Maturity models of IT outsourcing: A systematic literature review

This article provides a systematic review of existing research related to maturity models of IT outsourcing. The main purpose of this review is to identify maturity models used to assess IT outsourcing practices in organizations and the key elements used in developing the models. In addition, this article provides useful insight for other researchers on maturity models of IT outsourcing. Based on the systematic review conducted, 400 articles were retrieved from the selected online databases. Out of the 400, 45 articles were chosen as candidates, and finally 12 articles were selected for review in this study. This study found that most of the existing models do not have a standard process and most were developed using different framework with different deliverables and expectations. Besides that, this review also found that research in developing maturity models of IT outsourcing is still new, and that there is limited adoption of existing maturity models which suggests the need for further research to propose a standardized development process and framework for maturity models.


Introduction
*IT outsourcing is not a new phenomenon in various organizations and has been a common business practice for more than two decades. IT outsourcing involves using technological or professional IT resources from third party vendors. Although outsourcing is becoming an important trend in IT environment, there is complexity in managing the outsourcing process. Successful management of outsourcing models such as shared services requires high maturity in key areas such as definition and implementation of the outsourcing, contract management, service management process and service levels agreements. Organizations have to ensure that they understand their own outsourcing maturity level in order to align with the business strategic functions and improve the efficiency and effectiveness of outsourcing process.
The study by Marcus (2015) showed that IT outsourcing has a long term negative effect on the business of organizations and the need for recovery is lengthy. Therefore, the author suggests that organizations that are considering IT outsourcing should carefully assess if the outsourcing will give value to the business for otherwise IT outsourcing will become a pointless business disruption. Alleman (2005) argued that maturity assessment is important in order to address three major aspects in an organization such as, identifying risks, focusing on improvement and identifying areas of business optimization. Some researchers also argue that organizations should create metrics to measure the quality of outsourcing process and improve performance internally before any decision on outsourcing is made (Farrell, 2010). The maturity assessment for IT outsourcing and good management of outsourced IT services is needed for continuous learning and improvement even though the organizations have reached the maximum level of maturity (García et al., 2015).
Maturity model is a tool for judging whether the processes used and the way they are used are characteristics of a mature organization (Fairchild, 2004). Currently, there is no specific measurement mechanism found in the literature which could adequately measure the maturity level of IT outsourcing in an organization (Derksen, 2013). In order to research this issue, an extensive review and analysis of the relevant literature and existing IT outsourcing maturity models is presented. Furthermore, it is questionable if the current approach of outsourcing of IT increases the effectiveness of IT and helps businesses to achieve their strategic goals (Derksen, 2013). This unclear situation motivated the researchers to study the maturity models of IT outsourcing with a focus on discovering the key elements used in developing the models. This article reviews existing research on the maturity models of IT outsourcing. The aim of this study is to identify existing maturity models used to assess IT outsourcing practices in organization and the key elements used in developing maturity models of IT outsourcing.

Systematic review method
The systematic review processes are based on the guidelines proposed by Kitchenham and Charters (2007). According to the guidelines, the process in conducting systematic review consists of three main phases: (i) planning the review; (ii) conducting the review; and (iii) reporting the review. The detailed phases and steps are shown in Fig. 1.

Findings
The articles retrieved from the search engines are shown in Table 1. Four hundred studies have been identified from the initial phase of the search process by using the search terms defined above. The total number of the articles selected is 15 before the process of elimination for any duplicate articles has been done.  For the first filter, only 45 articles were potentially relevant to this study based on the screening of titles and abstracts. In the second stage, each of these articles was filtered via thorough reading of the full text to verify that all the articles meet the inclusion criteria and eliminate any duplicates.
Finally, 12 articles were accepted for review. The selection process for including articles in the review is depicted in Fig. 2.

Research questions
In order to construct the research questions, the researchers follow the criteria suggested by Petticrew and Roberts (2006) that consists of five elements known as PICOC. Table 2 shows the criteria and scope of the formulation of research questions.
Based on the five criteria above, the researchers have come out with following the research questions of this study:

Specifying dissemination mechanisms
Formatting the main report

Data sources
The selection of online databases was based on the researchers' knowledge of the databases that indexed "IT Outsourcing" and "Maturity Model", and the list of available online databases subscribed by the Universiti Teknologi Malaysia's library under "Computer Science" subject category (Table 1). In addition, the researchers also reviewed references of the identified papers to find other papers related to this study.

