Former Satyam chairman B. Ramalinga Raju, explaining the more than $1 billion in phony revenue and profits he reported for years, compared the ongoing fraud to "riding a tiger, not knowing how to get off without being eaten." For customers of Satyam--and any other IT outsourcer--the looming question is: Could they get bitten, too?

Now is when best practices in outsourcing--risk management, multisourcing, project documentation, contingency planning--come under renewed scrutiny, and might get put to the ultimate test. Worst case is that Satyam collapses because it runs out of cash; the $1.03 billion it reported having was really just $65 million. More likely, Satyam loses big customers and critical employees, weakening it and possibly making it a takeover target.

Sixty-eight percent of business technology pros who've worked with Indian outsourcers say they wouldn't work with Satyam based on what they know of the financial scandal, an InformationWeek survey last week of 221 pros finds. It's up to interim CEO Ram Mynampati and Satyam's new board--Raju resigned and all board members were replaced by the Indian government--to turn that impression around. Meantime, the rest of the Indian IT industry is scrambling to protect its hard-earned reputation. Half of the IT pros we surveyed say they have new concerns about Indian IT providers, though only 12% say they wouldn't work with one.

"We were surprised like everyone else," says a CIO of one Fortune 50 energy company, who's sticking with Satyam for now. "Every company needs to worry about their major suppliers failing." His company has a multimillion-dollar annual contract with Satyam to provide a range of development, support, upgrade, and maintenance services for procurement and ERP systems. For now, the CIO hasn't had to pull the trigger on contingency plans in the event of vendor bankruptcy and service disruptions caused by staff departures.

Satyam counts 185 of the Fortune 500 as its customers. Wal-Mart has Satyam doing work for it that's "limited in scope and nearly completed," says a spokesman. Wal-Mart, which just a few years ago shunned outsourcing, now works with multiple global providers and expects to do even more.

An IT executive at a Fortune 50 financial services company says his organization uses Indian outsourcers, including Satyam and Tata Consultancy Services, mainly for extra IT capacity. He considers the company's risk minimal but thinks others will be caught off-guard. "Everybody's kicking themselves now," he says. "A lot of people are going to get caught short because they didn't think about contingencies."

Executives at HCL, India's fifth-largest IT services company, immediately saw that the scandal "could have an impact on the view of Indian companies in general," says Shami Khorana, president of HCL Americas. The company quickly sent a letter assuring customers that its management and governance are sound, and HCL CEO Vineet Nayar began blogging about "trust through transparency."

Pradeep Kar, founder and chairman of Microland, a privately held India-based IT infrastructure services provider, calls the Satyam fiasco "exceptions of devious minds." It's not a corporate governance issue, he says, but "the case of a crook."

Smart buyers of IT services will place renewed scrutiny on their vendors. But here's the reality: Most steps to mitigate risks eat into the cost savings from offshore outsourcing, cited as a major benefit by 72% of the pros we surveyed.

Documentation's one critical--and pricey--piece of risk mitigation, says Ben Trowbridge, CEO of outsourcing consultancy Alsbridge. Today, the common practice is for an outsourcer to document processes once and do no more, even as it builds tacit knowledge over the life of a contract. Trowbridge estimates that thorough documentation could shave 20% off outsourcing savings, but it's needed to make switching providers less painful.

A transportation company and Satyam customer came to Alsbridge for help last week and laid out a contingency plan to split Satyam work among three other existing vendors. It wasn't much help, Trowbridge says, because of scant documentation and because each vendor had unique knowledge of the part of the business it served. Even with good documentation, changing providers is expensive and time consuming, taking up to six months for complex projects, he says.

Multisourcing from the start is still a company's best bet to mitigate outsourcing risk, says Eugene Kublanov, CEO of outsourcing consultancy NeoIT. That doesn't mean replicating IT organizations with different Indian companies, but instead focusing on "smartly allocating work," Kublanov says. So highly complex and undocumented processes that require face-to-face interactions still are poor choices to outsource. Those processes with moderate complexity and low documentation, including iterative development work, might be best done in-house, or outsourced near-shore, to a country like Mexico, or the company might just need to get better at documenting work while going global. Highly documented, low-complexity maintenance work is the easiest to outsource offshore.

