Beruflich Dokumente
Kultur Dokumente
Using COBIT 5
Introduction
Vendors
A vendor is a third party that supplies
products or services to an enterprise.
Most enterprises seek external vendor
support for assistance with operations
for one of the following reasons:
Vendor
Vendor
Vendor
Vendor
expertise
capacity
assuming risk
leveraging scale
Vendor Management
Vendor management is a strategic
process that is dedicated to the
sourcing and management of vendor
relationships so that:
value creation is maximized and
risk to the enterprise is
minimized
Vendors to include
Play a critical role in daily operations
Can have critical impact on the success
of strategic projects
Require long-term contracts
Have potential significant financial
implications
Are difficult to change overnight
Require frequent interaction and/or
disputes
Access or manage substantial critical or
sensitive data
Important Documents
Contract Lifecycle
Contract
Contracts accomplishes the following:
Form a common understanding of what needs
to be achieved
Define all deliverables, relevant service levels
and metrics
Define responsibilities and obligations
Define the terms and conditions
Specify how risk will be allocated between
parties
Define legal counsel and jurisdiction stipulations
SLAs
An SLA is an agreement, preferably
documented, between a product or service
provider and the enterprise that defines
minimum performance targets for a deliverable
and how they will be measured and reported.
The SLA enables customer and vendor
accountabilities and expectations to be clearly
understood. Performance can have the
following implications:
Financial rewards (for exceeding targets)
Financial penalties (for underperformance)
SLA Diagram
Stakeholder Responsibilities
Mitigation Strategy
Thre COBIT 5 Guidance
at
1. Diversify sourcing strategy
to avoid overreliance or
vendor lock in
T5
3. Establish a vendor
management governance
model
4. Set up a vendor
management organization
within the enterprise (VMO)
5. Forecast requirements
regarding the skills and
T2
Mitigation Strategy
Thre COBIT 5 Guidance
at
7. Formulate clear
requirements
8. Perform adequate
vendor selection
T2
Mitigation Strategy
Thre COBIT 5 Guidance
at
11. Set up SLAs
T2
T2
Mitigation Strategy
Thre COBIT 5 Guidance
at
15. Conduct adequate
vendor relationship
management during the
life cycle
T4
Mitigation Strategy
Thre COBIT 5 Guidance
at
18. Perform an evaluation
of compliance with
enterprise policies
T4
T4
Mitigation Strategy
Thre COBIT 5 Guidance
at
20. Plan and manage the
end of the relationship
T2,
APO09 Manage service
T4, T5 agreements; APO10 Manage
suppliers;
APO12 Manage risk
Enabler: Services,
Infrastructure and Applications;
People, Skills and
Competencies; Information
T1,
APO08 Manage relationships;
T2,
APO09 Manage service
T3, T4 agreements; APO11 Manage
quality; APO12 Manage risk
Enabler: Services,
Infrastructure and Applications
Q&A