Successfully reported this slideshow.
Your SlideShare is downloading. ×

Vendor management using COBIT 5

Ad

Vendor Management: Using
COBIT 5

Ad

Introduction

Ad

New Guidance from ISACA
Areas covered
• IT
• Process owners and
stakeholders
• Compliance and laws
• Risk management
• Aud...

Ad

Ad

Ad

Ad

Ad

Ad

Ad

Ad

Ad

Ad

Ad

Ad

Ad

Ad

Ad

Ad

Ad

Ad

Ad

Ad

Loading in …3
×

Check these out next

1 of 23 Ad
1 of 23 Ad

Vendor management using COBIT 5

Download to read offline

In the age of Digital everything, organizations are looking to increase their "speed" and "velocity" which often leads to the integration of more partners rather than less. This presentation delivers an introduction to using the ISACA Publication "Vendor Management: Using COBIT 5" to assist organizations in delivering an effective Vendor solution.

In the age of Digital everything, organizations are looking to increase their "speed" and "velocity" which often leads to the integration of more partners rather than less. This presentation delivers an introduction to using the ISACA Publication "Vendor Management: Using COBIT 5" to assist organizations in delivering an effective Vendor solution.

More Related Content

Similar to Vendor management using COBIT 5 (20)

Vendor management using COBIT 5

  1. 1. Vendor Management: Using COBIT 5
  2. 2. Introduction
  3. 3. New Guidance from ISACA Areas covered • IT • Process owners and stakeholders • Compliance and laws • Risk management • Audit • Contracts • Service monitoring
  4. 4. Vendors • A vendor is a third party that supplies products or services to an enterprise. • Most enterprises seek external vendor support for assistance with operations for one of the following reasons: – Vendor expertise – Vendor capacity – Vendor assuming risk – Vendor leveraging scale
  5. 5. Vendor Management • Vendor management is a strategic process that is dedicated to the sourcing and management of vendor relationships so that: – value creation is maximized and – risk to the enterprise is minimized
  6. 6. Vendor Management Objectives Managing vendors has many benefits, including: • Data loss reduction • Decrease in audit findings • Cost optimization • Increased availability • Liability reduction • Increased end-user satisfaction • Value creation
  7. 7. Vendors to include  Play a critical role in daily operations  Can have critical impact on the success of strategic projects  Require long-term contracts  Have potential significant financial implications  Are difficult to change overnight  Require frequent interaction and/or disputes  Access or manage substantial critical or sensitive data
  8. 8. Important Documents
  9. 9. Contract Lifecycle
  10. 10. Contract Contracts accomplishes the following: • Form a common understanding of what needs to be achieved • Define all deliverables, relevant service levels and metrics • Define responsibilities and obligations • Define the terms and conditions • Specify how risk will be allocated between parties • Define legal counsel and jurisdiction stipulations
  11. 11. SLAs • An SLA is an agreement, preferably documented, between a product or service provider and the enterprise that defines minimum performance targets for a deliverable and how they will be measured and reported. • The SLA enables customer and vendor accountabilities and expectations to be clearly understood. Performance can have the following implications: – Financial rewards (for exceeding targets) – Financial penalties (for underperformance)
  12. 12. SLA Common Pitfalls • Focus on the wrong objectives • Simplistic metrics • Inappropriate terminology • Room for interpretation • Labor-intensive reporting requirements
  13. 13. SLA Management Benefits • Better alignment with business objectives • Ability to manage services proactively • Greater transparency of service delivery • Lower service level management overhead • Better relationships between the enterprise and vendor
  14. 14. SLA Diagram
  15. 15. Stakeholder Responsibilities
