(SINGAPORE) While the witch-hunt continues, the practice of outsourcing technology functions appears to take an early rap for DBS Bank's recent consumer-banking outage. But analysts reckon the lesson to be learned has nothing to do with contracting out IT services but whether there are stringent checks and balances in place to manage such agreements.

'The outage could still have happened even if the bank were to manage its IT assets itself,' said Shawn Yip, an Asia-Pacific market analyst with research firm IDC Financial Insights.

'The need for a thorough understanding and careful structuring of service-level agreements - or QoS (quality of service) agreements - was highlighted by Monday's incident, as well as competencies in vendor management and tightened operational risk processes.'

On Monday, DBS suffered its worst-ever systems failure. Its Internet banking and automated teller, credit card and Nets payment services were crippled for as long as seven hours.

The bank is still looking into the cause with its technology provider IBM. But questions have been raised as to whether the incident could have been averted had DBS kept the maintenance of its technology infrastructure in-house.

Analysts say outsourcing has permeated almost every vertical sector. Banks and other Fortune 500 companies have been the flag-bearers of this trend, by outsourcing functions such as the management of call centres and manufacturing to foreign firms more than a decade ago.

In recent years, the scope of outsourcing has expanded beyond periphery roles to so-called mission-critical tasks such as security functions. In the United States, for example, private military contractors have even been enlisted for the war in Afghanistan.

Instead of increasing the chances of failure, it is usually safer for a company to leave things in the seasoned hands of industry experts, said Jim Longwood, research vice-president of IT sourcing at analyst firm Gartner.

'Dependence on an external service provider for mission-critical applications is common in banking, airlines and telecommunications,' he said. 'In general it is less risky than a client taking control of it themselves, because the providers are able to leverage best practice and experience across multiple clients they run systems for.'

In Singapore, most corporations rely on a hybrid outsourcing model, farming out some technology functions while retaining control of others.

For example, the government outsourced the task of managing the computer systems of almost all public-sector agencies to a consortium involving US-based IT services giant EDS and home-grown Singapore Computer Systems (SCS) under a $1.3 billion tender in 2008. EDS has since been acquired by Hewlett-Packard and SCS by Singapore Telecom subsidiary NCS.

The Ministry of Education followed suit last month by awarding NCS an $850 million contract to manage 120,000 computers. Despite having awarded these deals, the government retains firm control of key functions such as the management of the data centre in which all its sensitive information resides.

'It is common for financial institutions to prefer a hybrid sourcing model,' said IDC's Mr Yip. 'At the same time, the service provider may be better-equipped than the bank, from an infrastructure management, domain expertise, and cost efficiency standpoint, to manage certain functional points.

'Such factors have to be carefully weighed by the bank in the long term.'