AgendaMeeting PurposeVRM Introduction1. Introduction to Vendor Relationshipmanagement2. Observations / Positioning / benefitsof VRM3. 2009 Framework Overview4. 2012 Vendor RelationshipManagement Framework5. Segmentation Model6. Assignment of VRM ManagementResponsibilities7. VRM Enabling Tool Overview8. Challenges/Next Steps• System Resources/Support• How will it work/Operationalize• Resources – Who RASCI9. Stakeholder Input10. Program Timelines1
The Evolving World of Vendor ManagementFinancialManagementRelationshipManagementDeliveryManagementRiskManagementContractManagementChangeManagementProblemManagementRegulatoryRequirementsVMO2 Views of Vendor Management havehistorically been limited to performanceand pricing review The VRM process enhances vendormanagement through targeted Risk,Performance and Vendor RelationshipManagement as the cornerstones of itsVRM program There is a greater demand for acentralized vendor managed process,due to increased OSFI and auditrequirements (nnn) currently has an Supplier RiskManagement process in place to identifyinformation security risk and mitigatethrough due diligence and contractuallanguage. VRM builds on this frameworkand expands it by introducing broadenedrisk assessment and mitigationmanagement toolsRP RRisk – PerformanceRelationship Management“Creating Value”
Leaders in VRM capture and retain a bigger share ofnegotiated valueStudies show that comprehensive vendor management is key to realizing and sustaining value after thestrategic sourcing process. In Canada, most banks are involved in creating VRM frameworks; for , (nnn)the VRM framework will drive improved value from strategic and selected operational vendorsSpendOptimization/ValueRealizationOnboarding Ongoing Vendor Relationship ManagementHigher level ofsavings identificationand captureQuicker timeto savings realization /value captureEnhanced savingsustainabilityContinuousVRM improvement /enablementPotential additionalsavings and value creationpotential with VRMPotential savings fromstrategic sourcing activitiesto date / ongoing activityPotential lost (negotiated)value without effective andongoing VRMTimeILLUSTRATIVE3VendorRelationshipManagement
VRM is the link for sourcing to be more strategic anddrive higher vendor performanceThe VRM framework, as envisioned, will propel in the “Leader” quadrantCompleteness of VisionValueLaggardsMid-TierLeadersFinancial Institution Industrial23658ABDEFGC17MagnaSocieteGeneraleBoeingGMLloydsTDRBCBMOScotiaHLL H4CONFIDENTIALThe vendor management program must manage howsuccessfully strategic vendors deliver value to . Theprogram focuses on measuring efficiencies, risk,performance and relationship quality using measuresappropriate to the value and risk associated with theproducts or services delivered. Some example of metricsthat can be used to measure these aspects of value:Risk:• Mitigation of identified risks• Increased OSFI compliance• Business Continuity managementPerformance:• Increased service levels• Improved adherence to SLAs• Decreased dispute-resolution timeRelationship quality:• Improved customer satisfaction• Vendor collaboration and cooperation• Improved relationship scores in scorecards• Responsiveness• Flexibility• Ease to work with• Access to vendors
Vendor Relationship management: Keys to SuccessResearch has identified five "work streams" that it says are key to effective VRM programs. Those are:1. Supply base rationalization with family/vendor segmentation:Overall reductions in the total number of suppliers and then more granularrationalization by specific strategy segments and individual purchase categories. Thegoal in the end is to produce a smaller, higher performance supply base.2. Vendor Risk management:Development of a strategic vendor risk management strategy and short and longerterm risk mitigation / business continuity strategies by purchasing area.3. Relationship management:Taking relationships with key vendors to the next level through informationsharing/transparency, trust building programs, and equitable joint efforts/programs.4. Vendor relationship development:Active programs to overcome barriers to performance on both the buyer and suppliersides of the equation, which drive continuous improvement.5. Vendor performance measurement and management:Getting the metrics right and effectively and consistently using that insight forimprovement.
The 12 Keys to Success A consistent approach that encompasses all of the work streams identified above in an integrated way. There is no silverbullet. While VRM can be approached as an initiative with a beginning and an end, the greatest success comes from building anapproach to VRM that becomes a way of doing business. Executive support (of course) - executives must be committed, and "walk the talk." Clear linkage of VRM goals to overall business goals, with VRMs contribution to those goals tracked quantitatively andqualitatively. Adopting a total cost-value approach to decision-making. A focus primarily on year over year savings will limit VRMpotential. As needed, hard work to change procurement cultures that are resistant to supplier collaboration and trust and buildingstrong relationships within other areas within the company. Similarly, treating suppliers equitably, with meaningful respect; sharing in risks and rewards. Talented procurement staff who are capable of building advanced relationships and managing the five VRM work streamseffectively. Investment in procurement technology, organizational structure, and staffing sufficient to carry out real VRM strategies. Continuous investment in education for buyers, other internal stakeholders, and suppliers on the goals, principles andpractices of effective VRM. Setting high expectations for results, focused on how true VRM can achieve breakthrough results that cannot be achievedby one side of the equation alone. Recognition that VRM may drive the most relative value for companies in which price-focused supply managementimprovements have leveled off.
