SlideShare a Scribd company logo

Vendor management using COBIT 5

Download as PPTX, PDF
Robert Stroud
Robert Stroud

In the age of Digital everything, organizations are looking to increase their "speed" and "velocity" which often leads to the integration of more partners rather than less. This presentation delivers an introduction to using the ISACA Publication "Vendor Management: Using COBIT 5" to assist organizations in delivering an effective Vendor solution.

1 of 23
Vendor Management: Using COBIT 5
Introduction
New Guidance from ISACA Areas covered • IT • Process owners and stakeholders • Compliance and laws • Risk management • Audit • Contracts • Service monitoring
Vendors • A vendor is a third party that supplies products or services to an enterprise. • Most enterprises seek external vendor support for assistance with operations for one of the following reasons: – Vendor expertise – Vendor capacity – Vendor assuming risk – Vendor leveraging scale
Vendor Management • Vendor management is a strategic process that is dedicated to the sourcing and management of vendor relationships so that: – value creation is maximized and – risk to the enterprise is minimized
Vendor Management Objectives Managing vendors has many benefits, including: • Data loss reduction • Decrease in audit findings • Cost optimization • Increased availability • Liability reduction • Increased end-user satisfaction • Value creation
Vendors to include  Play a critical role in daily operations  Can have critical impact on the success of strategic projects  Require long-term contracts  Have potential significant financial implications  Are difficult to change overnight  Require frequent interaction and/or disputes  Access or manage substantial critical or sensitive data
Important Documents
Contract Lifecycle
Contract Contracts accomplishes the following: • Form a common understanding of what needs to be achieved • Define all deliverables, relevant service levels and metrics • Define responsibilities and obligations • Define the terms and conditions • Specify how risk will be allocated between parties • Define legal counsel and jurisdiction stipulations
SLAs • An SLA is an agreement, preferably documented, between a product or service provider and the enterprise that defines minimum performance targets for a deliverable and how they will be measured and reported. • The SLA enables customer and vendor accountabilities and expectations to be clearly understood. Performance can have the following implications: – Financial rewards (for exceeding targets) – Financial penalties (for underperformance)
SLA Common Pitfalls • Focus on the wrong objectives • Simplistic metrics • Inappropriate terminology • Room for interpretation • Labor-intensive reporting requirements
SLA Management Benefits • Better alignment with business objectives • Ability to manage services proactively • Greater transparency of service delivery • Lower service level management overhead • Better relationships between the enterprise and vendor
SLA Diagram
Stakeholder Responsibilities
Risk – 5 Threat Categories • T1 – Selection: Wrong vendor • T2 – Contract: Incomplete | Static • T3 – Requirements: Poorly defined • T4 – Governance: Inadequate vendor management • T5 – Strategy: Vendor lock-in
Mitigation Strategy Threat COBIT 5 Guidance 1. Diversify sourcing strategy to avoid overreliance or vendor lock in T5 APO02 Manage strategy, APO10 Manage suppliers 2. Establish policies and procedures for vendor management T4, T5 APO11 Manage quality – Enablers: Principles, Policies and Frameworks; Information 3. Establish a vendor management governance model T4, T5 APO09 Manage service agreements, APO10 Manage suppliers – Enabler: Organisational Structures 4. Set up a vendor management organization within the enterprise (VMO) T4, T5 APO10 Manage suppliers -- Enablers: Organisational Structures; People, Skills and Competencies 5. Forecast requirements regarding the skills and competencies of the vendor employees T2 APO10 Manage suppliers – Enablers: People, Skills and Competencies 6. Use standard documents and templates T2 – Enabler: Information
Mitigation Strategy Threat COBIT 5 Guidance 7. Formulate clear requirements T3, T5 BAI02 Manage requirements definition, BAI03 Manage solutions identification and build – Enabler: Information 8. Perform adequate vendor selection T1, T5 APO10 Manage suppliers, APO12 Manage risk – Enablers: People, Skills and Competencies 9. Cover all relevant life-cycle events during contract drafting T2 APO11 Manage quality, APO12 Manage risk – Enabler: Information 10. Determine the adequate security and controls needed during the relationship T4, T2 APO11 Manage quality; APO12 Manage risk, MEA01 Monitor, evaluate and assess performance and conformance – Enablers: Service, Infrastructure and Applications; Information
Mitigation Strategy Threat COBIT 5 Guidance 11. Set up SLAs T2 APO09 Manage service agreements – Enabler: Information 12. Set up operating level agreements (OLAs) and underpinning contracts T2 APO09 Manage service agreements – Enabler: Information 13. Set up appropriate vendor performance/service level monitoring and reporting T2, T4 APO09 Manage service agreements, APO10 Manage suppliers, MEA01 Monitor, evaluate and assess performance and conformance – Enabler: Information 14. Establish a penalties and reward model with the vendor T2 APO09 Manage service agreements, APO10 Manage suppliers
Mitigation Strategy Threat COBIT 5 Guidance 15. Conduct adequate vendor relationship management during the life cycle T4 APO08 Manage relationships, APO10 Manage suppliers – Enablers: Ethics, Culture and Behaviour 16. Review contracts and SLAs on a periodic basis T4, T5 APO09 Manage service agreements, MEA01 Monitor, evaluate and assess performance and conformance – Enabler: Information 17. Conduct vendor risk management T4, T5 APO10 Manage suppliers, APO12 Manage risk – Enabler: Organisational Structures
Mitigation Strategy Threat COBIT 5 Guidance 18. Perform an evaluation of compliance with enterprise policies T4 APO10 Manage suppliers; MEA01 Monitor, evaluate and assess performance and conformance; MEA03 Monitor, evaluate and assess compliance with external requirements – Enablers: Principles, Policies and Frameworks; Information 19. Perform an evaluation of vendor internal controls T4 APO10 Manage suppliers; APO12 Manage risk; MEA01 Monitor, evaluate and assess performance and conformance – Enabler: Organisational Structures; Information
Mitigation Strategy Threat COBIT 5 Guidance 20. Plan and manage the end of the relationship T2, T4, T5 APO09 Manage service agreements; APO10 Manage suppliers; APO12 Manage risk – Enabler: Services, Infrastructure and Applications; People, Skills and Competencies; Information 21. Use a vendor management system T1, T2, T3, T4 APO08 Manage relationships; APO09 Manage service agreements; APO11 Manage quality; APO12 Manage risk – Enabler: Services, Infrastructure and Applications 22. Create data and hardware disposal stipulations T2, T4 APO12 Manage risk – Enablers: Services, Infrastructure and Applications; Information; Principles, Policies and Frameworks
Q&A

