Third-party management in software development: proposal of a methodology

Outsourcing allows organizations to reduce costs, optimize the use of resources, provide added value in services and goods, and concentrate on achieving the strategic objectives of the business. However, many software projects have failed due to the lack of knowledge of the factors involved in its planning. Some of these elements are poor communication with the supplier, weak monitoring of the status of tasks, lack of active participation of users and stakeholders at all stages of the process, and software quality assurance. Consequently, this research aims to aid the management of the outsourcing process and proposes a methodology for its management during system development. The methodology comprises 7 phases, each one with its inputs, tasks, and outputs, which are used by the following stages. In summary, it synthesizes the best practices for the management of third parties.


Introduction
An outsourcing relationship is an agreement in which a contracting company agrees with a supplier to perform some specific functions that usually are not the core activities of the hiring organization. Ideally, the decision of the hiring organization over the tasks to be outsourced considers their criticality, the market situation, the skills of employees, the expected improvements to reach with the outsourcing and cost reductions. Accordingly, the scope of the relationship with the supplier could be traditional or strategic (Franceschini, Galetto, Pignatelli, & Varetto, 2003). This type of arrangement has shown to have numerous benefits when performed successfully. However, 30 % of companies cancel their outsourcing contracts prematurely, between the 20 and 25 % fail during the first two years of the agreement, and the 50 % do not survive more 72 Enfoque UTE, V.11 -N.2, Abr. 2020, pp. 71-84 than the first five years (Grossi & Calvo-Manzano, 2012). Therefore, the scenario for the outsourcing of software development is not encouraging because these frequently face high levels of complexity and uncertainty that are intrinsic to such kind of projects (Whang, 1992).
The leading causes of the failure of outsourcing software development are the inadequate definition of requirements and scope of projects, inappropriate selection of the suppliers and development methodologies as well as the low involvement of stakeholders and end-users from the different levels of the organization in each stage of the development process. Besides, other causes are the lack of adequate tracking of signs of progress and milestones, the absence of proper and proactive communication of the customer with the supplier and a poor definition of the structure of the work team (Selleo, 2016a).
To contribute to the management of outsourcing processes, some researchers have conducted various studies intended to identify and recommend some best practices and propose procedures composed of stages (Erazo-Paruma, Guerrero-Mera, & Correa-Pino, 2014;Perunović & Pedersen, 2007). Those processes share some steps, but they treat superfluously the aspects related to communications, stakeholder management, and quality assurance. Still several challenges require attention, including the definition of a comprehensive guide to lead outsourcing administration.
Therefore, to fill out this gap, this research aims to devise a flow of steps for planning and managing outsourcing processes. The steps listed below for the outsourcing management arose from the analysis and classification of the processes and best practices mentioned above: preparation, supplier selection, development, relationship management, and reconsideration.
Overall, the preparation phase relates to defining the project and tasks to outsource, requirements elicitation, and planning of the outsourcing process, whereas the selection of the supplier associates to the reception of offers, the evaluation of proposals, the selection of the best supplier offer, and the signing of the contract. Besides, the development phase links to software design, programming, testing, and progress tracking of the project.
The relationship management stage relates to periodic meetings, minute meetings, email exchanges, and a proper resolution of conflicts protocol. Meanwhile, the reconsideration phase binds to refinement iterations, requests of changes due to requirements and design modifications, claims for noncompliance with requirement and design, and unsuccessful testing. This paper is an extension of the paper accepted in INCISCOS 2019 (Nunez-Sanchez Y., 2019) and carries out a literature review (section 1) to develop a methodology with best practices for managing software projects in outsourcing processes (section 2) and presents the conclusions (section 3).