Overall VRM ApproachVendor DevelopmentVendorRiskManagementVendorRelationshipManagementVendor Rationalization(Segmentation)VendorRelationship andCommunicationsManagementVendor / BuyerDevelopmentVendorRelationshipManagementFoundation:SegmentationStrategyDevelopmentInitial Focus(Start of VRM)FeedbackAssignment of Roles andResponsibilities
2012 Vendor Management Program PlanObjectiveTo build and establish, across , a framework to manage commercial relationships with all vendors, but with primaryfocus on strategic, outsourcing and bank-wide vendors. The framework has three primary goals:1. To identify and manage vendor risk2. To identify and manage issues in performance3. To establish appropriate levels of vendor interaction through phased relationship management approachesScopeEstablish a formal Vendor relationship Management program, achieved by segmenting Vendors, assessingbusiness continuity risks, integrating regulatory requirements, formalizing relationship management activities bysegmentation, and creating tools and templates to establish proper metrics and incentives to foster more valuedrelationships• Leverage the current seven component governance framework and create three templates• Formalize the level of interaction for each segment of Vendors• Develop and implement a scorecard process for Vendors with KPI’s and SLA’s• Create a recognition program for outstanding Vendors• Drive Vendor-initiated innovation activitiesDrive Value and efficiency through:• Improving internal efficiencies in dealing with Vendors and LOB / Spend owners• Preserve negotiated value during the contract lifecycle• Reduce and mitigate operational vendor risk by better managing / controlling Vendors• Reducing costs through external process improvement, vis-à-vis improved vendor collaboration and issueresolutionBenefits:• Reduce vendor risk• Improve vendor performance• Manage vendors more effectively through relationship management8
Vendor Relationship Management: New DirectionThe VRM framework aims to accomplish five objectives:1. Manage vendor risk beyond information security risk2. Manage vendor performance through scorecards3. Manage vendor relationships through scheduled and tier-specified intensity4. Simplify and streamline the VRM tools and processes – from 7 current process to 3,focused on enabling the key objectives of VRM: manage risk / manage performance andmanage relationships5. Segment vendors based on their risk, spend and importance to the business profiles(business importance)Sourcing VMORP RRisk – PerformanceRelationship Management“Creating Value”9
Vendor Relationship Management: Key PrinciplesVendor Relationships aremanaged based on theirvalue and impactto1. 2.Standard Processesand tools are appliedfor managing allvendor relationships3.Processes are compliantwith internal risk andbusiness continuityguidelines, as well asexternal regulatoryrequirementsApproach to manage andmonitor vendors isapplied consistentlyacross LOB’s5.4.Roles andresponsibilities areclearly defined,understood and supportedThe design of the “best in class” vendor managementframework is guided by key principles6.Strategy reflects the ultimategoals of VRM:1. Manage Risk2. Manage Performance3. Manage Relationships10
VRM Phase 1 – Governance Structure for MaterialOutsourcers= mandatory controls= optional controlsObservations No identification of vendor segmentation – unable toidentify which vendor is strategic to , and why, and thisleads to potentially missing key vendors needing to bevendor managed. Original intent was to manage only material outsourcers Vendor Relationship Management practices vary in qualityand effectiveness across – no “source of truth” Lack of training, information, processes and tools to guideconsistency across LOBs and support vendor managers Critical vendor management requirements such asbusiness continuity, security management, riskmanagement, compliance, governance are managed asseparate silos and not integrated along with vendormanagement as core components of vendor management Inconsistent, sporadic leverage of vendor capabilities andinnovation /innovative practices that could leverage tocreate competitive differentiation OSFI is mandating more robust compliance monitoring andreporting for all strategic and outsourcing vendorsVendorDetermine Level ofVRM ControlMaterialOutsourcersHigh PIRTScoresMaterialSpend$ 30MM+/YImplement Operational Process Controls (OPC)Mitigation by VRM TypeManage RiskManage ContractsManage ProblemsManage FinancialsManage RelationshipsManage ContractsManage ChangeManage Risk11
2012 Key VRM Program ChangesSegmentationof VendorsAssignment ofVRMManagementResponsibilitiesLeverage ofTools andTemplatesThe current VRM template was established in 2009, and Operationalized in 2010. It introduces a sevencomponent governance framework, and its objective is to provide a management framework formaterial outsourcers. In part, OSFI was demanding a better framework to manage important materialoutsourcersThe 2012 version of VRM introduces a1.Segmentation framework that identifies which vendors that uses are strategic to , and assigns VRM“ownership” per vendor segment2.Assigns vendor relationship management responsibilities according to vendor segment allocation3.Leverages the previously established VRM governance framework but aims to reduce complexity andoperationalize that framework with functional tools and templates. The end result of this optimizationare three main management tools:ChangeManagementIssueManagementContractManagementFinancialManagementRiskManagementProblemManagementRelationshipManagementVRM V1 CURRENT FRAMEWORKVRM V2OBJECTIVESManagePerformanceManageRisk / BusinessContinuityManageRelationshipsPlease answer the questions below with the best fitting vendor profile1Is the PIRT score for this contract above 17? (please refer to the score of the justcompleted PIRT exercise)YES NO YES: ?2Is the vendor providing an outsourcing services? (does the vendor provide a processor service on behalf of CIBC)?YES NO YES: ?3 Is the vendor mentioned in the drop-down area? YES NO YES: ?The section below aims to measure potential business impact areas, ranging frombrand and customer impact, to sharing of proprietary information, ease of vendorreplacement and uniqueness of service or product4In case the supplier fails to deliver a contracted service, the impact to CIBCs brandand reputation would be: (Brand impact refers to negative publicity for CIBC, with apotential to lose marketshare and revenue - for instance, customers would be compelled toclose accounts and sign on with competirtors)High Limited No brand Impact5In case of supplier fails to deliver a contracted service, the impact to CIBC customerswould be: (perhaps best expressed in the potential number of customers impacted: High =10,000 customers +; limited would be 1between 1,000 and 10,000 customers impacted) -for instance, customers would not be able to access their funds from an ATM)High LimitedNo customerImpact6In order for the supplier to be able to implement or integrate a service or a process,the supplier will need access to: (if CIBC proprietary and confidential information finds itsway to a CIBC competitor, CIBC might be at risk to lose competetive advantage)Highly proprietaryand confidentialinformationTacticalinformationThere is noinformationsharingrequirement7 The product or service provided by the vendor is:Uniquelydeveloped forexclusive CIBC useA customized off-the-shelf productor serviceAn off-the-shelfproduct withoutany customization8 How difficult would it be to replace this vendor?There are noviable alternatives.Replacement timewould exceed 6monthsViable alternativesidentified.Replacement timewould be less than6 monthsMany supplieralternatives andreplacement ofthe vendor within1 month ispossibleSOCResults in: Strategic Operational Commodity OutsourceVendor Vendor Vendor VendorVRM Objectives Reporting VMO Managed LOB Managed LOB Managed LOB ManagedVMO OptionalRisk Scorecard MANDATORY RECOMMENDED OPTIONAL MANDATORYPIRT Attestation MANDATORY MANDATORY MANDATORY MANDATORYVRM ManagedPerformance Scorecard MANDATORY RECOMMENDED OPTIONAL MANDATORYRelationship Framework MANDATORY RECOMMENDED OPTIONAL MANDATORYSegmentation ToolVendor classificationVRM managementassignment12StrategicOperationalCommodity