Legally, companies that didn't explicitly make fraud contingencies part of their contracts may find it hard to back out of a relationship with Satyam, says Hunton & Williams attorney Randall Parks. Termination would likely bring penalty fees. Clauses that trigger contract review based on material changes such as credit-worthiness aren't standard and have to be negotiated. Fraud risk is the reason lawyers often push for "expansive" audit rights from outsourcing vendors, says Shaalu Mehra, an attorney with Perkins Coie. But it's been difficult to get vendors to agree to these clauses, because they can reveal cost structures.

The Industry's Future
Still, the Satyam ordeal isn't likely to derail India's IT industry. Many companies have deep ties with their Indian partners and are loath to walk away from that investment. The scandal might jolt them out of a business-as-usual approach, but they're unlikely to pull out.

Even as Indian salaries rise, the cost savings are still too big to ignore, especially in a down economy. "They could start shooting in India--a small war--and enterprise clients would still have to look at India as an option," says Trowbridge. "It's that big of a savings."

That said, the Indian industry's biggest problem is still the recession, which has further battered financial services companies, the industry's most important sector. TCS last week reported slowing growth amid pressures to cut prices, with third-quarter revenue flat, at $1.48 billion, compared with a year ago. Infosys' third-quarter revenue rose 8%, to $1.17 billion, far below the 20% and higher growth these companies are used to.

Satyam and a U.S. unit lost more than 80% of their value on the Indian and U.S. stock exchanges in the week after the scandal broke on Jan. 7, amid worries Satyam wouldn't survive. The Indian government is unlikely to bail the company out; lenders or acquirers would have to fill any cash shortfall.

The influential National Association of Software and Services Companies (Nasscom) urged Satyam rivals not to poach Satyam customers, but IT service providers from all over the globe are knocking on doors. The financial services exec says his company has received aggressive pitches for the Satyam business. The energy exec says Indian competitors haven't called, but U.S. companies have. Another Fortune 500 CIO, an Infosys customer, says his company has heard from four or five IT services providers looking for business. "They're like vultures," he says.

Microland's Kar (who's on the board of InformationWeek's parent company, United Business Media) says
no one in the Indian IT industry sees the Satyam scandal as good news. As the Indian industry's growth slows amid the global economic contraction, "our desire is
that Satyam and the entire Indian IT industry succeed," he says.

Companies in other geographies--from Mexico to Eastern Europe to China--will try to capitalize on the crisis. But it's a hard sell that India's more prone to financial fraud than other developing countries. Jacob Hsu, CEO of Symbio, a $60 million-a-year Chinese outsourcer, paints a problem of Satyam's size as "systemic" but acknowledges, "I don't think China is any better."

As in the aftermath of the Enron and financial industry messes, there's an outcry in India for more oversight of public companies, à la Sarbanes-Oxley. Recent revelations that the World Bank, which had banned Satyam from contract work in 2008, had also banned Wipro in 2007 for offering IPO stock in 2000 to World Bank employees only fueled the concerns.

From the customer side, look for companies to take a closer look at their outsourcers, even if it's short lived. The Fortune 500 CIO doing business with Infosys says that, while he remains confident in Infosys, Satyam's problems "get you thinking about doing more due diligence."

During contract negotiations, HCL walks customers through the need for contingency planning, Khorana says. For almost three years, it has recommended that customers keep core competencies such as IT architecture closely tied to a business process in- house. And HCL began developing partnerships with other outsourcing companies, to help customers diversify. "But some clients are reluctant to participate in the relationship as actively as they should," Khorana says.

A hands-off relationship isn't a viable option. Outsourcing's never been easy. Companies that invested time in these relationships were always more likely to get real competitive advantage and cost savings from them.