Skip to main content
ISAE 3402 agency

Agency Theory in outsourcing

Organizations have been dealing with how they can exploit their competitive advantage since the industrial Revolution to increase markets and their profits in these markets. The most important model in the 19th and 20th century was the large integrated organization. In the 50’s and 60’s corporate bases were more broadened to profit from economies of scale.

Economies of scale

The large integrated organization diversified its product range and expansions required more layers of management. Because of technical developments such as the internet, organizations were forced to complete more globally in the 80’s and 90’s and were handicapped by a lack of flexibility because of the bloated management structures. To increase agility, many large organizations developed a strategy focused on their core business and core processes.

Principal-agency problem

The focus on core processes started the discussion of which processes were core and critical for business continuity and which processes could be outsourced to external service providers. Processes or functions for which no internal resources were available were outsourced to specialized agency or service providers. Consequently, the principal-agency problem between user organization and service organization evolved and the principal-agency theory and the related information asymmetry increased in importance aligned with the growth of outsourcing. 

Information asymmetry

The most common agency relationship in the financial domain occurs between investors (or shareholders) and management of a company. The principal might not be aware of the activities of an agent or is prohibited by the agent to acquire information. The result is an information asymmetry between the principal and the agent. For example, management desires to invest in emerging economies while the risk appetite of the principal is adverse. This strategy of management might sacrifice short-term profitability and increase risks of the company and might also lead to higher earnings in the future. However, the investors that desire high current capital earnings with low risks and may be unaware of these plans of management.  If the consequence of this strategy of management is that certain losses are incurred, management might be inclined not to disclose this information to shareholder. The evolvement of the accountancy profession was an important development in the worldwide mitigation of the agency problem. In 1992 the SAS70 standard became relevant for outsourcing assurance, this SAS 70 standard was replaced by the ISAE 3402 standard in 2011. Outsourcing assurance, mitigated the information assymetry and improved trust between user (organizations that outsource) and service organization (organizations who provide services to these organizations).

Agency theory in outsourcing

In general terms, the agency theory relates to all relationships between two parties in which one party is the principal and the other party is the agent who represents the principal in transactions with third parties. Agency relationships occur when the principals hire the agent to perform a service on the principals' behalf. Principals commonly delegate decision-making authority to the agents. Because contracts and decisions are made with third parties by the agent that affect the principal, agency problems can arise.


In the situation outsourced activities to service organization by an user organization, the agency theory is relevant for all aspects described; information asymmetry, risk tolerance and resources committed. For example, a financial institution outsources IT services to a managed services provider. The managed service provider has no insight in the risk tolerance of the institution and might decide that a weekly backup is acceptable or that storage of data outside of the EU is acceptable. The service provider might not inform the organization of down-time of certain servers if this network outage is not identified by the financial institution. The service organization might also be inclined to minimize resources performing activities while trying to increase the fees received. A service organization might also have a different tolerance towards fraud or might be the committer of fraud itself. In the pension industry asset managers can make profits by front running transactions of pension funds. Resulting in the principal-agency problem described above.



Risklane can help you achieve ISAE 3402 l SOC 1ISAE 3000 l SOC 2ISO 27001ISO 9001. Let us help you find the perfect solution for you and your organization. Give us a call at +31 30 2800888 or contact us.

 Front running is also known as tailgating, is the prohibited practice of entering into trade to capitalize on advance, nonpublic knowledge of a large pending transaction that will influence the price of the underlying security.