2012 Additional VRM ChangesFROM TOMaterial outsourcers, High PIRT and 30MM + spendFocus on strategic, bank-wide and outsourcingvendors through a vendor segmentation modelSeven-process governance modelThree reporting tools:performance / risk / relationship managementOSFI mandated reporting on material outsourcersExpanded OSFI requirements applicable to allstrategic and outsourcing vendors, not only thosedeemed “materialOne core objective: manage material outsourcersThree objectives:Manage risk / manage performance / managerelationshipsNo supporting toolsetsFully functional toolset that enables focus on the threecore objectives of VRMAssignment of responsibilitiesBetter responsibility distribution according to vendorsegment placementManual processes and spreadsheetCurrently evaluating appropriate IT enabling tools(Archer / Emptoris / Hiperos)No leverage of vendor-driven innovationopportunitiesA key KPI – leverage vendor-driven innovation toaccelerate competitive differentiation13
2012 Proposed VRM FrameworkSegmentation• SLA Management• KPI Management• Financial Performance• Delivery Performance• Vendor Scorecards• ImplementationAssistance• TerminationAssistance• Change Management• Issue Management• Vendor Operations• Business Continuity• Disaster Recovery• Geo-Political Risk• Regulatory Risk• Corrupt / Bribery Risk• Financial Risk• Environmental Risk• Business ReputationThe CS VRM structure is designed for LOB adoption and / or leverage when engaged in managingvendors. The framework provides for an infrastructure that goes beyond the governance model currentlyin place. Managing vendor risks and performance establishes the basis for effective vendorcommunications and relationships. Develop a long term, strategic approach to managingthe relationships of the organization’s key strategicsuppliers (Relationship Management) Develop jointly agreed upon relationship goals andobjectives for targeted suppliers (Governance) Develop KPIs that support and monitor progresstoward achieving the overall joint relationship goals &objectives (Performance) Create conditions for safe and reliable operations(Risk Mitigation) Deliver value and managing costs (Performance) Invest in processes, technology and innovation(Continuous Improvement) Plan and implement onboarding, scorecarding andinnovation (Performance)VRM Activity PurposeToolsObjectivesHow14RP RRisk – PerformanceRelationship Management“Creating Value”
VRM High Level Process Flow17,000 Vendors ofRecord2,500 +Contracts AnnuallySegmentationToolInformation Risk Enabledperformed Togetherwith the Preliminary Information Risk TriageprocessApprox. 50 vendorsApprox. 750 vendorsApprox. 16,000vendorsSOCAssignment of VRMManagementResponsibilitiesPerformanceRiskRelationshipsHIGH PIRTSTRATEGICOPERATIONCOMMODITYMMMMMMORRR OOStrategicOperationalCommodityMROMANDATORYRECOMMENDEDOPTIONAL15
VRM Process FlowSTARTLOB completesSegmentationProcessVMOreviewsresultsAgree withsegmentationresult?AmendSegmentationResultNOSOCLOB and VMONotifiedSpend OwnerNotifiedOSYESSpend OwnerNotifiedSpend Owner andVMONotifiedRelationshipFramework in PlaceRelationshipFramework in PlaceBCM notifiedand certifies BC PlanLiaise with BCMand certify BC PlanDevelopScorecardDevelopScorecardRelationshipFramework in PlaceLiaise with BCMand certify BC PlanDevelopScorecardRelationshipFramework in PlaceLiaise with BCMand certify BC PlanDevelopScorecardRECOMMENDEDOPTIONALMANDATORYMANDATORYManagevendorManagevendorCountry RiskAssessment16
VMO Function OverviewLOB conductssegmentationexerciseIf the vendoris segmentedstrategic, the VMOinitiates the followingprocesses1. Manage Risk2. Manage Performance3. Manage relationshipsOperational RiskFinancial RiskStrategic RiskRegulatory RiskEnvironmental RiskCorrupt Practices RiskGeo-PoliticalRiskAssessment• Interviews• Questionnaires I• T RiskManagement tools• Checklists• AssumptionAnalysis• SWOT templates• Modeling /Diagrams• ContingencyresponsestrategiesRisk 4Risk 1Risk 2ImpactProbabilityL HRisk 5Risk 6Risk 3Risk 4Risk 1Risk 2ImpactProbabilityL HRisk 5Risk 6Risk 3Specificvendormanagementapproachbased onsegmentationand riskweighingScorecard1.Risk Prioritization2.Contract SLA / KPI3.Biz continuity mgmt.4.Innovation5.Performance6.Issue resolution7.Change mgmt.8.Etc…PerformanceScorecardComponentsRelationshipManagementMatrixRisk 4Risk 1Risk 2ImpactProbabilityRisk 5Risk 6Risk 3PrioritizedRisk MatrixManage Risk Manage Performance Manage RelationshipsInterfacewith:1.Legal2.Environmental3.Country Risk4.Info Security Risk5.Risk management6.Business Continuity7.Contract Management8.LOB9.Spend OwnersPractices1.CommunicationsPlanning2. RelationshipPlanningLevel VP / LOB / VRM LOB / VRM LOB / VRM LOBVendor Senior Mgmt (Board/EC) Division Manager/ Strategist Account Manager Performer and SalesStrategicFrequency: 1-2/year (mightbe part of annual review)Discussion: Growth andStrategic Planning and tocommunicate significantmessagesFrequency: 4/year(as a part of quarterly reviews)Discussion: Review work progress anddevelopment; Assess relationship andplan for next quarter and year (at annualreview) - InnovationFrequency: 12/year (as a part of monthlyplanning)Discussion:Every month (meeting or conferencecall) - Scorecard, next monthss planEvery quarter (meeting) -Performance and Development PlanEvery half-year (meeting) -Relationship Review and PlanFrequency: more than 1/week (as needed)Discussion:Communicate requirements and issues. Providesolutions and assistance.Prepare scorecards and action plans forquarterly review with lead drivers/strategistsInnovationOperational XFrequency: 1/year(as a part of annual reviews)Discussion: Review work progress anddevelopment; Assess relationship andplan for next year - InnovationFrequency: 12/year (as a part of monthlyplanning)Discussion:Every month (meeting or conferencecall) - Scoercard, next monthss planEvery quarter (meeting) -Performance and Development PlanEvery half-year (meeting) -Relationship Review and PlanFrequency: more than 1/week (as needed)Discussion:Communicate requirements and issues. Providesolutions and assistance.Prepare scorecards and action plans forquarterly review with lead drivers/strategistsCommodity X XFrequency: 12/year (as a part of monthlyplanning)Discussion:Every month (meeting or conferencecall) Scorecard, next monthss planEvery quarter (meeting) -Performance and Development PlanEvery half-year (meeting) -Relationship Review and PlanFrequency: more than 1/week (as needed)Discussion:Communicate requirements and issues. Providesolutions and assistance.Prepare scorecards and action plans forquarterly review with lead drivers/strategistsVendorTierCommunications PlanningAs desired if there isa) the need to upgraderelationshipb) the need tocommunicatesignificant messagesAs desired if there is theneed to upgraderelationshipShareVision ShareResources Collaboration ShareRisk/RewardStrategicAlignCIBCvisionwithVendorsvisionPlanlongtermstrategiestogetherShareIPandknowledgeSharepeopleonstrategiceffortsSharecapitalinjointendevoursCollaborativelydefineneed;planandoperateinanintegratedmanner.WorkasateamtoleveragesupplierandInnovationexpertiseforcommongoalsRewardssharedequally,throughcompensation,incentiesandsharedinvestments(AllianceAgreements)OperationalSharelongtermvisionandobjectives.TakeVendorinputsandcapabilitiesintoaccounttorevisitstrategiesShareIPandknowledgeSharepeopleonhighimpactandhighvisibilityeffortsCoordinateplanninganddevelopment.LeveragesupplierexpertisetodevelopapproachBasiccompensationandincentivesfocusedonthelongtermwiththewillingnesstoacceptshorttermlosses(ContractandServiceLevelAgreements)CommodityNoneedtosharevisionorobjectivesNoorminimalresourcesharing CommunicatedemandandtaskrequirementsonlyBasiccompensationaspernegotiatedratesheet(PurchaseOrderbasedonpricelist)VendorTierAssociatedCommercialRelationshipBehaviorsCommercialRelationships PlanningRP RRisk – PerformanceRelationship Management“Creating Value”1.2. 3. 4.
