Growing Vendor Management



Similar documents
Vendor Management. Outsourcing Technology Services

Blind spot Banks are increasingly outsourcing more activities to third parties. But they can t outsource the risks.

Software Asset Management on System z

RISK MANAGEMENT PROGRAM THAT WORKS FOUR KEYS TO CREATING A VENDOR. HEADQUARTERS 33 Bradford Street Concord, MA PHONE:

White Paper THE FIVE STEPS TO MANAGING THIRD-PARTY RISK. By James Christiansen, VP, Information Risk Management

Best Practices: Cloud Computing for Associations

Best-in-Class Vendor Management Office

Contact Centers in the Cloud: A Better Way to Source

How To Use Cautela Labs Cloud Agile.Com

3 rd Party Vendor Risk Management

building a business case for governance, risk and compliance

END TO END DATA CENTRE SOLUTIONS COMPANY PROFILE

VENDOR MANAGEMENT. General Overview

2014 Vendor Risk Management Benchmark Study

Information Technology

Domain 1 The Process of Auditing Information Systems

The future of application outsourcing: making the move from tactical to strategic

Services Providers. Ivan Soto

SOLUTION BRIEF: CA IT ASSET MANAGER. How can I reduce IT asset costs to address my organization s budget pressures?

THE BUSINESS OF CLOUD

10 Best Practices in Printer Fleet Management

Certified Identity and Access Manager (CIAM) Overview & Curriculum

What you need to know about cloud backup: your guide to cost, security, and flexibility. 8 common questions answered

TAKE COST CONTROL AND COMPLIANCE TO A NEW LEVEL. with ACL Travel & Entertainment Expense Fraud and Cost Control Solution

THE UH OH MOMENT. Financial Services Enterprises Focus on Governance, Transparency and Supply Chain Risk

Vendor Risk Management in the New Regulatory Environment. kpmg.com

Emptoris Contract Management Solution for Healthcare Providers

agility made possible

The Business Continuity Maturity Continuum

Managed Services - Driving Business Value in Banking

Vendor Management Program Office Onshore or offshore?

Accelerate Your Enterprise Private Cloud Initiative

SAP Managed Services SAP MANAGED SERVICES. Maximizing Performance and Value, Minimizing Risk and Cost

Address IT costs and streamline operations with IBM service desk and asset management.

Solution brief. HP solutions for IT service management. Integration, automation, and the power of self-service IT

COMMUNIQUE. Information Technology (IT) Governance Guidance

IT SERVICE MANAGEMENT POLICY MANUAL

Right-Sizing Electronic Discovery: The Case For Managed Services. A White Paper

How Can I Better Manage My Software Assets And Mitigate The Risk Of Compliance Audits?

Contracts Management Software as a Tool for SOX Compliance

What You Need to Know About Cloud Backup: Your Guide to Cost, Security, and Flexibility

Simplify the Complexity of Managing 3rd Party Anti-Bribery / FCPA Compliance

Value of a Purpose-Built Third-Party Compliance Solution

Picasso Recommendation

Third-Party Risk Management: Busting Myths and Telling Truths

Digital Asset Manager, Digital Curator. Cultural Informatics, Cultural/ Art ICT Manager

Vendor Risk Management Financial Organizations

Outsourced Third Party Relationship Management/ Vendor Management. TTS Webinar July 15, 2015 Susan Orr CISA, CISM, CRISC, CRP

OBLIGATION MANAGEMENT

Driving AP Automation Efficiencies Through Payments Transformation. Minnesota AFP April 19, 2011

II. Compliance Examinations - Compliance Management System. Compliance Management System. Introduction. Board of Directors and Management Oversight

MAXIMIZING VALUE FROM SAP WITH SUPPLY CHAIN COLLABORATION IN A SOFTWARE-AS-A-SERVICE MODEL. An E2open White Paper. Contents.

