International law firm Norton Rose Group has warned that there is confusion between suppliers and customers over which party should take responsibility for risk management and due diligence in outsourcing projects.

The company, active across four continents, has released a report, Outsourcing in Brave New World, which covers all aspects of IT outsourcing, including cloud computing.

Based on a relatively small survey sample of 78 companies, with respondents typically in head of procurement and CIO roles, the report finds that while only eight per cent of suppliers feel they should be responsible for ‘political/jurisdiction’ risk, 49 per cent of customers feel this responsibility should in fact sit within the suppliers’ remit.

In addition, 58 per cent of suppliers do not employ a dedicated risk manager and only 51 per cent keep written records of project risks. Problems could also arise from a personnel perspective, since 65 per cent of companies do not carry out detailed due diligence on the staff members that suppliers assign to their projects.

Despite all of this though, 61 per cent of suppliers and 66 per cent of customers believe that due diligence has in fact improved over the last three years.

Mike Rebeiro, group head of technology and innovation at Norton Rose, petitioned outsourcers to do full tests of a suppliers equipment and other infrastructure, including making site visits and talking to other customers.

And the issue over the integrity of the suppliers’ employees should never be left to chance, he warned.

“The majority of customers assume that their suppliers will have done the necessary due diligence on their own staff and do not see the need to repeat the exercise,” said Rebeiro. “This is surprising given the impact a single rogue employee can have on the reputation of a business and all associated organisations, as underlined by the scope of the Bribery Act 2010.”

The landscape for outsourcing is changing, Rebeiro noted, with the cost benefits ebbing away somewhat. He warned that due diligence should not be forsaken in the interests of preservation of these savings.

“Asking suppliers to take on a greater proportion of the risk will have a direct impact on costs, but customers also need to bear in mind that there are some risks that simply cannot be ‘outsourced’ to a supplier,” he said.

The report is available from Norton Rose’s website.