2012 Step 1 – Vendor SegmentationVendorSegmentationA questionnaire-drivensegmentation tool, activityperformed in conjunctionwith the VRM process,leading to identification ofStrategic, Operational and CommodityvendorsStrategicStrategicOperationalCommoditySTEP: 1Defined segmentation criteria: Strategic Operational CommodityStrategic Vendor: - VRM Mandatory• Provide unique products or services that allowto competitively differentiate itself• Extremely difficult to replace due to complexityor uniqueness of service• High brand impact or shareholder value creation• Sharing of only the most sensitive strategicinformationOperational Vendor: VRM Recommended• Key Vendors, integrated / customized levels ofservice or functionality• Able to replace – sufficient market competition/ RFP• Possible brand impact – negative or positive• haring of operational informationCommodity Vendor: VRM Optional• Off-the-shelf products or services; plenty ofVendor choice• Information sharing on a tactical level, asrequired• Low brand impact potential (positive ornegative)• Easy to replace due to abundant marketcompetitionDescription of Tiers19
Eight questions in the segmentation tool to determinevendor segment positioningQuestion 1: High Information Security Risk Vendors“Is the Information Risk score for this contract above 17?”If the answer is “yes”, then this vendor or this vendor’s particular contract gets immediately flagged for ongoing PIRTattestation process, reflective of the final Supplier Risk Management and Security Self Assessment determinationQuestion 2: Determination of whether the vendor delivers an outsourced service“Is the vendor providing an outsourcing service”If the answer is “yes” to this question, the vendor automatically gets flagged for VRM focus. The reason this question is a“Yes / No” answer, is that vendors providing outsourcing services can be across the segment spectrum, yet OSFIdemands more focused governance and management structures for vendors providing outsourcing services.Question 3: Determination of materiality or bank-wide services“Is the vendor mentioned in the drop-down menu?”The drop-down menu will list a number of vendors whose spend is $ 30 Million or above, or vendors that are currentlymanaged by the VRM manager – typically they provide -wide services and don’t have a clear spend owner. If a vendorname appears on this list, they will get flagged for VRM focus assignmentWe designed the questions so as to create an objective evaluation of what is important to , and not the spend owner.They are intended to eliminate bias and emotionality, and instead focus on issues of materiality, risk, business impact,uniqueness of product or service and ease of replacement.There are 8 questions in total; the first three are “Yes / No” questions; the next 5 questions we ask to assign a value inresponding to the questions. These questions will be added to the PIRT questionnaire.The First Three Questions20
Eight questions on the segmentation tool to determinevendor segment positioningQuestions Four to Eight measure the business impact toQuestion 4: Brand ImpactIn case the supplier fails to deliver a contracted service, the impact to s brand and reputation would be:High / Limited / None”Brand impact refers to negative publicity for , with a potential to lose market share and revenue, adversely affect thereputation of , erode shareholder value or interrupt revenue flow -for instance, customers would be compelled toclose accounts and sign on with competitorsQuestion 5: Determination of whether the vendor delivers an outsourced service“In case of supplier fails to deliver a contracted service, the impact to customers would be: High / Limited/ NonePerhaps best expressed in the potential number of customers impacted: High = 10,000 customers +; limited would bebetween 1,000 and 10,000 customers impacted) - for instance, customers would not be able to access their fundsfrom an ATMQuestion 6: Determination of access to confidential, proprietary information“In order for the supplier to be able to implement or integrate a service or a process, the supplier will needaccess to: Highly proprietary and confidential information / Tactical information / There is no informationsharing requirement”if proprietary and confidential information finds its way to a competitor, might be at risk to lose competitiveadvantage)Question 7: Uniqueness of product and / or service to“The product or service provided by the vendor is: Uniquely Developed / Customized Off-the Shelf Product/ Off-the-shelf Product”If the vendor delivers a product or service that is uniquely developed for ’s purposes, then it would be proportionallydifficult to replace this vendor with a competitor without service interruption or supply interruption.Question 8: Availability in the vendor marketplace – ease of replacement“How difficult would it be to replace this vendor?” - There are no viable alternatives. Replacement timewould exceed 6 months / Viable alternatives identified. Replacement time would be less than 6 months /Many supplier alternatives and replacement of the vendor within 1 month is possible”Some products or services are highly specialized and are not available in the immediate or wider marketplace withoutsignificant vendor replacement hurdles, with exceedingly long replacement times21
Step 2: VRM Risk Management Framework / Mitigation(nnn) increasingly relies on IT vendors and service providers to support core business processes. This reliance exposes to greaterrisk of delivery disruption or failure and damage to their reputation, as well as other business and IT risks facing IT suppliers.Challenging economic conditions compound these risks. CIOs, vendor managers, and risk managers who develop and implementholistic vendor risk management programs can appropriately assess and mitigate risks related to strategic, emerging, legacy andtactical vendors.Assess and Manage Financial RiskWhen vendors experience challenges in one or more of the categories of vendor risk criteria — financial, organizational, support andstrategy — this indicates short- or long-term risk, which could lead to immediate or the potential for future business disruption Forexample, a volatile and uncertain economy has accelerated IT market changes, and declining revenue has placed acute pressure onmargins, often putting vendors at risk. The VMO will constantly monitor the market and the financial viability of strategic vendors inthe VRM portfolio to detect early warning signs and prepare and implement risk mitigation and contingency plans if necessary. TheVMO will re-evaluate the health of major providers and refresh their risk analysis every six months in the current economy.Assess and Manage Operational RiskOperational risk, which can result from human activity, external events and failed or inadequate processes, are interrelated withand contribute to credit and market risk exposures. This can affect a vendors financial stability and potential growth. The VMObroadens our understanding of the business implications of operational risk management (ORM) beyond supporting the complianceand control responsibilities of internal auditing. This will enable the VMO to achieve more-timely visibility and actively manageoperational risk across the strategic vendor portfolioAssess and Mitigate Compliance Risk, facing increasing OSFI reporting demands, need to ensure that the engagement for contracted services and/or products formallycomplies with applicable country or regional laws and regulations, such as financial reporting and accounting, data protection,software licensing, anti-discrimination and harassment, and environmental regulations. During the strategy development, vendorevaluation, selection and contract negotiation phases, The VMO, together with the LOB, must identify the compliance and audit risksand their strategic vendors need to address. This will establish a sound foundation to develop a well-defined legal compliance articlein the contract. This article is the foundation used to minimize compliance risks throughout the deal.