Services. Hospital Solutions: Integrated Healthcare IT and Business Process Solutions that Achieve Breakthrough Results

Risk Management of Outsourced Technology Services. November 28, 2000

Service Design, Management and Composition: Service Level Agreements Objectives

Global Headquarters: 5 Speen Street Framingham, MA USA P F

GUIDANCE FOR MANAGING THIRD-PARTY RISK

IT ASSET MANAGEMENT SELECTED BEST PRACTICES. Sherry Irwin

Whitepaper: 7 Steps to Developing a Cloud Security Plan

Effectively Managing Employee Absence

CRISC Glossary. Scope Note: Risk: Can also refer to the verification of the correctness of a piece of data

Corporate Challenges in Model Risk Management : Moving Beyond Model Inventory. Iain Wright Ian Francis, IBM 4 June 2015

Connecting data initiatives with business drivers

IT Governance Regulatory. P.K.Patel AGM, MoF

White Paper Achieving GLBA Compliance through Security Information Management. White Paper / GLBA

Designing an Operational Risk Program for a Community Bank Stephan Salvador Managing Director, Risk Management Consulting

A Practical Guide for Creating an Information Management Strategy and Strategic Information Management Roadmap

Request for Proposal for Application Development and Maintenance Services for XML Store platforms

BY GARY DONALDSON. The City of Atlanta Shares Insights for Increasing Revenue

Cloud-Based Project Information Management from Aconex: A Guide for IT Professionals

A Tipping Point for Automation in the Data Warehouse.

Boost BCM Program Maturity: Arm Your Team with the Right Tools. Jason Zimmerman Vice President Operations

Cloud Computing Risks in Financial Services Companies: How Attorneys Can Best Help In An Increasingly SaaS-ified World

IDENTIFYING VENDOR RISK THE CRITICAL FIRST STEP IN CREATING AN EFFECTIVE VENDOR RISK MANAGEMENT PROGRAM

An Enterprise Resource Planning Solution for Mill Products Companies

Infrastructure consulting. Global Infrastructure

Reaching New Heights: Providing Consistent and Sustainable High Performance at the State Level

OCC 98-3 OCC BULLETIN

BUYING AN ERP SYSTEM. How to avoid common pitfalls and maximize your ROI SHARE THIS EBOOK

GETTING THE MOST FROM THE CLOUD. A White Paper presented by

iworks healthcare Managed IT services

VMO Startup Guide: How to Launch a Vendor Management Office and Get It Right the First Time

Case Study: ICICI BANK INTERNAL AUDIT DEPARTMENT PENTANA AUDIT WORK SYSTEM IMPLEMENTATION

What you need to know about cloud backup: your guide to cost, security, and flexibility. 8 common questions answered

Helping Enterprises Succeed: Responsible Corporate Strategy and Intelligent Business Insights

By: Tracy Hall. Community Bank Auditors Group Taking Your Business Continuity Plan To The Next Level. June 9, 2015

NEC Managed Security Services

1 st to serve over 40 HBMA member companies

COGNOS PLAN-TO-PERFORM BLUEPRINTS CAPITAL EXPENDITURE PLANNING

ISSUE BRIEF. Cloud Security for Federal Agencies. Achieving greater efficiency and better security through federally certified cloud services

Team A SaaS Strategy

CA HalvesThe Cost Of Testing IT Controls For Sarbanes-Oxley Compliance With Unified Processes.

Thought Leadership White Paper

VENDOR RISK MANAGEMENT UPDATE- ARE YOU AT RISK? Larry L. Llirán, CISA, CISM December 10, 2015 ISACA Puerto Rico Symposium

How to Develop Successful Enterprise Risk and Vendor Management Programs

JOB DESCRIPTION/PERSON SPECIFICATION

Information Governance 2.0 A DOCULABS WHITE PAPER

Project and Operational processes, Key differences. Gotchas when deploying projects into operations

UNCOVER WHAT S HIDDEN IN YOUR SAP ERP DATA TO HELP CUT COSTS AND RAISE COMPLIANCE

Transcription:

V E N D O R M A N A G E M E N T P R O F I L E S E R I E S A Wh it e Pap e r by Ve n d or I NS I G HT an d C MPG, L L C Growing Vendor Management as a Sustainable Business Process with Automated Vendor Management Systems November 1, 2013 C O P Y R I G H T 2 0 1 3 B Y V E N D O R I N S I G H T A N D C M P G, L L C. A L L R I G H T S R E S E RV E D.