Search strategy
The search string used are "IT outsourcing", "ITO", "maturity model", and "maturity" which are then combined using Boolean "AND" and Boolean "OR" in the titles, keywords, and abstracts.
The inclusion criteria considered for the selection of studies were the following: journal articles or proceedings of conferences published in digital databases, written in English, and the content must include maturity model used to measure or assess IT outsourcing practices in organization. The exclusion criteria apply to those articles that are not written in English, not focusing on particular domains in developing the maturity model and did not match the research questions stated. Organization, industry and practitioners. Intervention (I) Maturity models to assess current practices of IT outsourcing and key elements used in each model.

Comparison (C)
Key elements used in developing the models.

Outcomes (O)
A set of existing key elements and maturity models of IT outsourcing used in the organization.

Context (C)
Reviewed of any studies of the key elements and maturity models of IT outsourcing.

What is the maturity models used in assessing the IT outsourcing practices in organization?
Table 3 lists all the accepted articles for review published from 2004 to 2015. Four of them are journal articles and others are from conference proceedings. Most of the proposed maturity models are based on the authors' literature review, or by using standards framework such as ITIL, COBIT, CMMI and ISO/IEC 38500 Standards. Most of the authors developed maturity models for measuring IT outsourcing relationships and management in client or vendor perspectives.

What are the key elements used in existing maturity models of IT outsourcing?
Twelve maturity models are identified as tools to assess IT outsourcing management. The review conducted produced an initial list of key elements in developing the IT outsourcing maturity models. The key elements are listed in Table 4. The existing models are varied and from the list, it can be seen that there are different criteria used in the maturity models which required the researchers to develop new models or make major modifications to suit the model requirements.

Discussion
This review reveals that there are 12 maturity models that have been developed related to IT outsourcing. Most of them are adapted from wellknown maturity models such as CMMI, ITIL and ISO standards, and there is also self-developed maturity models tailored to their specific purposes.
Based on the comparison of all selected maturity models, the scope of the models, and the key elements defined, it can be concluded that there are some overlapping and joint elements such as Financial Management, IT Governance Structure, # of studies retrieved from online databases n = 400 # references n = 8

Screening of titles and abstracts # of studies for review of full text n = 45
Detailed assessment of full text Total studies selected n = 12 Studies excluded: Duplicate n = 3 Inclusion criteria not meet 27 Client and Vendor Capability and Performance Management. Based on the findings in this review, the researchers believe that it is possible to define different characteristics for developing maturity models of IT outsourcing including some new elements.   (García et al., 2015) Measure the maturity level for IT service outsourcing in higher education institution Formal Agreement Service Level Agreement IT Governance Structure

12.
Luong and Stevens (2015) Long-term success of IT outsourcing relationships Customer Expectation Vendor Expectation

Conclusion
In this article, the researchers have presented the results of a systematic review to find out existing maturity models of IT outsourcing and the measurement elements used to develop a maturity model.
As a result, we can conclude that most of the development of existing models does not have a standard process, and all of them are using different framework which create different deliverables and expectations. Besides that, this study also shows that research in developing maturity models of IT outsourcing is still quite new. It shows that there is still limited adoption of the existing maturity models which suggests the need for further research.
Currently, the researchers are developing a maturity model for IT outsourcing that focuses on the key elements associated with Malaysian public sector. The result of this systematic review also shows that there is lack of studies in assessing IT outsourcing maturity level in the public sector. Based on this fact, the researchers decided to conduct the research in the context of a public sector organization, and the findings in this review will be employed to determine which elements to be included in the model. Besides that, the proposed study will also identify new determinants or confirm the existing determinants for the public sector organization. Finally, this study can also benefit IT practitioners, the industry and public sectors by identifying various measurement elements that may serve as guidelines for those planning to assess the maturity level of IT outsourcing in their organizations.