Assess and Manage Strategy RiskStrategy risk focuses on changes to a high-level set of directives that strategic (and outsourcing vendors) should use toarticulate how they will achieve their missions and move toward their vision. Abrupt changes to strategy could indicate vendorchallenges, such as a lack of internal alignment, financial difficulties in one or multiple business units, or an overall weakvision, which may affect the vendors ability to compete in the market. An assessment of strategy risks will involve anassessment of, among other aspects of vendor strategy, the vendors business model, changes in product and geographicstrategies, and the vendors go-to-market delivery strategy. It is anticipated that the VMO (together with the LOB) willregularly assess the strategy risks as well as financial, operational, compliance and strategy risks throughout the deal and notonly when a vendor is selected.Assess and Manage Geography RiskVendors offer and deliver products and services worldwide. As contemplate and select vendors, they must also assess andmanage the risks related to delivery from different areas of the world. For example, if vendors are providing services to fromcountries such as India, China, Brazil or Ireland, IT, sourcing and VMO managers need to decide which delivery risks theyneed to consider and manage. If a current provider opens new delivery centers in other areas of the world and now want toshift work to these centers, needs to consider how this will affect their delivery and if it poses any risk to the business.The VMO (together with other competency centers) will regularly assess and manage geographic risks throughout the lifecycle of the deal. This includes, among other considerations, assessing whether the vendor has the same delivery maturityacross the globe; the risks, such as geopolitical challenges, the likelihood of natural disaster, and the volatility of thecountrys infrastructure, that the delivery location poses; the security of ’s intellectual property (PIRT process); and any risksrelated to developing software (ASP’s) and buying hardware from a geography that is considered high risk and noncompliantwith s policies.Step 2: VRM Risk Management Framework / Mitigation
Vendor Riskand ControlSelf Assessments(RCSA)StrategyBusinessInitiativesRisk MeasurementBusinessContinuityStrategyVendor Risk ManagementVision, Guiding Principles, Risk Strategy, Risk Appetite,Organization Structure, Risk GlossaryKey RiskIndicators(KRIs)Vendor Risk MonitoringVendor Risk Identification& Assessment•Common OrganizationalHierarchy•Common Risk Definitions•Common Control Themes•Key Process Focus•Validating ComponentsRisk ReportingStep 2: VRM Risk Model –Risk Management Process
2012 Step 3a – Commercial Relationship PlanningVENDOR TIER Share Vision Share Resources Collaboration Share Risk / RewardAssociated and tailored commercial relationship behaviorsStrategicOperationalCommodity• Align vision withvendor long term vision• Plan joint long-termstrategies• Share IP and knowledge• Share resources onstrategic projects• Consider sharinginvestments• Collaboratively define needs;• Plan and operate in anintegrated manner;• Leverage vendor resourcesand innovation expertise forcommon goals• Evaluate reward shareopportunities• explore partnership oralliance agreements andframeworks• Share long-term visionand objectives• Evaluate vendor inputsand capabilities andre-visit strategies• Selectively share IPand knowledge• Share resources on highimpact and high visibilityinitiatives• Coordinate planning anddevelopments•Leverage vendor expertise todevelop approaches• Explore basic compensationand incentive schemesfocused on the long-termwith the willingness to acceptshort-term losses (contractand SLA agreements)• No need to sharevision or objectives• No to minimalresource sharing• Communicate task anddemand requirements only• Compensation as pernegotiated contract – noupsideThe VMO is responsible for building, maintaining and enhancing solid relationships with strategic vendors andinternal stakeholders. The vendor relationship manager is responsible for prioritizing arbitration with vendorsthat liaise with the business. Overall, the vendor relationship manager ensures that works with strategicvendors to align business and deal objectives to achieve the goals. Regular meetings to discuss operationaland governance issues help to align objectives and drive vendor value for sustainable win-win relationships.
2012 Step 3a – Communications PlanningLevelVENDOR Level Senior Management Division Manager Account Manager Performer and SalesStrategicOperationalCommodityFrequency: 2 x / year• Discussion:• Growth• Strategic Planning• Communicatesignificant messagesFrequency: every quarter• Discussion:• Review progress• Review developments• Assess relationship• Plan for next year• InnovationFrequency: monthly• Discussion:• Scorecard (monthly)• Next quarter (quarterly)• Development plan• Relationship review• Relationship planningFrequency: 1 x / year• Discussion:• Review work progress• Asses development needs• Assess relationships• innovationFrequency: Twice / Year• Discussion:• Scorecards• Planning• Relationship reviewLOB / VMO / VP LOB / VMO LOB / VMO LOBFrequency: Weekly• Discussion:• Requirements and issues• Provide solutions and• Prepare scorecardsplans for quarterly reviewwith LOB / and or leaddriversXX XFrequency: Weekly• Discussion:• Requirements• Issues• Provide solutions• Prepare scorecards• Quarterly reviewsFrequency: Twice / Year(meeting / conference call)• Discussion:• Scorecards• Planning• Relationship reviewFrequency: Weekly• Discussion:• Requirements• Issues• Provide solutions• Prepare scorecards• Quarterly reviews
Step 3: Scorecards: OBJECTIVESThe objective of scorecards is to: Drive achievement towards business goalswith strategic vendors Provide focus on business strategies Continuous risk mitigation focus Measure and sustain improved vendorperformance Guide shifts in vendor / business direction Achieve balanced results acrossstakeholder groups Initiate discussions away from “normalprocedures” to more strategic-focusedcontent (Innovation, for instance)Leading to: Improved performance reactionmechanisms Better understanding of developingtrends Root causes for performance swings are identified Appropriate and measured actions aredetermined Problems are prevented from becomingbigger problems Performance improvements are (re)-enforced and fire-fighting is reduced Competetive differentiation
Step 3: Manage PerformanceThe vendor performance manager reviews and directs strategic vendor activities, ensuring that the vendorsperformance meets contractual commitments . The performance manager, together with the LOB, monitorsthe strategic vendors operations and performance, examines measured results to identify problems andanalyze the rootcause, and takes appropriate action to correct failed activities or functionality. The VMO hasdeveloped and wuill use scorecards to measure objective and subjective data about the strategic vendorsperformance. The scorecard assesses how well the vendor is performing against contract terms andcustomer satisfaction measures,a s well as identified risk mitigation activities. The scorecards will beestablish aggregate performance data to develop a trend line that shows improving or declining performance.A sharp decline in performance could indicate a vendor in financial difficulty or a relationship on the verge offailure.•VENDOR MAP•INITIATIVES•BUDGETS•PLANNING•OBJECTIVES KPI•MEASURES SCORES•PERSPECTIVES•OBJECTIVES•SCORECARD•STATEMENTS•CLOSED-LOOP LEARNING•FEEDBACK CYCLES•LOB OBJECTIVES•BENCHMARKS•COMPETITIVE PRESSURES•ECONOMY•POLICIES•VALUES•VRM GOVERNANCEFRAMEWORK
Scorecards: DEVELOPMENTThe Vendor Performance scorecard management cycle, illustrated below, leverages a six-phase approach thatguides the user through steps for building, linking and refining vendor scorecards1. COLLECT6. CONFIRM5. CONNECT4. CASCADE3. CULTIVATE2. CREATE- Gather Inputs from:- LOB and sourcing strategic goals- LOB and sourcing business goals- Expected results / Value- Vendor expectations /- Vendor requirementsDetermine key result areasand determine key results,derived from business / sourcingstrategies and are unique to eachvendor or LOB, but typically include:- Financial compliance- Innovation Leadership- Process Compliance- Operational Effectiveness- Commercial ImpactConduct systematic reviews with bothLOB and vendor to monitor vendorperformance. Refine, adjust anddevelop additional appropriateTargets.Allows for a refinement of originalobjectives and measures to be moreLOB and sourcing relevant and resultsorientedThrough the cascade phase, LOBand sourcing strengthens links,improves visibility and align efforttowards business goals at the LOBlevel.Here, we would develop summarymeasuresIn this phase, we connect objectivesand measures to individual LOB andand vendors by developing individualperformance plans, conduct 1-1 vendorreviews and provide vendor coachingVendors relate their efforts toScorecard results, and use feedbackto drive adjustments / improvements /Outcomes towards business targetsHere we validate the effectiveness ofmeasures. Additionally to assessingif we have the right measures, wedetermine if we have the rightnumber of measures. This creates anunderstanding on how scorecardmeasures are related to one anotherand how to “pull the levers” toachieve desired outcomes
Vendor Management Office: Structure Creation of a VMO role to be single pointof contact to coordinate vendor activitieswith Supplier Risk, Business Continuity,Corporate Security and LOBs “Owner” of tools and processes for theVRM processVMOVRM AssociateIT FocusVRM AssociateServices Focusand cross LOBspendVRM AssociateLiaison betweenRisk / BCM /Contract MgmtLegalVRM AssociateOutsourcingLOBs31The organizational structure allows to maximize the value the organization receives from the vendor froma performance, risk and value point of view. This vendor management function focuses on the s keystrategic suppliers and includes IT and non-IT vendors. It takes a broader approach to vendormanagement to optimize costs and the value strategic vendors can deliver to the business.
