IIA OC CHAPTER OCTOBER 2010 BREAKFAST EVENT. The Risks of Outsourcing: Considerations for IT and Operational Auditors.

Similar documents
T31: Before, During and After Outsourcing David Fong, BlackRock

Vendor Management Program Office Onshore or offshore?

Location of the job: CFO Revenue Assurance

A worldwide view Successful integration of global mobility programs

How quality assurance reviews can strengthen the strategic value of internal auditing*

Software as a Service: Guiding Principles

Assessing Your Information Technology Organization

VENDOR SELECTION: WHERE TO BEGIN?

Hedge fund launch considerations Reaching new boundaries. Investment Management

Application Overhaul. Key Initiative Overview

Anatomy of an IT Outsourcing Deal. Bruce Laco Deloitte John Pickett IT World Canada Barry Sookman McCarthy Tetrault

Driving Excellence in Implementation and Beyond The Underlying Quality Principles

The Changing IT Risk Landscape Understanding and managing existing and emerging risks

Internal audit strategic planning Making internal audit s vision a reality during a period of rapid transformation

Development, Acquisition, Implementation, and Maintenance of Application Systems

The Shared Services Journey

OUTSOURCING HUMAN RESOURCES FUNCTIONS

Appendix G: Organizational Change Management Plan. DRAFT (Pending approval) April 2007

Enterprise Release Management

The Role of Internal Audit In Business Continuity Planning

State of Oregon. State of Oregon 1

Enterprise Risk Management & Information Technology

An Unbalanced Scorecard

October 7, Presented to. The PMI Washington DC Chapter. Pedro Agosto. Director of Client Services, XA Systems, LLC.

Agile project portfolio manageme nt

Office of the Chief Information Officer

OBLIGATION MANAGEMENT

IAOP: Creating Sustainable value in Outsourcing Klaus Koefoed

Driving Business Value. A closer look at ERP consolidations and upgrades

WHITE PAPER: STRATEGIC IMPACT PILLARS FOR EFFICIENT MIGRATION TO CLOUD COMPUTING IN GOVERNMENT

WHITE PAPER. Mitigate BPO Security Issues

Making Strategic Decisions with Oracle Advanced Planning. An Oracle White Paper September 2006

Risk Considerations for Internal Audit

Title here. Successful Business Model Transformation. in the Financial Services Industry. KPMG s Evolving World of Risk Management SECTORS AND THEMES

OPTIMUS SBR. Optimizing Results with Business Intelligence Governance CHOICE TOOLS. PRECISION AIM. BOLD ATTITUDE.

#KPMG Ignite. Join the conversation

Driving performance and value through strategic vendor management

Office of the Auditor General AUDIT OF IT GOVERNANCE. Tabled at Audit Committee March 12, 2015

RISK BASED AUDITING: A VALUE ADD PROPOSITION. Participant Guide

Client Alert. Global Information Technology & Communications Privacy, Data Protection and Information Management

Qlik UKI Consulting Services Catalogue

U.S. CFO Program The Four Faces of the CFO Deloitte Touche Tohmatsu

NCOE whitepaper Master Data Deployment and Management in a Global ERP Implementation

How To Integrate Hr

SDLC- Key Areas to Audit in IT Projects ISACA Geek Week /21/2013. PwC

Vendor Management. Minimizing Value Leakage. Deloitte Consulting LLP. November 19, 2013

Optimizing Rewards and Employee Engagement

Project Management Office (PMO) Charter

Linking Risk Management to Business Strategy, Processes, Operations and Reporting

the role of the head of internal audit in public service organisations 2010

May Duke Energy EHSMS Manual. Environmental, Health and Safety Management System Manual

KPMG s Financial Management Practice. kpmg.com

Leveraging data analytics and continuous auditing processes for improved audit planning, effectiveness, and efficiency. kpmg.com

Auditing Outsourcing Arrangements

ISO :2005 Requirements Summary

Customer Needs Management and Oracle Product Lifecycle Analytics

HR Business Consulting Optimizing your HR service delivery

Enterprise Security Tactical Plan

Building an effective stay back team to gain maximum value from an outsourcing agreement

INTERNAL AUDITING S ROLE IN SECTIONS 302 AND 404

IT SOURCING BEST PRACTICES FOR. Version: 1.0 Date: 27-Nov-2007

How can outsourcing assist your business in closing this gap and hit compliance measures with these recent regulations changes and training needs?

