The document discusses the significance of delivery assurance in IT service provider organizations, emphasizing the need for proactive management to address delivery issues that often arise during program initiation. It outlines a framework for implementing a delivery assurance function, including components such as continuous auditing, risk assessment, and governance, to enhance service quality and mitigate risks. Key factors for successful delivery assurance include senior management commitment and effective collaboration between the delivery and assurance teams.

1. anand.nirmalkumar@gmail.com | in.linkedin.com/in/anandnirmalkumar/
Delivery Assurance
In IT Service Provider Organization

2. anand.nirmalkumar@gmail.com | in.linkedin.com/in/anandnirmalkumar/ 2
Objective
“We have a problem not because we didn’t have solution but
because we didn’t know the problem…
The Problem in The Problem is The Problem (statement) not the
solution.”
 Past root cause analysis of troubled critical programs points
to issues in the Program Initiation stage as major contributor
 More than 80% of delivery issues have been realized only
after the fact
 This article provides a perspective on the importance and a
way to institutionalize Delivery Assurance Function in an IT
Service Provider Organization

3. anand.nirmalkumar@gmail.com | in.linkedin.com/in/anandnirmalkumar/ 3
Why Delivery Assurance?
 From perspective of an organization procuring services from
Service Provider
 May not be able to follow all IS Auditing practices directly
 May contractually bind service provider for expected quality
 An independent assessment on the collaborative work of business &
IT team of the organization and IT team of service provider
organization, aids in reducing business risks
 From perspective of service provider
 Quality assurance framework using IS Auditing practices reduces
delivery risk and exposures in critical Programs where stakes and
liabilities are high
 To improve proactive & preventive management
 To provide independent assurance to senior management that
internal controls are in place and are functioning effectively
 To identify control weaknesses and develop cost-effective solutions
for addressing those weaknesses

4. anand.nirmalkumar@gmail.com | in.linkedin.com/in/anandnirmalkumar/ 4
Delivery Assurance Framework
Initiation
Right preparation
and agile planning
is required during
program initiation
or transition phase
Continual
Auditing
Monthly self-
assessment by
delivery team
using checklists
DA Audit
Audit by DA team
minimum once a
quarter
Entry
Evaluate business /
delivery risk to bring
Program / Project /
Account under Delivery
Assurance
DA Governance
Follow up on agreed corrective actions closure or timely escalation on inaction to appropriate level in senior
management based on materiality
Preventive
DA team person to
be part of delivery
team during
initiation to advice
on “Start Green”
Detective
To enable self-heal
to “Stay Green”
Corrective
Identify weakness &
recommend process
controls
Exit
On completion or the
residual risk within
acceptable level
DA Function to provide enablement to service delivery team in non-threatening mode to avoid information hiding

5. anand.nirmalkumar@gmail.com | in.linkedin.com/in/anandnirmalkumar/ 5
DA Charter
 Delivery Assurance Function
 Articulate and communicate clearly the authority, purpose,
responsibilities, limitations and Independence
 Roles and responsibilities of the auditee
 Professional standards that the assurance professional will follow in the
conduct of assurance engagements (can be based on ITAF)
 Assurance Professional
 Dedicated team of service delivery experts supported by process &
specific functional / technical experts on need basis
 DA team to stay independent and objective in both attitude and
appearance in all matters related to assurance engagements

6. anand.nirmalkumar@gmail.com | in.linkedin.com/in/anandnirmalkumar/ 6
Audit Scope
 Service Delivery Process
 Understand service delivery process followed in the program
 Review adequacy & adherence of service delivery process
 Governance & Reporting
 Understand governance process in detail
 Review adequacy & adherence of governance process & reporting
 Functional / Technical Solution
 With subject matter experts, audit the solution against contract, requirements baseline
and customer expectation
 Resource Management
 Audit capacity and capability of all required resources, preparedness in onboarding
them, and related risks
 Performance
 Audit Delivery & Financial performance till date & future projection
 Output
 Scope includes recommending mitigation action / solution or overseeing solution by
experts and providing oversight on recovery
 Advice senior management on business risks based on materiality, mitigation plans and
their progress