RACI Chart: STRATEGIC VENDORSParameters in RACI Chart ToolRACI chart tool represents four parameters .Following are the meanings for each of theseparameters.• Responsible: this is a person who performsa task or work, and eh/she is responsible forthe work.• Accountable: primarily the person incharge of the task or work.• Consulted: person who gives feedback,contribute as and when required.• Informed: Person in charge who needs toknow the action or decision taken.STRATEGICComponent Activities VMO LOB BCM LEGAL CAT. MGRSegmentation Process I R IOperation Risk Analysis R C I IBusiness Continuity Management R C A I IDisaster Recovery Planning R C A I IGeo-Political Analysis C R IRegulatory Compliance C R I IAnti Corrupt / Bribery Attestation C R I IVendor Financial Viability R C I IEnvironmental Risk Management C A I IBusiness Reputation Management C A I IPIRT Attestation I R I I IProblem Management A C I IContract Management C A I I RChange Management R C IImplementation Assistance C R ITermination Asistance C R I I CFinancial Management C R IVendor Scorecard R C I IEscalation Management C R I IInvestment Management C RPerformance Reviews R A IImprovement / Mitigation action R A IContinuous Improvement C A IInnovation R C I IVendor Councils R C I I32
RACI Chart: OPERATIONAL and COMMODITY VENDORSParameters in RACI Chart ToolRACI chart tool represents four parameters .Following are the meanings for each of theseparameters.• Responsible: this is a person who performsa task or work, and eh/she is responsible forthe work.• Accountable: primarily the person incharge of the task or work.• Consulted: person who gives feedback,contribute as and when required.• Informed: Person in charge who needs toknow the action or decision taken.OPERATIONAL / COMMODITYComponent Activities VMO LOB BCM LEGAL CAT. MGRSegmentation Process I R IOperation Risk Analysis C R I IBusiness Continuity Management C R A I IDisaster Recovery Planning C R A I IGeo-Political Analysis C R IRegulatory Compliance C R I IAnti Corrupt / Bribery Attestation C R I IVendor Financial Viability C R I IEnvironmental Risk Management C R I IBusiness Reputation Management C R I IPIRT Attestation I R I I IProblem Management C R I IContract Management C R I I RChange Management C R IImplementation Assistance C R ITermination Asistance C R I I CFinancial Management C R IVendor Scorecard C R I IEscalation Management C R IInvestment Management C RPerformance Reviews C RImprovement / Mitigation action C RContinuous Improvement C RInnovation C R I IVendor Councils C R I I33
VRM Enablement Tool OptionsCriteria Definition Weight 1 2 3Alignment with CoreBusinessSupplier provides a unique product orservice that is critical to CIBCs coreLOBs/product lines 20%Important but LessStrategic to CoreBusiness(Non-Critical)Valuable in SupportingCore Business(Supporter)Strategic/Critical toCore BusinessProducts(Differentiator)Innovation CapabilityExtent to which supplier has thecapability and resources to help CIBCdevelop new products/capabilities 20%Low Capability(Limited Focus)Medium Capability(Strong Focus)High Capability(Innovation Leader)Operations CapabilityExtent to which supplier has thecapability to help CIBC improveexecution in the areas of productdelivery, supply, distribution 20%Low Capability(Limited Ability)Medium Capability(Strong Ability)High Capability(Operations Leader)# of ProductsCurrently/PotentiallySuppliedSupplier currently supplies or has thecapability to supply products/servicesto a large number of LOBs 10% 1 to 2 3 to 5 5+Importance of CIBCbusiness to SupplierCIBC represents a large percentageof suppliers business 10% <5% 5-10% >10%Perceived Ability toDrive Joint ProcessImprovementsSupplier demonstrates history ofstrong collaboration and has thecapability to help CIBC drive jointprocess improvements 20%Limited CollaborationThought LeadershipModerateCollaborationThought LeadershipStrong CollaborationThought LeadershipTotal 100%Scoring Standards(All Figures in C$ MM, unless otherwise stated)Staples has been CIBC’s approved vendor for office supplies since 2006. Prior to August 2009, Staples was previously named Corporate Express. Thiscategory includes items such as general office supplies, paper, toner, and IP (Information Product) supplies. Retail Markets (RM) spend with Staples in FY10Q4 ($2.27MM) represented 63.4% of CIBC spend ($3.59MM) with Staples. When combined, the three main product categories (office supplies, paper, andtoner) accounted for 89.4% ($2.03MM) of the RM spend with Staples in FY10 Q4.Staples – RM vs. CIBC spendAdherence to Preferred List(%)30405060708090Q1 Q2 Q3 Q4RM FY10 CIBC FY10 RM FY09Spend ($)0.000.501.001.502.002.503.003.504.00Q1 Q2 Q3 Q4RM FY10 CIBC FY10 RM FY09% of orders above $5030405060708090100Q1 Q2 Q3 Q4RM FY10 CIBC FY10 RM FY091.5% rebate*CIBC is eligiblefor a rebate of 1.5% if more than 81% of orders from Total Bank are worth at least $50CIBC Corporate Services Quarterly Spend ReviewOffice Supplies - StaplesRetail Markets – FY10 Q4December 21, 2010Contracts ContractManagerVRMMatrixGoogleAlertsScorecards SpendAnalysisThree Options for consideration1. Archer2. Emptoris3. HiperosADVANTAGE: DISADVANTAGE:ADVANTAGE: DISADVANTAGE:ADVANTAGE: DISADVANTAGE:• Currently used for PIRT• Can be used concurrently with PIRT• Lower) cost structure?• Familiar to users• One-step process• One central database• Link with Country Risk• Focused on Information risk mgmt.• No pre-formatting• Limited capabilities – only can beused fro segmentation purposes• probably best as a ”now” solution• Currently being configured• Contains all spend data• Contains all contract data• Has additional VRM modules• Cost?• Is additional integration required?• No VRM-specific modules• Elementary vendor risk modules• Needs Hiperos integration, ideally• Funding?• Entirely focused on vendormanagement• Helps design risk mitigationstrategies• Vendor performance mgmt. toolsand dashboards• ASP model• Can be used across LOB (BCM/Risk/VRM)34
NEXT STEPS Establish a Governance Committee, modeled after the VRM and Country Riskcommittee Gain approval for either IT enablement availability Identify the VRM “day-to-day” operations team Maintain confidentiality– Limit/avoid external communication– Nominate/Confirm Stakeholders Working Group members to Project Team when itcomes to IT process enablers Gather ongoing user community comments and observations Complete the web page reference VRM Tools and Templates Implement Segmentation Model35