Keys to a Successful Outsourcing Transition

A Practical Guide for Creating an Information Management Strategy and Strategic Information Management Roadmap

TECHNOLOGY STRATEGY AUDIT

Identity & Access Management new complex so don t start?

VENDOR MANAGEMENT. General Overview

Consulting Services Portfolio IT SERVICES PROVIDER

ERP. Key Initiative Overview

Essential Elements for Any Successful Project

The PNC Financial Services Group, Inc. Business Continuity Program

Global Strategic Sourcing Services

mysap ERP FINANCIALS SOLUTION OVERVIEW

Share the webinar Ask a question Votes (polling questions) Rate (before you leave) Attachments (you can download today s presentation)

3 rd Party Vendor Risk Management

NEW YORK STATE-WIDE PAYROLL CONFERENCE. Presented to:

Capturing Synergies during Integration

PROJECT MANAGEMENT PLAN Outline VERSION 0.0 STATUS: OUTLINE DATE:

Cisco Unified Communications and Collaboration technology is changing the way we go about the business of the University.

RISK MANAGEMENt AND INtERNAL CONtROL

Whitepaper. Beyond Compliance: Implementing Effective Whistleblower Hotline Reporting Systems

RISK AdvISoRy SeRvIceS MINING CREDENTIALS

The Future of the IT Department

THE UH OH MOMENT. Financial Services Enterprises Focus on Governance, Transparency and Supply Chain Risk

The Training Material on Supply Chain Collaboration & Logistics Solutions has been produced under Project Sustainable Human Resource Development in

Request for Proposal for Application Development and Maintenance Services for XML Store platforms

Voice Over IP Network Solution Design, Testing, Integration and Implementation Program Overview

Audit Report. Effectiveness of IT Controls at the Global Fund Follow-up report. GF-OIG-15-20b 26 November 2015 Geneva, Switzerland

Strategic Program Management

COSO Internal Control Integrated Framework (2013)

ORCHESTRATING A SMOOTH TRANSITION OF SERVICE PROVIDERS

Prosci change management webinar

Benefits and Challenges of Sourcing Strategies in the Insurance Industry

The Business Continuity Maturity Continuum

IT Outsourcing Transformation Demand of the time

Program Management Professional (PgMP) Examination Content Outline

Business Continuity Trends and Risk Considerations Financial Executives International Portland Chapter June

Becoming a Strategic Partner: Delivering Value Across the Acquisition Lifecycle

Aligning Compliance Program Priorities with Business Objectives

Transcription:

SHARED SERVICES AND OUTSOURCING ADVISORY IIA OC CHAPTER OCTOBER 2010 BREAKFAST EVENT The Risks of Outsourcing: Considerations for IT and Operational Auditors October 13, 2010 K P M G L L P (U S)

Introductions Sami Salam Manager Advisory KPMG LLP Suite 700 20 Pacifica Irvine, CA 92618 Tel 213 533 3310 Fax 213 652 1946 ssalam@kpmg.com Jennifer Meissen Manager Advisory KPMG LLP Suite 700 20 Pacifica Irvine, CA 92618 Tel 949 885 5533 Fax 949 266 5607 jmeissen@kpmg.com 2

Industry Backdrop for Exploring Sourcing Today s globally competitive business environment is forcing organizations to take a harder look at their business functions in order to compete effectively. Business Drivers Outcomes to Drive Shareholder Value Agility Achieving business objectives faster Improving organizational agility Efficiency Reducing unit and overall costs Avoiding capital costs associated with systems renewal Turning fixed costs into variable costs Shareholder Value Improving speed to market, enabling focus on core business Improving bottom line and establishing presence in new markets Sustainability Overcoming internal impediments to change or growth Accessing innovations and know-how As a result organizations are choosing sourcing to help achieve their goals 3