Background
Software outsourcing is generally complex, and although there exists a bibliography to support managers, there are still several challenges that require attention. The high-level activities of an outsourcing process consider the identification of the type of project to carry out. It considers what is going to be developed, how it is going to be carried out, and who will be involved during its development. Based on this, it is relevant to consider the following points (Selleo, 2016a) when you want to start an outsourcing process: • What tasks or projects to outsource? There should be clarity about the tasks or projects to outsource and the nature of these.
• What is required to do? It intends to define precisely the requirements.
• How to carry out the tasks or projects? It involves not only the methodology to use but also the structure of the work team that will participate in its development. • Who is going to be involved? It is essential to know the users, the managers that support the development, and who will participate in the definition of requirements, monitoring, and acceptance.
The definition of internal and external benchmarking is the following: • Internal benchmarking: it consists of analyzing the core competencies of the company and identify the processes to outsource, in accordance with the analysis of costs reduction or the lack of skills of the employees. Then, the type of relationship with the supplier is defined, according to the interests of the client. The relationship established can be a traditional, temporal, strategic or organizational network. • External benchmarking: it analyzes, identifies and selects the supplier to define the levels of the service agreement.
A model for the administration of the outsourcing process can contemplate (Erazo-Paruma et al., 2014) the following steps: • Planning: determines the need for the acquisition, and defines the requirements of the software, identifies the potential suppliers, and specifies the acceptance criteria in conjunction with the acquisition plan. It also sets the priorities and order of the development tasks. • Announcement: it is responsible for announcing the need and requirements of the product to the possible suppliers identified. • Supplier selection: it aims at the selection of the supplier that best fits the system development and complies with the requirements. • Contract: it negotiates the agreements and the relationship with the supplier and includes the formalization of the contract. • Monitoring: it intends to monitor the progress of suppliers in meeting the goals and review their progress according to the agreed costs and deadlines. It carries out this task following the levels of the service agreement. One of the purposes of this stage is to measure the performance of the supplier (Franceschini et al., 2003). • Acceptance: it evaluates the product using the established tests and acceptance criteria. • Closure: it is responsible for verifying the acceptance of all deliverables of the product. • Follow-up: it monitors the performance of the system performance and the response times of the supplier to incidents.

Phases for the management of third parties in software development projects
This section presents the proposal of a methodology to aid the management of outsourcing processes based on the review carried out in section 2. The procedure synthesizes the fundamental phases for this type of process. It considers seven stages that contemplate aspects to improve the communication, active participation of the parties, and the quality of the final product: 1. Start 2. Planning 3. Selection and hiring of the supplier 4. Execution 5. Managing the relationship with the provider 6. Acceptance and closing 7. Reconsideration The flow of the procedure and the relationship between the phases is shown in Figure 1 with a special emphasis on communication management, relationship management, and quality assurance. It is important to consider the special role of Communication management, Relationship management and Quality assurance. Communication management must be performed during almost all phases of outsourcing (except the Start and Planning phases) and includes relationship management and quality assurance. It aims to guarantee better communication between the customer and the supplier through tools, methods, and techniques that facilitate the exchange of information from the initial stages of the system development.
Concurrently, the administration of the relationship seeks to improve the connection between the supplier, users, and stakeholders to enhance the understanding of needs, monitor progresses during development, and evaluate product deliveries. Similarly, quality assurance must be present from the beginning of the development of the system because it plays a predominant role in the acceptance and closure phase. The following sections explain in detail the phases Start, Planning, Selection and hiring, Execution, Acceptance and closing, and Reconsider, as depicted in Figure 1.

Start
This phase analyzes the opportunities for outsourcing the development of a system or a part of it, considering some factors such as criticality, the skills of internal personnel, the costs of the process, market situation, and suppliers available. If the result of the analysis is positive, a well-justified proposal should be written, seek internal backup from different levels of the organization (especially at the decision levels), obtain financial support, and start the hiring process. Some of the tasks to consider in this phase are the following: • Internal or external development: it establishes if it is possible to carry out the development of the system internally or externally some factors (Project Management Institute, 2013) should verify: Analysis of the organization: it consists of performing the verification of the core capabilities and economic activity of the business. It analyzes if the delegation of tasks to a third party will bring new expertise and will not cause any drawback to intellectual property or would imply the transference of critical knowledge that could have future financial consequences. Determines the added value suppliers can provide: it studies the capacity of suppliers in meeting the expectations of the project, and their possibilities to satisfy the needs of the customer and of helping to generate value. Evaluate risks associated: it investigates to identify the risks involved in developing the system internally. The decision to outsource depends on the previous factors and the threats to perform the development within the organization and its likelihood to materialize and cause serious issues. If the risk level is high, it is advisable to find an experienced company that can ensure the success of system development and the possibility to make a profit or obtain a competitive advantage with its implementation. Comparison of the internal capacity and competences of suppliers: it determines if the knowledge, experience, management capacity, technical capabilities, and tools of suppliers are better than the internals to carry out the project successfully. • Individual analysis of the projects to be outsourced: it aims to identify the projects to outsource. It studies the efficiency of the organization using as a basis the possible losses of money, expenses, and lack of skills for the development of the system. • Statement of the project or constitution act: it defines the need for outsourcing the project to present it to the top management to obtain its acceptance and commitment. Among the different techniques to perform this task are the following: Preparation of the general description of the system through meetings, sessions, forums, workshops or brainstorming that involve not only high rankings but also end-users. User stories. • Identification of the stakeholders: it determines the internal persons who may benefit or result harmed by the development of the system. This task seeks to guarantee the participation of these people in the process.