Vendor Management Evolved Boundaries and Origins Vendor management, by its nature, is a broad-ranging business process that crosses many organizational boundaries, including Sourcing, Procurement, Risk and Compliance, IT, Information Security, Disaster Recovery Planning, Finance, and Accounting, Retail and Operations groups. In addition to requiring the collaborative participation of these groups, a company s successful vendor management program must facilitate many business needs. These include: Vendor research and selection Vendor evaluation and due diligence activities Contract development, monitoring and alerting Multi-dimensional risk assessment (financial, legal, information security, fraud, technology, etc.) Performance measurement and SLA (service level agreement) monitoring Market news monitoring Financial health monitoring SSAE16 review and monitoring Business risk and business trend monitoring The development of vendor management into the multifaceted business process it is today was enabled by the maturity of sourcing as a strategic business discipline. Sourcing taught organizations to control costs and set expectations for vendor performance on the front end of the relationship - during the vendor selection process. Vendor management evolved by necessity because of the need to monitor contracts, track service level agreements, and ensure that the services and performance that were negotiated were being realized. Vendor management embodies the closed-loop side of the traditional plan-execute-measure-control model, where sourcing constitutes the planning and execution phases, and vendor management embodies the measurement and control phases. Because so much of the risk borne by a company can be evaluated from information that is typically revealed concurrently with vendor evaluation, selection and contracting activities, vendor management naturally extends upstream into the stages of sourcing where this information first becomes available. So, in essence, vendor management - especially its risk components - has engulfed the traditional sourcing model which was previously cost-focused, in the interest of ensuring improved risk management, reliability and performance. The Three Primary Objectives of Vendor Management A reliable vendor management program is built around features that help manage three domains related to the vast array of vendors and third parties who are contracted to provide services, management data, products, software, hardware, or the outsourcing of critical business functions. These domains are Relationship, Risk and Performance. Interdependent, they provide essential information, data, and analysis that is essential to management s understanding of the importance, reliability and strength of the vendors and third parties the company relies on. In highly regulated industries like financial services or healthcare, these three domains also represent the primary 1

concerns of regulators, auditors and examiners, at the federal and state level, as they enact guidance and laws and evaluate an organization s operational risk and enterprise risk management program. Financial institutions increasingly rely on third parties for the creation, delivery and maintenance of products and customer relationships. All of these critical vendor relationships bear the burden of standing up under the daily pressure of a dynamic and changing business and technology environment, and they must successfully avoid harming the financial stability, profitability, or customers of the financial institution that relies on them. As the industry has matured and as new risks emerge from evolving B2B behavior that increasingly relies on social media, unique outsourcing arrangements, and leveraged supply chain relationships, the regulators have responded with new guidance and laws aimed at mitigating these risks. In fact, it can be argued that the new guidance imposes managerial oversight and mandates specific process design for companies as they carry out the business of vendor and third party risk management. In 2013 alone, three new updated regulatory guidance documents were published that relate to the financial services industry. These include: FFIEC Guidance on Social Media (January 2013); FDIC Compliance Manual, Abusive Practices - Third Party Procedures (July 2013); OCC New Guidance for Third Party Risks (October 2013) In late 2013, company internal audits and regulatory examination findings increasingly reflect the new standards. Companies and industries struggle to keep up as they continually work at developing their vendor management programs into more formal, consistent and efficacious business processes that provide a competitive advantage while satisfying regulators and enterprise risk management objectives. Relationship. Risk. Performance. Effective Risk Management and Sustainably Consistent Business Practices are Enabled by Automated Vendor Management Systems. Relationship - Knowing all of your vendors, how many there are, what services they provide and which ones are most important is similar to understanding and classifying the many species and the working ecology of a forest. Risk - Examining vendors in detail to evaluate their information security strength, financial strength or health is much like a forensics analysis. It requires specialized knowledge and the tools to do the job efficiently. Performance - Measuring your vendors and their performance, adherence to SLAs and other key metrics is important to ensure your organization will perform at its highest level and grow without disruption. 2

