Scribd Logo
Hochladen

Willkommen bei Scribd!

  • Vendor Management

    Hochgeladen von

    Shrishti Jain
    273 Ansichten23 Seiten
    Vendor managent

    Copyright

    © © All Rights Reserved

    Verfügbare Formate

    PPTX, PDF, TXT oder online auf Scribd lesen

    Stufen Sie dieses Dokument als nützlich ein?

    Sind diese Inhalte unangemessen?

    Dieses Dokument melden
    Vendor managent

    Copyright:

    © All Rights Reserved
    Als PPTX, PDF, TXT herunterladen oder online auf Scribd lesen
    Markieren Sie unangemessene Inhalte
    273 Ansichten23 Seiten

    Vendor Management

    Hochgeladen von

    Shrishti Jain
    Vendor managent

    Copyright:

    © All Rights Reserved
    Als PPTX, PDF, TXT herunterladen oder online auf Scribd lesen
    Markieren Sie unangemessene Inhalte
    von 23

    Vendor Management:

    Using COBIT 5

    Introduction

    New Guidance from ISACA


    Areas covered
    IT
    Process owners
    and stakeholders
    Compliance and
    laws
    Risk management
    Audit
    Contracts
    Service monitoring

    Vendors
    A vendor is a third party that supplies
    products or services to an enterprise.
    Most enterprises seek external vendor
    support for assistance with operations
    for one of the following reasons:

    Vendor
    Vendor
    Vendor
    Vendor

    expertise
    capacity
    assuming risk
    leveraging scale

    Vendor Management
    Vendor management is a strategic
    process that is dedicated to the
    sourcing and management of vendor
    relationships so that:
    value creation is maximized and
    risk to the enterprise is
    minimized

    Vendor Management Objectives


    Managing vendors has many benefits,
    including:
    Data loss reduction
    Decrease in audit findings
    Cost optimization
    Increased availability
    Liability reduction
    Increased end-user satisfaction
    Value creation

    Vendors to include
    Play a critical role in daily operations
    Can have critical impact on the success
    of strategic projects
    Require long-term contracts
    Have potential significant financial
    implications
    Are difficult to change overnight
    Require frequent interaction and/or
    disputes
    Access or manage substantial critical or
    sensitive data

    Important Documents

    Contract Lifecycle

    Contract
    Contracts accomplishes the following:
    Form a common understanding of what needs
    to be achieved
    Define all deliverables, relevant service levels
    and metrics
    Define responsibilities and obligations
    Define the terms and conditions
    Specify how risk will be allocated between
    parties
    Define legal counsel and jurisdiction stipulations

    SLAs
    An SLA is an agreement, preferably
    documented, between a product or service
    provider and the enterprise that defines
    minimum performance targets for a deliverable
    and how they will be measured and reported.
    The SLA enables customer and vendor
    accountabilities and expectations to be clearly
    understood. Performance can have the
    following implications:
    Financial rewards (for exceeding targets)
    Financial penalties (for underperformance)

    SLA Common Pitfalls

    Focus on the wrong objectives


    Simplistic metrics
    Inappropriate terminology
    Room for interpretation
    Labor-intensive reporting requirements

    SLA Management Benefits


    Better alignment with business
    objectives
    Ability to manage services proactively
    Greater transparency of service delivery
    Lower service level management
    overhead
    Better relationships between the
    enterprise and vendor

    SLA Diagram

    Stakeholder Responsibilities

    Risk 5 Threat Categories

    T1 Selection: Wrong vendor


    T2 Contract: Incomplete | Static
    T3 Requirements: Poorly defined
    T4 Governance: Inadequate vendor
    management
    T5 Strategy: Vendor lock-in

    Mitigation Strategy
    Thre COBIT 5 Guidance
    at
    1. Diversify sourcing strategy
    to avoid overreliance or
    vendor lock in

    T5

    APO02 Manage strategy,


    APO10 Manage suppliers

    2. Establish policies and


    procedures for vendor
    management

    T4, T5 APO11 Manage quality


    Enablers: Principles, Policies
    and Frameworks; Information

    3. Establish a vendor
    management governance
    model

    T4, T5 APO09 Manage service


    agreements, APO10 Manage
    suppliers
    Enabler: Organisational
    Structures