Drivers of Shared Services and Outsourcing Today s shared services organizations and outsourcing arrangements are enhancing their overall capabilities through carefully planned partnerships and optimized internal and external service centers Traditional Drivers Emerging Drivers Cost reduction Capital avoidance Access to talent Technology upgrades Labor arbitrage Transformation Centralization..still exist but now include Simplification Flexibility Finding synergy across services Improving services effectiveness Sustainable cost improvement Access to new ideas and improvements Competitive advantage through partnerships 4

Sourcing Lifecycle: Shared Services and Outsourcing All sourcing initiatives can be understood and evaluated in the context of the Sourcing Lifecycle Phase 6: Evolve Phase 1: Strategy Perform Strategic Alignment Review Perform cost cutting review Perform mid/end of deal review Assess pre/post merger impact Multi-Source strategy / Review against Business Case / Board Insource considerations / Strategy Phase 5: Deliver Evolve Strategy Develop Vision Develop Delivery Model Strategy and Align with Business Strategy Develop Business Case Roadmap Phase 2: Scope & Plan Assess governance structure Assess service levels and customer satisfaction Assess contract compliance Assess regulatory compliance Assess controls Revisit & Refine Business Case Initiate Continuous Improvement Plans Phase 4: Transition Deliver Transition Project Management Change Management Design & Select Scope & Plan Assess current business architecture Design conceptual business architecture Assess real estate rationalisation Develop tax structure Update risk assessment Refine business case Phase 3: Design & Select Implement the Delivery Strategy Transition processes, organization & people, governance and systems Develop service management processes and governance model Perform controls transformation Implement risk management plan; develop transition out plan Pilot Sourcing Model (if applicable) Detailed Design of Service Delivery Model Define Target Operating Model Conduct vendor selection and evaluation (if applicable) Provide negotiation and contracting support Perform Financial & Operational Due Diligence Conduct detailed risk assessment Design detailed Transition plan Refine & complete Business Case 5

Sourcing Risks Many organizations are currently utilizing various sourcing options for their key back office functions such as HR, IT, Finance and Accounting and other similar ones. These sourcing initiatives whether using a shared service center or an outsourcing arrangement generate a number of risks that the organization needs to assess and mitigate KPMG has a structured approach to assist organizations in identifying sourcing risks and providing recommendations based on industry leading practices 6

How Can Sourcing Risks Be Managed? There are several potential risks that are typically associated with sourcing. While some risks affect any outsourcing initiative, others may be more relevant when outsourcing offshore. KPMG has developed a Risk Cube to identify risks throughout the sourcing lifecycle and create a manageable framework. Risks by Business Areas Risks by Lifecycle Stage Sourcing Strategy Sourcing Preparation Sourcing Selection Transition Management People Process Technology Actors and Platforms Delivery Management Service Evolution 7

Sourcing Risks by Business Areas As organizations setup Shared Services Centers or Outsourcing arrangements with vendors there are a number of risks that arise that need to be effectively mitigated Some of these key sources of risks are highlighted below Strategic Risks Operational Risks Financial Risks Regulatory Risks Technology Risk Reputation Risk Risks associated with adverse business decisions or failure to implement decisions Risks attributable to operational problems with service or product delivery or inability of an entity to recover fully and timely from unforeseen events Risks attributable to financial aspects such as insurance, tax, interest rate movements or movement in foreign exchange rates that impact cross-border contracts and operating activities Risks caused by violation of laws, rules, regulations, prescribed practices and ethical standards Risks relating to the failure of the outsourced entity s IT environment to effectively process and deliver products to its/your customers on a fully secure basis Risk of negative publicity regarding business practices associated with the outsourced operation 8

Managing, Mitigating and Eliminating Risks A useful approach that IT / Operational Auditors may wish to adopt that will help to identify, mitigate, and/or eliminate risk is understanding leading practices in each Sourcing Lifecycle phase (across the Risk Areas ) that the business should adopt. Internal Audit can then determine how and when to assist and thus help enable the process. 6 1 2 5 4 3 9