The Six Common Plagues of Vendor Management Business Problems Drive the Need for Vendor Management Automation Today, vendor management activities at most companies are directed, or at least heavily influenced, by a department of Risk Management and Compliance. The responsibilities for maintaining and organizing vendor information falls on an often small group of dedicated personnel who, through the management mechanisms of policy design, oversight, subject matter expertise, and reporting and accountability, attempt to ensure that vendor management procedures are carried out diligently, timely, and in a consistent and formal manner across the enterprise. Seven business problems are common to nearly every organization. These business problems expose financial institutions and other companies alike to significant cost risk, regulatory risk, and strategic business risk: 1. There is not enough time or manpower resources available to be able to properly carry out vendor management activities that range from extensive due diligence to contracting to monitoring and performance management. 2. Performance and SLA monitoring of vendors - a critical component of the business value received from a vendor - is inconsistent at best and must be performed manually. 3. There is currently no standard or consistently-applied risk rating methodology that can easily be applied to ALL vendor relationships. This results in inconsistency among the vendor records and documentation. 4. There is insufficient visibility into the contractual obligations of the company, including key notice dates, automatic renewal dates and options within the contracts with mission critical and high value service providers and third parties. Additionally, it is difficult and time-consuming to locate key contracts with service providers when they are needed for planning or strategic projects. 5. An extensive manual effort is required to maintain and manage the vast array of information that is essential and pertinent to the proper governance of vendor and third party relationships. 6. Managers and employees who interface with suppliers and who own the business processes the suppliers support, do not prioritize vendor management and are not held accountable by management for the timely and proper completion of their assigned tasks and activities within the vendor management process. Each of these business problems can be alleviated by an automated vendor management system that enables better access to information, a centralized repository of vendor information, a consistent methodology for vendor assessments, and improved workflow with enhanced visibility, reporting, oversight and control. 3

ROI and Cost-Benefit Analysis for an Automated Vendor Management System Assumptions The following analysis is based on vendor management metrics that are specific to and that have been developed by UBSI, including compensation and expense numbers. Metrics, where utilized, have been validated with industry research. The data utilized in the ROI analysis has been selected to present a conservative ROI calculation in order to mitigate any inherent risk in the assumptions. Number of Expected Vendor Contracts Managed: 400! Average Annual Contract Value: $85,000 Average Contract Length (Frequency of Renewal): 3 Years! Percentage of Contracts Renewing that Require RFP/Negotiation: 20% Frequency of Audit or Examination: 12 Months!! Cost of Outside Legal Counsel: $250/hr.!! Total Compensation (Salary and Benefits):! Program Administrator: $62,000! Clerical/Administration: $ 45,000 Classification and Quantification of Benefits Fortunately, vendor management is not just an added cost and resources burden to an organization, rather, it brings with it significant and tangible business benefits and savings. The companies that maintain a formal vendor management program learn quickly that getting real business benefits and achieving regulatory compliance and risk management go hand-in-hand. A strong vendor management program delivers benefits across three dimensions: Activity and Productivity Benefits - Enables easier, faster completion of required tasks and activities like vendor risk assessments, performance reviews, or RFPs and results in improved resource utilization, improved productivity and lower personnel costs. Business Benefits - Improves the visibility and reliability of management information that is needed to make strategic and daily business decisions like whether to renew a contract, when to terminate a vendor relationship, or when a critical vendor decision may be needed. Compliance and Risk Benefits - Ensures that your policies and procedures, and the federal and state laws they are designed to comply with, are consistently and formally met. Meeting the regulatory and compliance requirements requires better organization of data and vendor information which is equally useful for business strategy, planning and execution, including cost control, budgeting and legal risk mitigation. Clearly, the business benefits of a vendor management system alone easily justify the expense of an automated vendor management system, even in the absence of essential risk and compliance benefits. Results The ROI analysis shows that a vendor management system will easily provide annual benefits that exceed the cost of the system, including setup and training. The Internal Rate of Return (IRR) exceeds 700% with quantifiable financial benefits plus reduced enterprise risk levels accompanied by a significantly improved risk management position. 4