Planning
This phase aims to define the scope, requirements, quality factors to evaluate, human resources, the communication means with the supplier, the criteria for the selection of the supplier, the type of contract to use, and the budget. Furthermore, it defines the methods to control the execution of the project and obtain the desired results. The following sections offer an orientation to carry out these tasks: • Scope definition: it provides a high-level overview of the system requirements (Selleo, 2016b) and includes the following elements: Summary of the desired application or product.
Purpose of the new system, problem (objective or need) it seeks to solve and goals to consider the achievement of success. List of product features and future users of the system. Performance requirements, speed, availability, volume, and reliability. Technology to use, development language, operating system, and systems that must work together with the new application.
There are circumstances in which there is no clarity to define the scope at the beginning of the planning. Therefore, it is convenient to determine it during crucial stages such as the iterations or deliverables acceptance. Additionally, the selection of the type of contract should consider not to affect the final product or its costs.
• Analysis and definition of functional and non-functional requirements: it identifies the low-level requirements of the system according to its objectives and the problem it seeks to solve. • Budget planning: it aims to determine the budget components of the outsourcing project indicating the sources and the execution timeline. • Definition of the quality assurance plan: it defines the planning of the quality processes during the life cycle of the project and the requirements, outputs, and feedback channels to use. Some of the phases for the management of software quality are the following (IEEE Computer Society, 2014): Planning: it determines which standards to include in the development process, defines the quality goals, estimates the costs and outlines the schedule to perform the software quality audits and reviews. Assurance: it is responsible to define the technical measures, and procedures for reporting problems, evaluates whether the development methodology is appropriate and execute corrective actions. Furthermore, it verifies that the system fulfills the requirements and objectives, certifies that the expenses are according to the budget and corroborates that the progress conforms to the project schedule. Then, the evaluation of the quality can consider any of the following categories (Mendoza, Pérez, Grimán & Rojas, 2002): • Functionality: verifies the ability of the system to meet the requirements.
• Reliability: corroborates that the results of the system are correct.
• Usability: establishes the ease to use of the system and the time users need to understand and learn its use.
E ciency: certifies the performance of the system in different scenarios and with distinct work demands and time responses. Maintainability: tests the feasibility to modify the system without difficulties or the need to perform cumbersome tasks. Portability: attests that the system can run in different operating environments or platforms without the need for changes. The procedure establishes it as mandatory to select the Functionality category. The selection of additional categories depends on the strategy and goals the organization seeks to meet with the system. This phase also considers the use of metrics to evaluate and estimate product quality. • Planning the management of human resources: it defines the roles for the project management and the successful development of the outsourced system (Erazo-Paruma et al., 2014). These roles may vary according to the organization and project, and Table 1 list to some of them. • Preparation of the communications plan: it determines the flow and communication channel between the customer and the supplier to guarantee the active participation of the interested parties. Furthermore, it should define the tools to use and the collaborators and managers that will be involved in the process. The communications plan should contain the following elements (Project Management Institute, 2013): Communication requirements of the interested parties. The information to communicate, including the language, format, content, and level of detail. Reason to distribute the information. Deadlines and frequency for the distribution of information and receipt of confirmations and responses. Responsible for communicating relevant information.
Responsible for authorizing the disclosure of confidential information. The groups of persons and individuals designated to receive relevant information on the project. List of methods and tools to transmit information such as memoranda, email and press releases. Resources assigned for communication activities. Escalation process to follow for the solution of complex issues. It should include the deadlines for each stage and the designated managers designated. Methods to update and refine the communications management plan as the project progresses and develops. Glossary of common terminology.
The flowcharts that describes the information flow, the authorizations sequence, the list of reports, and the meeting plans. The communication restrictions that arise from the legislation, regulations, technology, or policies.

Tabla 1. Roles of participants in the software outsourcing process
Puesto/Rol Descripción de responsabilidad Director (Dir) It is a knowledgeable person of the processes of the organization and has the responsibility of administering the project.