Sourcing Strategy 5 6 4 1 3 2 Develop Vision Phase 1: Strategy Develop Delivery Model Strategy and Align with Business Strategy Develop Business Case Roadmap Challenges Better practices to overcome challenges Sponsorship Program Leadership Understand and document the business case for sourcing; why we need to do this Ensure that the sourcing program should have visibility at an executive level Ensure that an executive who has the budget owns the mandate to source Nominate an experienced leader to provide day to day program management Ensure that project plans are developed and resources to fulfil tasks are deployed Ensure that resources who are held accountable for tasks have the bandwidth to devote time to the sourcing program Work with executives and check to see if they have visibility and support initiatives Discuss with project teams if a vision / guiding principles have been agreed to and/or documented Discuss budgets and whether resources have been assigned Look for high level project objectives 10

Scope and Plan 5 6 4 1 3 2 Phase 2: Scope & Plan Assess current business architecture Design conceptual business architecture Assess real estate rationalization Develop tax structure Update risk assessment Refine business case Challenges Better practices to overcome challenges Tactical Ownership Conceptualize and roll out a change and communication program to obtain buy in Tie the performance goals of process leads to key milestones and deliverables in the source program Equip each process owner with tools, templates and resources so that they can take a lead role Build a nimble retained organization that seeks to manage processes and outcomes rather than individuals and their activities Work with project teams to see if a high level project plans exist and that teams are tracking them Stakeholders such as HR and Corp Communications should be involved and kept informed by the project teams 11

Design and Select 5 6 4 1 3 2 Phase 3: Design & Select Detailed Design of Service Delivery Model Define Target Operating Model Conduct vendor selection and evaluation (if applicable) Provide negotiation and contracting support Perform Financial & Operational Due Diligence Conduct detailed risk assessment Design detailed Transition plan Refine & complete Business Case Challenges Better practices to overcome challenges Robust Solution Design Operating model design aligns with business objectives and takes into consideration all business and operating risks Comprehensive financial and operational due diligence is performed for both the vendor and/or the proposed service location Vendor evaluation process involves inputs from all key stakeholders Contract negotiation focuses on getting the right solution instead of getting a lower price Review operating model design to identify key risk areas and design appropriate controls to mitigate these risks Participate in vendor site visit or location visits and identify any business/operational risks Evaluate vendor solutions from a risk and controls standpoint Review contract terms to ensure it meets audit requirements 12

Transition 5 6 4 1 3 2 Phase 4: Transition Implement the Delivery Strategy Transition processes, organization & people, governance and systems Develop service management processes and governance model Perform controls transformation Implement risk management plan; develop transition out plan Pilot Sourcing Model (if applicable) Challenges Better practices to overcome challenges Tracking and Smooth Execution Detailed project plan that tracks training, communication timelines infrastructure and technology setup timelines, ramp-up timelines, and go-live timelines Setup escalation process that ensure all issues are escalated in a timely manner Communications and change management plans have been adequately drawn up to ensure employee engagement and timely release of communications Review governance processes to identify any risks and design appropriate controls to mitigate these risks Review performance metric measurement process to ensure accuracy of reporting Support transition teams with timely reviews of user ID creation process for segregation and other similar issues 13

Deliver and Evolve 5 6 4 1 3 2 Phase 5: Deliver Assess governance structure Assess service levels and customer satisfaction Assess contract compliance Assess regulatory compliance Assess controls Revisit & Refine Business Case Initiate Continuous Improvement Plans Phase 6: Evolve Perform Strategic Alignment Review Perform cost cutting review Perform mid/end of deal review Assess pre/post merger impact Multi-Source strategy / Review against Business Case / Board Insourcing considerations / Strategy Challenges Better practices to overcome challenges Continuous Improvement Evaluate performance metrics on a periodic basis and realign them to changing business objectives Conduct annual or bi-annual benchmarking of vendors Review scope of services and re-evaluate sourcing strategy for the updated scope Audit vendors to ensure compliance to contract requirements Review and audit performance reports to ensure compliance to performance reporting processes as well as service level agreements 14

