Sourcing Model for IT

Sourcing Model for IT - COBIT 2019 Foundation Guide

Understanding Sourcing Model for IT in COBIT 2019

Why Is Sourcing Model for IT Important?

The sourcing model for IT is a critical design factor in COBIT 2019 because it determines how an organization acquires, delivers, and manages IT services. This decision impacts:

• Cost efficiency - Choosing the right sourcing approach directly affects IT budget allocation and ROI
• Service quality - Different models deliver varying levels of service quality and reliability
• Risk management - Each sourcing model carries distinct security, compliance, and operational risks
• Organizational flexibility - The model affects how quickly the organization can adapt to business changes
• Governance requirements - Different models require tailored governance structures and controls
• Compliance and regulatory alignment - Certain industries mandate specific sourcing arrangements

What Is Sourcing Model for IT?

The sourcing model for IT refers to how an organization chooses to obtain and deliver IT services and capabilities. It is a design factor that influences how governance, management, and service delivery structures are organized and controlled.

The sourcing model represents the strategic choice between:

• Internal sourcing (In-house) - IT services are provided by internal staff and owned infrastructure
• External sourcing (Outsourcing) - IT services are provided by external vendors and service providers
• Co-sourcing (Hybrid) - A combination of internal and external resources working together
• Cloud sourcing - IT services delivered via cloud platforms (public, private, or hybrid)

In COBIT 2019, the sourcing model is recognized as a key design factor because it significantly influences:

• How governance objectives are achieved
• Which management practices are required
• The structure of organizational roles and responsibilities
• The nature of internal versus external control mechanisms

How Does Sourcing Model for IT Work?

Step 1: Assessment of Organizational Needs

The organization first evaluates:

• Core IT capabilities required for business operations
• Strategic importance of specific IT functions
• Resource availability and expertise gaps
• Cost-benefit analysis of different sourcing options
• Regulatory and compliance requirements

Step 2: Selection of Sourcing Model

Based on assessment, the organization selects from:

• In-house: Best for strategic, highly sensitive, or mission-critical functions
• Outsourcing: Suitable for commodity services or when specialized expertise is needed
• Co-sourcing: Balances control with cost efficiency and expertise
• Cloud: Provides scalability, flexibility, and reduced capital expenditure

Step 3: Tailoring Governance Structures

Once the sourcing model is chosen, governance must be tailored:

• Define appropriate oversight mechanisms for internal vs. external providers
• Establish service level agreements (SLAs) and key performance indicators (KPIs)
• Create vendor management processes and contract governance
• Design risk mitigation strategies specific to the sourcing model
• Implement monitoring and assurance mechanisms

Step 4: Implementation and Governance Execution

The organization implements:

• Organizational structures reflecting the sourcing model
• Management practices aligned with the chosen model
• Information and communication flows appropriate to the model
• Risk management tailored to sourcing-specific risks
• Performance management and continuous improvement processes

Step 5: Monitoring and Adaptation

Ongoing activities include:

• Regular assessment of sourcing model effectiveness
• Performance monitoring against defined KPIs and SLAs
• Risk re-assessment and mitigation adjustments
• Flexibility to adjust the model as business needs evolve

Key Sourcing Model Considerations

In-House (Internal) Sourcing:

• Advantages: Better control, cultural alignment, strategic flexibility, confidentiality
• Disadvantages: Higher costs, less specialized expertise, slower innovation, resource constraints
• Best for: Core competitive differentiators, highly sensitive systems, mission-critical applications

Outsourcing (External) Sourcing:

• Advantages: Cost reduction, specialized expertise, scalability, focus on core business
• Disadvantages: Loss of control, vendor dependency, security risks, potential quality issues
• Best for: Non-core functions, commodity services, specialized technical areas

Co-Sourcing (Hybrid) Model:

• Advantages: Balanced cost-control, shared expertise, flexibility, risk distribution
• Disadvantages: Complex governance, potential coordination challenges, distributed accountability
• Best for: Organizations seeking flexibility and balanced risk management

Cloud Sourcing:

• Advantages: Scalability, reduced CapEx, rapid deployment, automatic updates, global reach
• Disadvantages: Vendor lock-in, internet dependency, regulatory compliance challenges, data residency concerns
• Best for: Scalable workloads, non-sensitive data, organizations seeking agility

How to Answer Questions Regarding Sourcing Model for IT in an Exam

Exam Tips: Answering Questions on Sourcing Model for IT

1. Understand the Core Concept

• Remember that sourcing model is a design factor in COBIT 2019 that determines HOW IT services are obtained and delivered
• Recognize that it is NOT about specific technologies, but about organizational structure and service delivery choices
• Connect sourcing model decisions to governance tailoring - this is the key link in exam questions

2. Identify Question Types

• Scenario-based questions: Read carefully to understand the organizational context, constraints, and business drivers. Match the scenario to the most appropriate sourcing model
• Definition questions: Provide clear, concise definitions distinguishing sourcing models from each other
• Impact questions: Explain how sourcing choices affect governance, risk, and management practices
• Comparison questions: Use a comparison table structure mentally: advantages, disadvantages, best-use scenarios