PROGRAM MILESTONESActivity Target CompletionDateCommentsProject Continuance Approval Awaiting approvalSegmentation ToolComplete, pending revision relative to approvedcustomizations, and pending circulation to spend ownersand Stakeholders (Change Management)High Level Project ScheduleComplete, ongoing minor refinementsSoftware Readiness Requirements Document Done; awaiting approvalProcess Tools and Templates Complete and awaiting approval by ExecutiveCommunication / TrainingStrategyStarted drafting the Communication/Training Plan.Archer (Hiperos)Configuration BuildThis activity includes the Design and Build/Configurationof the application to meet the Business Requirements.Testing Initial configuration andtest Refinements Configuration/ deploymentThe testing activities listed are part of The DeliveryFramework. This testing ensures that the segmentationapplication is functioning as per the BusinessRequirements, and that any issues that may arise areresolved pre-implementation.TrainingThe Training to the End Users is planned to start in Q32012Implementation This is the GO Live date.36
Operationalizing the Governance Framework with Toolsand TemplatesChange ManagementDelivery ManagementContract ManagementFinancial ManagementProblem ManagementRisk Management• Visibility to, and management of, vendor / systems andprocesses change• The impact of service delivery toElement What it means Enabling Toolset Deliverable• Performance tracking / monitoring / reporting• Corrective action by vendor if requiredRelationshipManagement• Contract changes / refreshes / updates and inclusions• DRP / BCP reviewed / tested and remediate /• Regulatory audits performed and tracked• Compliance with and vendor policies and standards• Invoice accuracy• Tracking / reporting against financial contract details• Issue resolution• Logging and tracking of issues• Relationship governance• Segment-specific vendor meetingsOperation Risk AnalysisBusiness Continuity ManagementDisaster Recovery PlanningGeo-Political AnalysisRegulatory CompliancePIRT AttestationAnti Corrupt / Bribery AttestationVendor Financial ViabilityEnvironmental Risk Mgmt.Business Reputation Mgmt.Problem Mgmt. TemplateContract Mgmt. TemplateChange Mgmt. templateImplementation TemplateTermination Asistance TemplateFinancial Mgmt. AssessmentEscalation managementInvestment managementPerformance reviewsImprovement / mitigation actionContinuous ImprovementInnovationScorecardRiskMatrixRelationshipFrameworkThe seven componentsthat currently comprisethe Governance Framework…… are Operationalizedthrough a set ofdedicated tools andtemplatesResulting in presentationtemplates that correlateVRM objectives with VRMstrategy38
VRM Governance Toolset Workflow DiagramsDeliveryManagementRiskManagementContractManagementProblemManagementFinancialManagementChangeManagementLOB or VRM conductsRoot CauseanalysisLOB or VRM contactVendor to reportIncidentVRM Logs andtracks Incidentand AssignsidentifierConduct RegularService ReviewsUpdate incident trackingReport and checkif refunds are dueExecute Root CauseAnalysis Documentand logresultsPeriodically conductFinancial Health checkUse financial datacontract date andmatch with invoiceApprove Invoicefor processingEnsure discounts areTaken when dueReview vendorSpend againstcontractConduct quarterlyTeam meeting(scorecarding)Conduct vendorReview meetings asscheduledFormally submitChange requestDetermine impactof proposedchangeReview change requestto determine trendsApprove or DenyChange request andillustrate reasoningDetermine contractSLA / KPI impactpotential and adjustaccordinglyImplement / roll outapproved requestAssess completioneffectivenessand update finalstatusVendor and LOB /category manager toreview businessrequirementsLog and track issues withthe agreementDetermine what contractamendments arerequiredDetermine if the changesrequire a formalchange contractprocedureDraft amendmentsto the applicablecontractAdvise requestorof the changesEscalate if agreementis unlikelyFollow usualcontractmanagementprocedures forsign-offEvaluate the 6VRM riskcomponentsTailor VRM managementand scorecard focusTo “high risk”componentsCommunicate riskconcerns andmitigation strategiesto vendorIndicate riskcompliance statusReview incomingReports and escalateissuesDesign and implementa risk mitigationprogram- Different than theInformation Risk Managementprocess, whichis focused oninformation securityrisk management39
VRM: A Multi-level View of Performance (Scorecard)VRMLOBVendorReviewCommitteeStartEndIs theRelationshipVRM managed?Create relationshipand allow access toeveryone who willcreate scorecard forthis supplierCreate and buildLBO standardKPI and SLA groupsand advisecontract managementand LegalAgree onKPI / SLAmeasurementsRelationshipcreatedand accessmanaged atthis levelCreatescorecardtemplateForvendorCreate LOBspecificKPI / SLAand importintocardAdjusttargetswithspecificmeasuresIf required,addlocationsto cardInputSectionsweightingsAgreecardIf Hiperos –Access siteIf manualFill out Vendor cardComponentsmanuallyCompletecardSubmitcardReceive rejectedCard andComplete furtherSeePerformancereportSolicitPerformanceInputAnd sendCard tovendorReviewcardRejectCard?ApproveScoresReviewWithVendorNoYesYesNo40
Step 4: ScorecardingVRM/ LOB Scorecard Focus … Balanced, Risk-Weighted Scorecard Improves Management Focus….Vendor / LOB Input LOB / VRM-VMO RequirementsCreate relevant risk-weighted scorecardEnter results into HiperosCollect transactional performance dataConduct criteria-based assessmentCreate Vendor Performance reportVendor performance communicationsStudy PerformanceCreate Improvement PlanImplement Improvement PlanMonitor ImprovementsIsPerformanceClass-Leading?NYQuality, cost, delivery andresponsivenessmeasurements are eithersolicited from the LOB orBusinesses, or areextracted from thecomputer systemConduct measurements,quality of serviceservice delivery , developmentassessments.Measurements commensurategovernanceframework componentsAuditable plans arerequired for assessment;SLA / KPI or class-leadingperformance may negateThe need for repeatcriteria-based assessmentsComplete balancedscorecard containingquality, risk, costs,delivery andresponsivenessMeasuresEach period review(monthly / quarterly /semi-annually or annually)report prior tosending to vendorImplement business or servicesperformanceImprovement strategy, plansand activitiesAs defined by VRMbenchmarking100%0%Targeted forStrategic VendorsVRM ScorecardTargeted forOperationalVendors(Scorecard Light)Ad-hoc measurement(Annual / as required)CommodityVendors• Ensures overall scorecard frameworkremains relevant as score metrics arefine-tuned• Facilitates scorecard adoption, includingnumerous pre-set metrics• Enables comparability across vendorswhile capturing relationship-specificissuesNudging Towards Standards41
