IT Outsourcing Risk In fairness to sellers of IT services, large buyers are not averse to a few power plays of their own and sometimes steamroll smaller or independent providers with onerous contract clauses. One of the most costly (if rare) provisions in relationships where the balance is tipped to the buyer is consequential damages — or the payment of fees / service credits scaled to the buyer’s business impact as opposed to the cost of the service itself. The reason this provision is rare (<2% of contracts we have negotiated) is that this impact can be orders of magnitude more than a small supplier can afford — easily into seven figures even on a $20K / month contract. It is thus anathema to legal departments, insurers, and active owners. However, we have seen consequential damages both enacted and enforced, wiping out profitability for a year with one misstep. This element of risk in IT outsourcing is clear.
The concept of consequential damages is simple — if a suppliers directly and measurably costs me revenue or profit, it is responsible for making up the difference. For example, if I’m a gaming company with a $10 monthly subscription fee and a network outage forces me to credit my million users for 3 days of playing time, there is $1M in direct provable business losses due to the failure of my network provider. With a consequential damages clause (or for that matter a lack of explicit limitation to the contrary), the buyer can feel justified in asking for these costs to be borne by the responsible party such as a hosting or bandwidth provider in order to mitigate the risk in their part of the IT outsourcing contract.
IT Outsourcing Risk
Let’s take IP transit as the party responsible in this example of it outsourcing risk. According to the SPY Index, a 10Gbps pipe for this number of users can cost as little $15K-$40K per month with the most price-competitive providers and buyer profiles. It can be up to $200K+ per month with a provider that bases its fortunes on premium network services and SLAs for online gaming — a more appropriate profile for someone with a revenue per user of $10.
Even for this premium supplier, paying off a $1M credit can take up 3-5 months of revenue, to say nothing of margin. A credit of this magnitude effectively kills all revenue for the life of a 3-year contract. Since no provider is immune to outages – not Tier 1 networks or Tier IV data centers – the risk is real.
As mentioned earlier, these clauses are rare because they’re something that many different parties that are (or should be) part of your contract review process are trained to find and eliminate. That being said, there are situations when the buyer holds all the cards and will insist that their liability become the provider’s. If the incremental revenue means the difference between surviving and closing up shop, you may have no choice but to accommodate the demand – but if it only means hitting a quarterly target, being willing to walk away might still be the better choice.
The best way to mitigate this particular IT outsourcing risk is to find a reasonable cap on damages.
An agreement to negotiate in good faith on a settlement is something that’s a surprisingly effective compromise (generally “agreements to agree” are not particularly useful in a contractual sense but they can fill trust gaps). And if you’re feeling truly adventurous, you can ask to participate in some of the upside via a revenue share to offset the participation in potential losses. Even earnback provisions can serve as a small buffer. But being completely blindsided by the consequential damages play can be a career-ending mistake for anyone at an IT services provider – all the way up to the CEO. Alex Veytsel is a Principal Analyst at RampRate where he is the lead architect of business and financial analysis models. Alex can be reached at firstname.lastname@example.org
Privacy & Cookies Policy
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.