes that bias.  Biased decisions typically lead to bad decisions.  We don’t like biased decisions…

What I want to propose here is 8 factors that could help your next build, buy, or partner decision.  Factors that should help you focus on the things that matter, make more balanced decisions, and reduce inherent bias. 

First the list. I will explain how and why in a moment:

  1. Business Value: in short, which option will give you the best business value?  Business value can mean a lot of different things so it’s important to consider more than just the financial aspects.
  2. Lifecycle Time: What is the total time that it takes to accrue, operate, and discard the capability? How does that align with your actual need?
  3. Uncertainty: How much uncertainty lies in both the parameters and outcomes of your required capability?  How does that change with each option?
  4. Scalability: Which option will give you the best opportunity to scale the capability you need up or down as required?
  5. Availability and Redundancy: How reliable will the option be?  How reliable does it need to be?  Do the two align?
  6. Complicatedness: I always find this term a bit awkward but basically, it’s a measure of the number of components.  Under this measure, would the chosen option be more, or less complicated?
  7. Quality Assurance: How easy will it be to detect changes or anomalies?  Do you have more, or less control of the quality?
  8. Dependencies: How dependent are other aspects of your business on this capability?  Does that change given the options?

Now the how…

An easy way to apply these factors to your next decision is to rank each option against each factor.  The one with the best outcome for your business gets a 1, then a 2 and so on.  If two options are the same or at least no different, then rank them the same.  The more favourable options across all the factors should naturally rise to the top.

What does any of this have to do with risk?  Well generally, the risk exposure of something goes up with the amount of ‘stuff’ it has in it. 

There’s a bunch of maths behind this but simplistically, a full glass of wine has a higher risk exposure than an empty one.  A wallet full of cash has a higher risk exposure than one that is empty.  We are ranking the risk exposure of each option by comparing the quantity of each factor in this list. 

There’s a couple of things here you should note.  The first is I didn’t need to know what the actual risks were.  Give or take, within the same frame of reference a similar set of risks apply.  Across the population the risks tend to normalise out.  I don’t have to guess (or assume) which risks apply and which don’t.  Within a frame of reference, I just have to compare the quantity of the associated factor.

As an example, two roughly equivalent programmers will have roughly the same amount of error rates per line of code.  Indeed, across the population of programmers the risks go up relatively proportionally with the number of lines of code they produce (a measure of complicatedness of the code).  All else being equal, I can guess which program will have more issues by focusing on factors like how many lines of code it has.

The second thing to note, this approach cuts out a lot of room for cognitive bias.   It’s pretty hard to argue one way or another about the amount of wine in your glass compared to mine.  You just have to measure them.

Similarly, among other benefits, having two companies perform a function instead of one favourably increases the availability and reduces the dependency.  However, it also increases the complicatedness to the business unfavourably.  The numbers do not lie…

The astute among you will have noted you could potentially apply this approach to other scenarios.  Indeed, our first application for this was in prioritising project activities.  We’ve also used it in assessing failure modes of complex systems and considered its use in Information Security.  But that’s a discussion for another time.

Is this approach bullet proof?  No, but it’s not meant to be. Something I call an 80% answer;  A cost-effective analysis that should get you close the mark.  Once you apply the broad filter, you can decide if the cost of further analysis is worth it.

What it should do though is open up your next business sourcing discussion with less bias.  Taking you beyond cherry picked concepts like criticality and towards risk factors that actually matter.

1 thought on “Build, Buy, or Partner: 8 risk factors to consider

Comments are closed.