2. The Need for Independent Outsourcing Oversight
Security Execution
Assurance Assurance
Relationship
Start-up
Assurance
Assurance
Value / Cost Compliance
Assurance Assurance
Outsourcing organizations require a structured, independent and competent
assurance throughout the outsourcing / off-shoring relationships. This would help the
organization to have checks and balances to realize the objectives.
We have the competence to provide assurance services to the organizations to ensure
that the outsourcing relationships fetch the anticipated benefits.
Techserv Consulting Confidential & Private
2
3. The focus areas of Outsourcing Assurance
Outsourcing Assurance is a management
process to provide a independent comfort to
management that Outsourcing engagement
processes are effective and efficient enough to
provide the desired results envisaged at the
beginning of the outsourcing engagement. Also,
IC to provide identified material weaknesses in the
AL VAL
EG NT
AT E outsourcing processes either at Outsourced
IG UE
TR GNM NM
SI organization or at supplier end.
EN
AL T
This assurance function should be established
Outsourcing at strategic checkpoints to provide the required
PER IGNME
NT
A LI G U R E
Alignment alignment in the following focus areas:
AL
FOR
NME
T
CUL
MA N T
www.itgi.org Strategic Alignment
N
Value alignment
CE
Performance alignment
PROCESS
Culture alignment
ALIGNMENT
Product alignment
Techserv Consulting Confidential & Private
3
4. Why Outsourcing Assurance focus on these areas?
Focuses on ensuring the linkage of business and outsourcing plans;
Strategic alignment on defining, maintaining and validating the outsourcing value proposition;
and on aligning outsourcing operations with enterprise operations
Is about executing the value proposition throughout the outsourcing cycle,
Value alignment ensuring that supplier delivers the benefits against the outsourcing strategy,
concentrating on optimising costs and proving the intrinsic value of outsourcing
Culture alignment Focuses on bridging the cultural gaps between two organization
Focuses on ensuring required process infrastructure is established and
implemented and institutionalized to have transparency in outsourced
Process alignment processes. Ensure that these processes are improved continually and aligned
to outsourcing objectives
Tracks and monitors strategy implementation, project completion, resource
Performance alignment usage, process performance and service delivery, using, for example,
scorecards that translate strategy into action to achieve goals measurable
beyond conventional accounting
Techserv Consulting Confidential & Private
4
5. Outsourcing Assurance aims
Conformance
• Adhering to Laws, Regulations, Legislation,
Policies and Procedures, audit requirements,
etc.
Performance Performance
• Improving Performance Score card,
Outsourcing efficiency and effectiveness,
Conformance
growth, etc.
Outsourcing Assurance aims to balance conformance and performance goals
Techserv Consulting Confidential & Private
5
6. Outsourcing Governance Stakeholders
Board and executive Set direction for outsourcing, monitor results and insist on
corrective measures
Defines business requirements for outsourcing and ensures
Business management that value is delivered and risks are managed
Supplier management Monitors outsourcing services as required by the Business
Management
Provides independent assurance services to demonstrate
Assurance services that outsourcing delivers what is needed
Delivers and improves outsourcing services as required by
Outsourcing management the Client Management
Risk and compliance Measures compliance with policies and focuses on alerts to
new risks
Supplier Independent Assurance
Service Buyer
Techserv Consulting Confidential & Private
6
7. Outsourcing Assurance Framework
PERFORMANCE CONFORMANCE
Enterprise Drivers
Business Goals Acts & Regulations
A A
Sarbanes-Oxley Act,
Outsourcing Drivers Scorecard COBIT,CMMI,ISO
S S
27001 etc.
S S
U U
R R
Outsourcing Governance COBIT
A A
N N
C C
E E
ISO ISO
Best Practice Standards CMMI
9001:2000 27001
Governance Functional
Processes and Procedures Operational
Processes Processes Processes
Techserv Consulting Confidential & Private
7
8. Alignment Agents
Program Management
•
A
A
Process Design
l
l
•
i
Process Implementation
i
V
g
g
V
a
n •
n
Delivery Management
a
m
m
l
l
u
e
•
e
SLA Management
u
e
n
n
e
t
t
P P
R R
Client Management
Program Management O O
D C
E
U
• •
Contract Administration Contract Administration
S
T
S
Assurance
• •
Program Oversight Program Planning
(Alignment Agents)
• •
SLA Management Program Oversight
• •
Program Oversight Escalation Resolution
PERFORMANCE
S
S t A
t
A Supplier Management r l
r
l a i
a
i t
• g
t Outsourcing Strategies
g e n
e
n g
• m
g Outsourcing Oversight
m I e
I
e • c
Supplier Selection n
c
n
t
t • Program termination
Techserv Consulting Confidential & Private
8
9. Assurance Scope (Strategy & Planning)
Deliverables
Review Reports
Transition
Strategy & Due Diligence Reports
Planning
Pricing consultation Report
Information Security Assessment report
IT Processes
Contract Advisory Report
Strategy & Planning
Execution Program
Closure
Strategy reviews
Planning reviews
Supplier Selection reviews
Supplier infrastructure due diligence
Outcome
Suppliers Human Resources due diligence
Right Pricing is established
Strategy and Planning verified Suppliers Process infrastructure due diligence
Suppliers’ claims validated
Supplier readiness due diligence
Risks towards security assessed
Contract negotiation / re-negotiation (Pricing)
Human resources claims assessed
Outsourcing readiness assessed Information Security and Privacy assessment
Effort estimation review
Techserv Consulting Confidential & Private
9
10. Assurance Scope (Transition)
Deliverables
Strategy &
Review Reports
Transition
Planning
Validation Reports
Process documentation
IT Processes
Execution Program
Transition
Closure
Transition Planning review
Transition Schedule review
Program staffing review
Outcome
Knowledge transfer execution review
Effective transition strategy
Efficient transition strategy Pilot project execution review
Process infrastructure readiness
Program Planning Process definition
Program transition health status
Program execution Process definition
Pilot project validation
Supplier readiness against the plan Quality Assurance Process definition
Risk assessment and mitigation
Quality Control process definition
Process infrastructure
Information Security process definition
Techserv Consulting Confidential & Private
10
11. Assurance Scope (Execution)
Transition
Strategy &
Deliverables
Planning
Review Reports
Validation Reports
Assurance
Process documentation
Audit report
Program
Execution
Closure
Execution
Periodic Audit of Contractual obligations
Periodic Audit of Information Security processes
Outcome
Alignment of execution processes Periodic Audit of process implementation
Alignment of info. Security requirements
Periodic Audit of Service Level Agreements
Program status communication
Process improvements Periodic Audit of deviations, escalations
Risk identification
Periodic Audit of Supplier’s infrastructure
Techserv Consulting Confidential & Private
11
12. Assurance Scope (Program Closure)
Transition
Strategy &
Planning
Deliverables
IT Processes Review Reports
Validation Reports
Audit report
Program
Execution
Closure
Program Closure
Reverse Transition Planning
Outcome Reverse Transitioning
Smooth reverse transition
Contract, Regulatory compliance
Compliance to regulations, laws etc.,
Program sign-offs
Effective reverse knowledge transfer
Program closure
Techserv Consulting Confidential & Private
12