Type Benefit COST- BENEFIT ANALYSIS FOR AUTOMATED VENDOR MANAGEMENT SYSTEM A - Activity and Productivity Savings Annual Savings A PRODUCTIVITY / Personnel Savings - Vendor Management Due Dilgence and Compliance Task Automation $ 124,000 A PRODUCTIVITY / Personnel Savings - Contract Ownership, Management and Vendor Monitoring $ 42,408 A PRODUCTIVITY / Personnel Savings - Document Review and Data Entry $ 18,000 A PRODUCTIVITY / Personnel Savings - Sourcing and RFP Administration and Management $ 12,000 A PRODUCTIVITY / Personnel Savings - Finance, Information Security/IT, and RIsk Management Administration $ 4,133 A PRODUCTIVITY / Personnel Savings - Risk and Compliance / Examinations and Audit Preparation and Response $ 1,240 B - Business (Non- Interest Expense) Savings NONINTEREST EXPENSE REDUCTION - REDUCED STAFFING REQUIREMENT / B Personnel Savings from Program Administration Included with Software $ 62,000 B NONINTEREST EXPENSE REDUCTION / Contract Pricing and Price Increase Avoidance $ 51,000 B NONINTEREST EXPENSE REDUCTION / Legal Review by Outside Counsel $ 33,333 B NONINTEREST EXPENSE REDUCTION / Contract Renewals, Strategic Visibility and Cost Avoidance $ 25,500 B NONINTEREST EXPENSE REDUCTION / Paper and Printing Cost Savings $ 9,000 B NONINTEREST EXPENSE REDUCTION - Regulatory Awareness & Program Upkeep $ 8,125 C - Compliance Requirements (Non- Quantified / Partial List) C Compliance with Differentiated Monitoring and Management Control Requirements for High/Medium/Low Risk Vendors Requirement Compliance with Newest RegulatoryRequirements: FFIEC Social Media Monitoring (January 2013), FDIC Abusive Practices C and CFPB Consumer Compaints (July 2013), and OCC Revised Third Party Management Guidance (October 2013) Requirement Assessment of the "Criticality" or Vendor Relationship to Determine Appropriate Level of Due Diligence and Risk C Assessment Requirement C Identification of Vendors with Poor or Downward Trendng Performance or Risk Profiles Requirement C Proactive Monitoring and Alerting of Key Contract Notice Dates, Cost Increases, Planning Horizons and SLAs Requirement C Automatic OFACand CFPB Customer Complaint Database Checking of All New Vendors Requirement C Maintenance and Archive of Vendor Selection Decision Documentation Requirement Monitoring/Enforcement of Roles and Responsibilities for Vendor Management Policy and Procedures (Including C Requirement Training) C Consistency in Maintaining Policy Compliance Visibility Across All Vendor Management Records Requirement TOTAL ANNUAL SAVINGS $ 390,740 Vendor Management Automated System One- Time Setup Cost: $ Vendor Management Automated System Annual Recurring Cost: $ 20,000 40,000 IRR (INTERNAL RATE OF RETURN) 718%

Conclusions and Recommendations The Case for Automated Vendor Management Systems Automated vendor management systems, especially the class-leading solutions offered by reliable, established companies like VendorINSIGHT, can be easily and quickly deployed in less than 30 to 45 days. They utilize cloudbased strategies to minimize costs and employ the latest technologies. The solutions are easy to use, reliable, and cost-effective. With one-time initial setup costs that average less than $20,000 and recurring annual costs frequently less than $40,000, these solutions cost less than a single employee, deliver benefits and productivity improvements equivalent to several employees and provide an internal rate of return of more than 700%. Moreover, they provide a scalable platform to more fully develop a vendor management program over time as companies grow or expand, as new vendor management best practices evolve, or as new requirements are imposed by regulatory bodies. Without a leading automated vendor management program in place to provide the controls needed to ensure consistency and proper execution of vendor management policies and good practices, a company is unnecessarily exposed to excessive legal risk, financial risk, performance risk, information security risk, business continuity risk, customer risk and repetitional risk. When the analysis shows a strong hard-dollar financial return, an inherentlyunderstood promise of reduced risk and improved compliance, with improved productivity and better management information and reporting, utilizing an automated vendor management system just makes good business sense. Grant Karnes is the Executive Director of VendorINSIGHT and the lead vendor management implementation consultant for CMPG, LLC. For more details or to discuss VendorINSIGHT as a solution for your business, contact a VendorINSIGHT representative at www.vendorinsight.com or 1-800-997-2674. 2013 by VendorINSIGHT and CMPG, LLC. 5

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information