3. Use a Systematic Decision Framework

When answering sourcing model questions, apply this mental framework:

• Step 1: Identify the business driver (cost, control, expertise, compliance, flexibility)
• Step 2: Consider the function type (strategic, tactical, commodity, specialized)
• Step 3: Evaluate risk profile (high-risk/sensitive vs. low-risk/commodity)
• Step 4: Match to appropriate sourcing model
• Step 5: Explain required governance adjustments

4. Key Distinguishing Features to Remember

• In-house: Control, strategic fit, high cost, internal expertise
• Outsourcing: Cost reduction, specialized expertise, vendor management, control loss
• Co-sourcing: Hybrid approach, balanced costs, distributed responsibilities, complex coordination
• Cloud: Scalability, consumption-based pricing, rapid deployment, vendor dependency

5. Link Sourcing Model to Governance Tailoring

This is critical for exam success:

• External sourcing requires stronger vendor management governance and SLA definitions
• In-house sourcing requires robust internal controls and organizational structure clarity
• Co-sourcing needs coordination mechanisms and clear responsibility boundaries
• Cloud sourcing demands compliance, data governance, and availability management controls

6. Common Exam Question Patterns and Answers

Pattern 1: "Which sourcing model is best when...?"

• When cost is primary driver → Outsourcing or Cloud
• When control is critical → In-house
• When flexibility and expertise balance are needed → Co-sourcing
• When scalability and rapid deployment matter → Cloud
• When strategic differentiation required → In-house

Pattern 2: "How does sourcing model affect governance?"

• Answer should address: organizational structure changes, control mechanism adjustments, monitoring requirements, risk management tailoring, stakeholder engagement changes

Pattern 3: "What are risks specific to [sourcing model]?"

• In-house risks: Resource constraints, expertise gaps, cost overruns, slower innovation
• Outsourcing risks: Vendor dependency, loss of control, service quality issues, security breaches, hidden costs
• Co-sourcing risks: Coordination failures, unclear accountability, complex disputes
• Cloud risks: Vendor lock-in, data security, compliance violations, service outages

7. Vocabulary Precision

• Use the term "design factor" when referring to sourcing model's role in COBIT
• Distinguish between "sourcing model" (how services are obtained) and "delivery model" (where/how services are provided)
• Use "tailored governance" when discussing how governance must adjust based on sourcing choice
• Refer to "service level agreements" when discussing outsourcing governance

8. Strategic Thinking for Higher Marks

• Show understanding of trade-offs: No perfect model exists; all have trade-offs between cost, control, and capability
• Consider organizational maturity: More mature organizations can manage complex co-sourcing; less mature organizations may benefit from simpler models
• Mention change management: Sourcing model changes require organizational transition planning
• Address risk holistically: Connect sourcing choice to overall enterprise risk management

9. Common Mistakes to Avoid

• ❌ Confusing sourcing model with sourcing provider selection (COBIT doesn't specify vendors)
• ❌ Treating sourcing model as purely a cost decision (it affects governance, risk, and capability)
• ❌ Forgetting that governance must be tailored for each model
• ❌ Ignoring that many organizations use hybrid/co-sourcing approaches
• ❌ Overlooking that sourcing model should align with business strategy

10. Preparation Strategies

• Create a comparison matrix: List all four sourcing models with their characteristics across dimensions: cost, control, expertise, risk, best-use scenarios, governance requirements
• Develop case scenarios: Practice matching hypothetical organizational situations to appropriate sourcing models with justified explanations
• Memorize governance tailoring impacts: For each sourcing model, clearly know what governance aspects change
• Practice explaining trade-offs: Be ready to discuss why one model might be better than another given specific constraints
• Study real-world examples: Understand why major organizations choose specific sourcing models (helps with scenario questions)

Sample Exam Question and Answer Framework

Question Example: "A retail organization wants to reduce IT costs while maintaining strategic control over e-commerce platforms. What sourcing model would you recommend, and how should governance be tailored?"

Answer Framework:

• Recommended Model: Co-sourcing (Hybrid) - outsource non-strategic commodity services, retain in-house control for e-commerce platforms
• Rationale: Balances cost reduction with strategic control; e-commerce is differentiation and requires internal expertise
• Governance Tailoring: Implement vendor SLAs for outsourced components, maintain strong internal governance for in-house platforms, establish clear coordination mechanisms between internal and external teams, define accountability boundaries, implement regular vendor performance reviews, ensure security and compliance alignment across both models
• Risk Mitigation: Address vendor dependency for commodity services, manage coordination risks, ensure compliance across sourcing boundaries

Conclusion: Success with sourcing model questions comes from understanding that it is fundamentally a governance design decision that must balance organizational strategy, risk, capability, and cost. Always connect sourcing choice to required governance adjustments.