    4. Set up a vendor
    management organization
    within the enterprise (VMO)

    T4, T5 APO10 Manage suppliers


    -- Enablers: Organisational
    Structures; People, Skills and
    Competencies

    5. Forecast requirements
    regarding the skills and

    T2

    APO10 Manage suppliers


    Enablers: People, Skills and

    Mitigation Strategy
    Thre COBIT 5 Guidance
    at
    7. Formulate clear
    requirements

    T3, T5 BAI02 Manage requirements


    definition, BAI03 Manage
    solutions
    identification and build
    Enabler: Information

    8. Perform adequate
    vendor selection

    T1, T5 APO10 Manage suppliers,


    APO12 Manage risk
    Enablers: People, Skills and
    Competencies

    9. Cover all relevant lifecycle events during


    contract drafting
    10. Determine the
    adequate security and
    controls needed during the
    relationship

    T2

    APO11 Manage quality, APO12


    Manage risk
    Enabler: Information

    T4, T2 APO11 Manage quality; APO12


    Manage risk, MEA01 Monitor,
    evaluate and assess
    performance and conformance
    Enablers: Service,

    Mitigation Strategy
    Thre COBIT 5 Guidance
    at
    11. Set up SLAs

    T2

    APO09 Manage service


    agreements
    Enabler: Information

    12. Set up operating level


    agreements (OLAs) and
    underpinning contracts

    T2

    APO09 Manage service


    agreements
    Enabler: Information

    13. Set up appropriate


    vendor
    performance/service level
    monitoring and reporting

    14. Establish a penalties


    and reward model with the
    vendor

    T2, T4 APO09 Manage service


    agreements, APO10 Manage
    suppliers,
    MEA01 Monitor, evaluate and
    assess performance and
    conformance
    Enabler: Information
    T2

    APO09 Manage service


    agreements, APO10 Manage
    suppliers

    Mitigation Strategy
    Thre COBIT 5 Guidance
    at
    15. Conduct adequate
    vendor relationship
    management during the
    life cycle

    T4

    APO08 Manage relationships,


    APO10 Manage suppliers
    Enablers: Ethics, Culture and
    Behaviour

    16. Review contracts and


    SLAs on a periodic basis

    T4, T5 APO09 Manage service


    agreements, MEA01 Monitor,
    evaluate
    and assess performance and
    conformance
    Enabler: Information

    17. Conduct vendor risk


    management

    T4, T5 APO10 Manage suppliers,


    APO12 Manage risk
    Enabler: Organisational
    Structures

    Mitigation Strategy
    Thre COBIT 5 Guidance
    at
    18. Perform an evaluation
    of compliance with
    enterprise policies

    T4

    APO10 Manage suppliers;


    MEA01 Monitor, evaluate and
    assess
    performance and conformance;
    MEA03 Monitor, evaluate and
    assess
    compliance with external
    requirements
    Enablers: Principles, Policies
    and Frameworks; Information

    19. Perform an evaluation


    of vendor internal controls

    T4

    APO10 Manage suppliers;


    APO12 Manage risk; MEA01
    Monitor, evaluate and assess
    performance and conformance
    Enabler: Organisational
    Structures; Information

    Mitigation Strategy
    Thre COBIT 5 Guidance
    at
    20. Plan and manage the
    end of the relationship

    T2,
    APO09 Manage service
    T4, T5 agreements; APO10 Manage
    suppliers;
    APO12 Manage risk
    Enabler: Services,
    Infrastructure and Applications;
    People, Skills and
    Competencies; Information

    21. Use a vendor


    management system

    T1,
    APO08 Manage relationships;
    T2,
    APO09 Manage service
    T3, T4 agreements; APO11 Manage
    quality; APO12 Manage risk
    Enabler: Services,
    Infrastructure and Applications

    22. Create data and


    hardware disposal
    stipulations

    T2, T4 APO12 Manage risk


    Enablers: Services,
    Infrastructure and Applications;
    Information; Principles,

    Q&A

    Das könnte Ihnen auch gefallen