  16. 16. Risk – 5 Threat Categories • T1 – Selection: Wrong vendor • T2 – Contract: Incomplete | Static • T3 – Requirements: Poorly defined • T4 – Governance: Inadequate vendor management • T5 – Strategy: Vendor lock-in
  17. 17. Mitigation Strategy Threat COBIT 5 Guidance 1. Diversify sourcing strategy to avoid overreliance or vendor lock in T5 APO02 Manage strategy, APO10 Manage suppliers 2. Establish policies and procedures for vendor management T4, T5 APO11 Manage quality – Enablers: Principles, Policies and Frameworks; Information 3. Establish a vendor management governance model T4, T5 APO09 Manage service agreements, APO10 Manage suppliers – Enabler: Organisational Structures 4. Set up a vendor management organization within the enterprise (VMO) T4, T5 APO10 Manage suppliers -- Enablers: Organisational Structures; People, Skills and Competencies 5. Forecast requirements regarding the skills and competencies of the vendor employees T2 APO10 Manage suppliers – Enablers: People, Skills and Competencies 6. Use standard documents and templates T2 – Enabler: Information
  18. 18. Mitigation Strategy Threat COBIT 5 Guidance 7. Formulate clear requirements T3, T5 BAI02 Manage requirements definition, BAI03 Manage solutions identification and build – Enabler: Information 8. Perform adequate vendor selection T1, T5 APO10 Manage suppliers, APO12 Manage risk – Enablers: People, Skills and Competencies 9. Cover all relevant life-cycle events during contract drafting T2 APO11 Manage quality, APO12 Manage risk – Enabler: Information 10. Determine the adequate security and controls needed during the relationship T4, T2 APO11 Manage quality; APO12 Manage risk, MEA01 Monitor, evaluate and assess performance and conformance – Enablers: Service, Infrastructure and Applications; Information
  19. 19. Mitigation Strategy Threat COBIT 5 Guidance 11. Set up SLAs T2 APO09 Manage service agreements – Enabler: Information 12. Set up operating level agreements (OLAs) and underpinning contracts T2 APO09 Manage service agreements – Enabler: Information 13. Set up appropriate vendor performance/service level monitoring and reporting T2, T4 APO09 Manage service agreements, APO10 Manage suppliers, MEA01 Monitor, evaluate and assess performance and conformance – Enabler: Information 14. Establish a penalties and reward model with the vendor T2 APO09 Manage service agreements, APO10 Manage suppliers
  20. 20. Mitigation Strategy Threat COBIT 5 Guidance 15. Conduct adequate vendor relationship management during the life cycle T4 APO08 Manage relationships, APO10 Manage suppliers – Enablers: Ethics, Culture and Behaviour 16. Review contracts and SLAs on a periodic basis T4, T5 APO09 Manage service agreements, MEA01 Monitor, evaluate and assess performance and conformance – Enabler: Information 17. Conduct vendor risk management T4, T5 APO10 Manage suppliers, APO12 Manage risk – Enabler: Organisational Structures
  21. 21. Mitigation Strategy Threat COBIT 5 Guidance 18. Perform an evaluation of compliance with enterprise policies T4 APO10 Manage suppliers; MEA01 Monitor, evaluate and assess performance and conformance; MEA03 Monitor, evaluate and assess compliance with external requirements – Enablers: Principles, Policies and Frameworks; Information 19. Perform an evaluation of vendor internal controls T4 APO10 Manage suppliers; APO12 Manage risk; MEA01 Monitor, evaluate and assess performance and conformance – Enabler: Organisational Structures; Information
  22. 22. Mitigation Strategy Threat COBIT 5 Guidance 20. Plan and manage the end of the relationship T2, T4, T5 APO09 Manage service agreements; APO10 Manage suppliers; APO12 Manage risk – Enabler: Services, Infrastructure and Applications; People, Skills and Competencies; Information 21. Use a vendor management system T1, T2, T3, T4 APO08 Manage relationships; APO09 Manage service agreements; APO11 Manage quality; APO12 Manage risk – Enabler: Services, Infrastructure and Applications 22. Create data and hardware disposal stipulations T2, T4 APO12 Manage risk – Enablers: Services, Infrastructure and Applications; Information; Principles, Policies and Frameworks
  23. 23. Q&A

×