Procurement Manager (PM)
It is responsible for carrying out, coordinating and contracting the supplier, based on the parameters, and is the direct contact between the customer and the supplier, and centralizes the communication and the flow of information.
Programmer or Software Engineer (SE) It collaborates with defining the scope and requirements of the system and serves as the technical contact with the supplier.
Contracting Manager (EC) It is responsible for the legal aspects to establish and negotiate the contract according to the needs defined by the director and users.

Software Quality Engineer (QA)
It verifies, ensures, tests, controls, and communicates the quality of the process and the product based on the plans and agreement with the supplier. Furthermore, it sends the status of the project to the interested parties to identify delays, disagreements, or gaps that may exist for decision-making on time.

Users/stakeholders (U)
It is the interested party of the development of the system, and his active participation in the process is critical to ensure that the final product satisfies his needs.
• Definition of the type of contract: it can be one of the following according to the type of project or product: Fixed price contracts: this type of arrangement is appropriate when the requirements specification is accurate. However, they generally establish that subsequent changes imply an increase in costs. Reimbursable cost contracts: the payments cover the costs incurred during the development of the system, plus the fees of the supplier. If the scope of the project is not well defined at its beginning, this type of contract offers flexibility to reorient the provider. Contracts for time and materials: it is a hybrid of the two previous types of arrangements. It is useful for increasing staff and hiring experts or external support in a flexible manner. However, regardless of the type of contract, the inclusion of incentives is valuable to motivate the developer or supplier. • Supplier selection criteria: it aims to identify the selection and evaluation criteria of suppliers (Grossi & Calvo-Manzano, 2012). It is essential to define the weight of each criterion to calculate the grade of suppliers. Some of these criteria are price, delivery time, flexibility, technical capacity, warranty, references, responsiveness, and experience. • Potential suppliers: its goal is to identify candidate suppliers based on market analysis, the experience of experts, and the previous projects of providers. • Acceptance criteria: includes evaluation of accomplishment of requirements, the technical capabilities, and the quality level established by the customer as the minimums to accept the partial deliverables and the final product. • Work statement: it consists of the requirements and scope of the system. Suppliers can use it to make an analysis and determine their capacity to build a solution.

Supplier contracting
This step implies the announcement of the need to hire a supplier (i.e., using a tender, direct contracting or invitation), the reception of the proposals from interested suppliers, the evaluation of offers, the selection of a supplier, the preparation and negotiation of the contract and the awarding the contract (Erazo-Paruma et al., 2014). The process to select a supplier can use a matrix with the outcomes of the evaluation criteria to obtain the results per provider and guarantee the best choice.

Execution
This phase contemplates the development of the system and requires the active participation of the customer. It receives as input the elements of the quality assurance plan and is responsible for evaluating criteria through reviews, audits, and inspections (see Figure 2). These evaluations are carried out throughout the system development cycle to ensure the quality of the product (IEEE Computer Society, 2014) and include: • Administration reviews: it consists of monitoring the progress of the project and the effectiveness of the management of the development process according to the planned schedule. • Technical reviews: these are product evaluations and verifications according to metrics and evaluation categories. • Static evaluations: it consists of examining the documentation (i.e., requirements, design, and model) and the source code of the software without executing it. Dynamic evaluations: it determines the compliance of the system with the measures and quality levels and implies the execution of the code before launching the software.