Appendix 15

Managing Sourcing Risks Strategic Risks Risks associated with the scenarios, plans, directives and decisions that dynamically define and integrate the internal and external resources and services required to fulfill the enterprise s business objective. Strategic risks typically arise on account of the following scenarios: Lack of visible Executive Sponsorship Outsourcing strategy may not align with overall business strategy and priorities Strategy does not consider long-term goals for outsourcing other processes Strategic objectives are not clearly defined and/or effectively communicated to outsourcing partner Failure to identify and involve key stakeholders, both internal and external, in the strategic planning process Failure to identify components of the organization that need to be retained, taking the wrong processes offshore, especially broken processes with multiple hand-offs Lack of local market knowledge impacting areas such as location selection, local regulatory compliance, local government monopolies and delivery quality Failure to perform a consumer impact analysis of outsourcing 16

Managing Sourcing Risks Operational Risks Risks attributable to operational problems with service or product delivery or inability of an entity to recover fully and timely from unforeseen events. Operational risks typically arise on account of the following scenarios: Significant geographical differences between service delivery location and client locations In ability to clearly defined or track performance metrics Inability to operationalize strategy Inadequate attention to recruiting, training, learning curve and retention at delivery site Project charters not clearly defined or prioritized Scope and service levels not regularly reviewed Skill and knowledge transfer may be difficult and costly to recover Operational capacity requirements not clearly defined or understood Informal processes may not be documented or their impact to operations clearly understood Unrealistic reliance on contracts and service level agreements to ensure success Proper oversight of outsourced processes not maintained, inadequate resources allocated to relationship management 17

Managing Sourcing Risks Financial Risks Risks attributable to interest rate and foreign exchange rate movements or the entity s inability to meet payment obligations as and when they fall due. Financial risks typically arise on account of the following scenarios: Financial consequences of an operational failure not identified and/or mitigated Economic benefits and cost levers are not properly defined Short-term cost reduction does not justify long-term costs Cost reductions not achieved due to inability to reduce workforce and related resources Business disruption insurance may not cover outsourcing relationships Exchange rate fluctuation can impact cross-border contracts Insufficient attention to tax related issues thus impeding ability to achieve tax incentives available at offshore locations 18

Managing Sourcing Risks Regulatory Risks Risks caused by violation of laws, rules, regulations, prescribed practices and ethical standards. Regulatory risks typically arise on account of the following scenarios: Improper compliance with laws and regulations such as: Patriot Act Sarbanes-Oxley ICD 10 CM Regulatory scrutiny over international offshore sourcing, if applicable Compliance with local tax and labor laws at offshore location 19

Managing Sourcing Risks Technology Risks Risks relating to the failure of the outsourced entity s IT environment to effectively process and deliver products. Technology risks typically arise on account of the following scenarios: Failure to exercise greater levels of due diligence in the evaluation and selection of a vendor s technology capabilities Comprehensive evaluation is not performed to identify the appropriate technical solution Complexity grows exponentially when sourcing internationally: Network latency, security, disaster recovery become significant risk considerations Existing business continuity plans that may not adapt well to international recovery requirements Protection of intellectual capital Migration and Transition strategy not clearly defined End-user, operations and infrastructure support requirements not clearly defined or understood Technology obsolescence not considered in contractual agreements 20

Managing Sourcing Risks Reputation Risks Risk of negative publicity regarding business practices associated with the outsourced operation. Reputation risks typically arise on account of the following scenarios: Backlash against moving jobs offshore Language and dialect issues negatively affecting end user perception 21

Document Prepared By Sami Salam Manager Advisory Services 213 533 3310 ssalam@kpmg.com Jennifer Meissen Manager Advisory Services 949 885 5533 jmeissen@kpmg.com KPMG LLP 20 Pacifica, Suite #700 Irvine, CA 92618 22

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information