VRM Component: Change ManagementVRMGOVERNANCEManagement StructureRelationshipManagementContract ManagementFinancial managementRisk ManagementDelivery ManagementProblem ManagementChange ManagementCONTRACT CHANGE SUPPLIER CHANGE SCOPE CHANGEFormal scope changerequestDocument changerequestSubmit change requestfor approvalSubmit new contract inreplacementRegister amendedcontract in CMPerform Risk assessmentbased on new criteriaSubmit contractamendmentFormalize impacton termsDocument Scope changeNotify Contractmanagement and amendcontractIdentify resourcing /timeline / value impactScope agreement fromand VendorTerminate for cause orconvenienceProcess SLA commitmentreimbursementsUpdate old vendorscorecard and establishperformance measuresbaseline for new vendorperformanceEstablish new vendorperformance expectationsusing above as a baselineEstablish trainingAnnounce change ifrequired and the changehas a user businessimpact from a processperspectiveIF:Update vendor scorecardand (re) establishperformance measuresPerform Risk assessmentbased on new criteriaUpdate vendor scorecardand (re) establishperformance measuresClose out old contractand indicate “terminated”in CMSTRATEGIC VENDORS42
Current Process Versus Proposed ProcessCurrent VRM ProcessProposed VRM ProcessEnabled by HiperosAn on-demand (SaaS) solution to measure, monitor,and manage the collection of relationships (e.g. suppliers,partners, outsourcers, re-sellers, brokers, and affiliates)that contribute to a company’s value chain.BreadthRegistration pre-award post-awardDepthPerformanceRiskCompliance/CRInformation Mgmt No defined vendor segmentation model Entirely manual process, with information dispersedin various process components within , not alwaysreadily accessible Current focus on a selected few vendors that haveno clearly defined spend owner Continual manual input – no data-driven prompts Vendor management ad-hoc No clear view of vendor risk, other than informationsecurity risk management (PIRT) No formal onboarding process Governance framework components are defined, butnot supported by tools and templates Some components are “common process” within thesourcing cycle, but the activities are not coordinated,accessible or measured Holistic reliance on vendor self assessment, making thescores suspect Only 1 resource currently dedicated to VRM – nocommon-accessible database43
PROGRAM OVERVIEW – Vendor RelationshipManagement1 Tool to add automation, consistency and control to segmentation process 4 Automates interaction of buyer and supplier,2 Identifies savings, documents results, monitors KPIs and tracks supplier performance 5 Workflow/collaboration tool to support vendor segmentation management3 Streamlines the process of vendor management 6 Tool enhancement to track issues, inquiries and support Management Reporting Governance Framework OPC Controls Segmentation framework Customized relationship approaches Insight into risk factors and businesscontinuity management Better vendor performancemanagement Vendor-led Innovation IT –tool enablement CS to be a driver of value Full IT enablement of VRMGovernance Framework forMaterial OutsourcersSegment vendorsCorporate Services VRM RoadmapGoal: An integrated portfolio of vendor management strategies, tools and templates leading to better manage vendor risk,vendor performance and commercial relationshipsLeverage VRM toCapture savings opportunities2012- 20132011 - 20122009- 2011Phase 1 Phase 2 Phase 3 Create a management framework toenable the management of ’smaterial outsourcers Establish Operational Controls on theseven components of the governance framework Develop a vendor segmentation modelallowing to identify which vendorsare strategic and why Vendors are segmented as eitheroStrategicoOperationaloCommodity The VRM framework will extend to allstrategic vendors, all vendors providingoutsourcing services and all bank-widevendors The objective is to manage risk,performance and commercial relationshipsEstablish initial reporting structures Link Segmentation results with thesourcing playbook leverage vendor innovation to acceleratecompetitive differentiation Establish vendor councils to engage moreproactively with a variety of vendorgroups and segments Provide the (IT) tools and templates for-wide adoption so as to streamlineapproach and process45
Establishing Clearly Defined RolesCorporate Services Vendor RelationshipManagement OfficeSpend Owner Implementation ManagerPrimary owners ofvendor contractadministration andpricing negotiations,facilitation ofperformancemanagement andbusiness reviewsChangemanagement agents1. Center of excellenceresponsible fordeveloping / providingtools, processes andpolicies to enable thespend owners andother business unitsto more effectivelymanage a vendor2. Prime owner of vendorrelationships forstrategic vendors, andfirst level ofescalation for vendornon-compliantbehaviorPrimary owners ofVendor relationshipsfor operational,commodity andoutsourcing vendors.They leverage thetools and processesprovided by the VRMO.Fist level of escalationfor non-strategicvendors non-compliantbehaviorindividual withineither CorporateServices or the LOBdesignated asresponsible formanaging day-to-day project oronboarding relatedactivities andrelationships with avendor for a definedengagementCurrentStateNew programunderdevelopmentExiststodayaka PMExiststoday but formalizingtools and templatesCategory Leads /Category DirectorsFormal GroupWithinCorporate ServicesPre-identified ownerwithin the business unitPre-identified ownerwithin the business unit46
Level 2 Mapping of the Enabling Tools to the Key VRMCriteriaFrom 7 processes to 3 objectives enabled by with specific responsibilities assigned3 processes per vendor segmentCurrent Results in: Strategic Operational Commodity OutsourceGovernance VRM Strategic ObjectivesFrameworkVRM Management Toolset VMO Managed LOB Managed LOB Managed VMO /LOBVMO Optional Co-ManagedRisk ManagementManage Vendor Risk Business Continuity Process MANDATORY RECOMMENDED OPTIONAL MANDATORYProblem ManagementDelivery Management Manage Performance Performance Scorecard MANDATORY RECOMMENDED OPTIONAL MANDATORYRisk ManagementManage Relationships Relationship Framework MANDATORY RECOMMENDED OPTIONAL MANDATORYFinancial ManagementHigh PIRT Attestation MANDATORY MANDATORY MANDATORY MANDATORYContract ManagementRelationship ManagementHigh PIRT Scores47
In order to establish a common approach, we propose that Corporate Services willmanage the VRM Policy / Process / Platform / Templates while working withSupplier Risk Management (VRM) and Business Continuity (BCM). CorporateServices will also provide the tools and templates to any LOB that have chosen tohave their own vendor relationship management structure.
49Transition in Process and FocusManage RiskManage ContractsManage ProblemsManage FinancialsManage RelationshipsManage ContractsThe deliverable of VRM V1 was aVRM Governance Framework,Identifying 7 processesNeeding to be managedManageRiskManagePerformanceManageRelationshipsManage ChangeIn V2, we amalgamatethe 7 V1 processes intothree final deliverables:Business ContinuitySupplier ScorecardsScheduled SupplierMeetingsObjectives DeliverableVRMGovernance ProcessCURRENT STATE FUTURE STATE49