Relationship management
The supplier relationship management focuses its efforts on the participation of project stakeholders to maximize their presence during the development with the aim of achieving a greater understanding of problems and finding better solutions for the stated needs (see Figure 3). Besides, it considers the use of collaborative tools and the graphic representation of the fulfillment of tasks to evaluate the project progress. The aim of using these tools is to reduce physical, cultural, and language distances, and to bring customer and supplier participants to work together. This phase manages the problems derived from changes or criteria differences during the development. The tasks that support this phase are the following: • Execute the communications management plan: it aims to outline the activities of the communications management plan, meeting schedule, promote the communication and active participation of stakeholders and involve users in the development process, as well as developing the following actions: Maximize the physical presence of stakeholders and end-users in the development team to get their feedback, to correct ambiguities in the requirements and achieve greater compliance, and to satisfy the desired functionalities. Meet at least two times a week formally to answer questions, solve problems, track the progress of the development, verify the compliance of objectives, and the accomplishment of the agreements reached on previous sessions. The meetings could be virtual because of the locations of members of the team in different places, but it is advisable to hold face-to-face sessions at least once a month. Therefore, a supplier with a local presence is desirable. Create a list of the contact addresses of the provider and include the emails, phone numbers of managers, the details of the team members to contact for specific issues, and information to arrange videoconferences, and face-to-face meetings. Messages exchanged should be concrete, coherent, complete, clear, concise, and correct, regardless of the means of communication used. Make a visual representation of the workflow for better communication, using a tool such as a Kanban board. So, the involved people can see pending and in-progress tasks to monitor the status of the project. Use collaborative work tools for communicating with the supplier (chats and emails), to carry out the knowledge management (wikis, note management, photo management, online storage, collaborative editions, publication of documents and presentations) and to perform project management (calendar control, follow-up of meetings, events, control of milestones, pending tasks, tools of responsibilities and distribution of work). Furthermore, it is essential to prepare mind maps and collaborative boards, for example, by using Conceptboards and corkboards to annotate concepts and leave notes to project participants. • Manage the resolution of conflicts: the elements that are consider carrying out this task are the following: Inform the performance of the supplier: It aims at collecting and distributing information about the performance of the supplier. It considers the ability of the supplier to understand requirements, its compliance of the schedule, costs, quality goals and management of incidents and risks. It is necessary to analyze the causes of discrepancies between actual results and expected outcomes. If differences exist, the supplier should provide an action plan to meet the goals and deliverables agreed upon for the project. Present the findings: this report includes performance measures carried out with the participation of stakeholders and users. This considers the review of incidents, problems, feedback, and opportunities for improvement. Identify e ects: this step looks to identify the changes that may cause incidents and affect the service during the next phase of the project execution. Evaluate external factors to the process: it is responsible for evaluating events that are not linked directly to the software project but could affect its development and, therefore, require special attention from the supplier. Manage conflict resolution: it aims to solve and negotiate discrepancies and manage variations due to requirements not initially contemplated that alter the scope of the project objectives.

Acceptance and closing
This phase emphasizes the reception and evaluation of deliverables, partial and final, based on the acceptance criteria. These must be aligned with the testing goals and planned quality levels. The basic tasks of this phase are the following: • Receive the final delivery of the system, perform the corresponding tests, evaluate it based on the acceptance criteria and assess the results of the evaluation. • Receive the final delivery of the system, perform the corresponding tests, evaluate it based on the acceptance criteria, and assess the results of the evaluation.
• Prepare a detailed report If non-conformities are identified and call for actions to proceed with the corrections. • Manage pending invoices and payments.
• Confirm the acceptance of all deliverables if the project finished successfully. • Evaluate the supplier, and report the lessons learned to use them as a reference in future projects.

Reconsideration
This phase carries out an evaluation based on experience and the information collected during the development of the project, and considers performing the following activities: • Perform evaluations of the scope of projects, the service, and contracts on an annual basis. It appraises the current needs of the business and ensures that the return value is according to the investment and the business market. After this assessment, some adjustments align the projects with the strategic goals of the organization. • Adjust the requirements and planning when there exists a perception of dissatisfaction with the execution of the project, although the supplier is providing the service following the required service levels, and it is fulfilling the evaluation criteria. • Reconsider changing suppliers when there is evidence of non-compliance with the requirements, service levels, and other critical factors for the success of the project. Assess the impact that this decision may cause to the organization and make a balance of the benefits and consequences. • Perform the backsourcing of the project when contracting an external organization for its development does not add value to the business or return on investment. It is a strategic decision that also considers the impact on costs and business opportunities for the organization. This type of decision is independent of the levels of compliance of the supplier in performing its functions and fulfilling the service level agreements and timing goals. Figure 4 shows the phases described above for the third-party management of software development, the roles of people involved in each phase, and the inputs and outputs expected.

Conclusions
The management of relations is critical when contracting suppliers for the development of software systems. So, this work focused on the development of a methodology to facilitate the management of an outsourcing project.
The methodology is a synthesis of the processes and best practices for the management of outsourcing. It summarizes fundamental aspects about the phases, tasks, and outputs in each of the stages of an externalization project. Therefore, it aims to be a useful tool to provide an overview of the factors to consider during the planning and development of software projects contracted to third parties.
The methodology essential elements are the planning of the management of the relationship with suppliers, the communications, and the quality assurance during the outsourcing process since the system conception to its acceptance. Furthermore, one of the virtues of the methodology is its visual synthesis. It provides a clear overview of the activities to consider and the route to follow for understanding the process and aiding the communication with the management.
Future work will evaluate the use of collaborative tools and project management to identify the best options to integrate into an outsourcing process. Besides, it is going to consider the development of a methodology to contribute to perform requirements elicitation accurately, considering the active participation of users and stakeholders.