7. anand.nirmalkumar@gmail.com | in.linkedin.com/in/anandnirmalkumar/ 7
Entry into DA
 Risk based approach to select
Projects / Programs / Accounts
 Assessment to identify Programs /
Account based on Delivery Risk &
Benefit Risk
 Structured assessment process
based on parameters such as
complexity & uniqueness of service
delivery, financial exposures in case
of failure or delay, customer
industry, geography sensitivity &
culture
 Choose fewer higher risk Programs
to make it effective to gain
assurance capability, improve
framework and to ensure benefits
realization
Entry
Initiation
Continual Auditing
DA Audit
Exit

8. anand.nirmalkumar@gmail.com | in.linkedin.com/in/anandnirmalkumar/ 8
DA in Initiation
 Good start is half the battle won –
Complex engagements require
expert consultancy on more
preparedness & guidance by
experienced experts
 DA team member part of delivery
team during Program / Account
initiation period to assist in “Start
Green”
 Enablement through report
templates, checklists, advice in
service delivery process &
governance setup
 Guidance in team readiness,
delivery & productivity planning
 Key enablement in internal as well
as customer Governance setup
Entry
Initiation
Continual Auditing
DA Audit
Exit

9. anand.nirmalkumar@gmail.com | in.linkedin.com/in/anandnirmalkumar/ 9
Continual Auditing
 Key problem is “Unawareness” –
checklist / template based self-
assessment aids in bringing right
awareness in the team
 Shortens time lapse between time
of internal control problem
occurrence and identification
 Structure to bring review rigor in
account management to “Stay
Green”
 Programs / Projects to do monthly
self-assessment using checklists
based on the type of work – AM,
AD, Infrastructure management
 Quarterly audit by quality team to
verify evidence on the claim by
delivery team in their self-
assessment
Entry
Initiation
Continual Auditing
DA Audit
Exit

10. anand.nirmalkumar@gmail.com | in.linkedin.com/in/anandnirmalkumar/ 10
Audit by Assurance Professional
 Obtain sufficient and appropriate
evidence to draw reasonable
conclusions
 Collect and evaluate evidence to
determine that undesired events
will be prevented, or detected &
corrected
 Conduct Compliance (evidence
gathered to evaluate compliance to
process / procedures) &
Substantive verification (evidence
gathers to evaluate integrity of
stated fact)
 Recommend appropriate alternate
or additional or compensating or
sufficiency process controls
Entry
Initiation
Continual Auditing
DA Audit
Exit

11. anand.nirmalkumar@gmail.com | in.linkedin.com/in/anandnirmalkumar/ 11
Exiting DA
 On completion or residual risk level
is within the limit of risk appetite or
risk level is low compared to other
programs / accounts
 Conduct formal lessons learned
reviews to provide constructive
feedback to improve DA
Framework
Entry
Initiation
Continual Auditing
DA Audit
Exit

12. anand.nirmalkumar@gmail.com | in.linkedin.com/in/anandnirmalkumar/ 12
DA Governance
 At customer account / BU level,
aggregate all deviations /
exceptions / risks for management
review leading to identification of
action plan for improvement and
recovery
 Add actions into central action
tracker with appropriate escalation
to next levels based on the
materiality of the issue / risk
 BU level review of DA action tracker
once in a month
 Quarterly review of DA Function on
 Are we doing the right things?
 Are we doing them the right way?
 Are we getting them done well?
 Are we getting the benefits?
Entry
Initiation
Continual Auditing
DA Audit
Exit

13. anand.nirmalkumar@gmail.com | in.linkedin.com/in/anandnirmalkumar/ 13
Critical Success Factors
 Senior management commitment
 Led by a senior management person who can influence eco-system
 One Business Unit head as sponsor for a year in rotation
 Delivery team co-operation and availability for audit
 Do not compromise on quality of audit rather compromise on
number of programs chosen for audit to work within efforts
available for Delivery Assurance
 Avoid the unfocused checklist approach; checklist only guides –
expertise of assurance professional brings immense value
 As they say “there’s more to being an auditor than auditing” –
selection of DA team member(s) critical
 DA function should have access to top expertise available in the
organization when there is a need for a particular assessment
 DA action tracker and assurance progress to be reviewed at
business unit level minimum once in a month