Recommended

Governance risk and compliance
Governance risk and complianceGovernance risk and compliance
Governance risk and compliance
Magdalena Matell
 
Risk Management Process Steps Powerpoint Presentation Slides
Risk Management Process Steps Powerpoint Presentation SlidesRisk Management Process Steps Powerpoint Presentation Slides
Risk Management Process Steps Powerpoint Presentation Slides
SlideTeam
 
Introduction to COBIT 2019 and IT management
Introduction to COBIT 2019 and IT managementIntroduction to COBIT 2019 and IT management
Introduction to COBIT 2019 and IT management
Christian F. Nissen
 
Cobit 2019 framework by ISACA
Cobit 2019 framework by ISACACobit 2019 framework by ISACA
Cobit 2019 framework by ISACA
MDFazlaRabbiAbir
 
An Introduction to IT Management with COBIT 2019
An Introduction to IT Management with COBIT 2019An Introduction to IT Management with COBIT 2019
An Introduction to IT Management with COBIT 2019
Gregor Polančič
 
ValueFlowIT: A new IT Operating Model Emerges
ValueFlowIT: A new IT Operating Model EmergesValueFlowIT: A new IT Operating Model Emerges
ValueFlowIT: A new IT Operating Model Emerges
David Favelle
 
How to build an integrated and actionable IT Service Catalog
How to build an integrated and actionable IT Service CatalogHow to build an integrated and actionable IT Service Catalog
How to build an integrated and actionable IT Service Catalog
mboyle
 
cobit 2019 presentation.pdf
cobit 2019 presentation.pdfcobit 2019 presentation.pdf
cobit 2019 presentation.pdf
mohammed539963
 

Recommended

Governance risk and compliance
Governance risk and complianceGovernance risk and compliance
Governance risk and compliance
Magdalena Matell
 
Risk Management Process Steps Powerpoint Presentation Slides
Risk Management Process Steps Powerpoint Presentation SlidesRisk Management Process Steps Powerpoint Presentation Slides
Risk Management Process Steps Powerpoint Presentation Slides
SlideTeam
 
Introduction to COBIT 2019 and IT management
Introduction to COBIT 2019 and IT managementIntroduction to COBIT 2019 and IT management
Introduction to COBIT 2019 and IT management
Christian F. Nissen
 
Cobit 2019 framework by ISACA
Cobit 2019 framework by ISACACobit 2019 framework by ISACA
Cobit 2019 framework by ISACA
MDFazlaRabbiAbir
 
An Introduction to IT Management with COBIT 2019
An Introduction to IT Management with COBIT 2019An Introduction to IT Management with COBIT 2019
An Introduction to IT Management with COBIT 2019
Gregor Polančič
 
ValueFlowIT: A new IT Operating Model Emerges
ValueFlowIT: A new IT Operating Model EmergesValueFlowIT: A new IT Operating Model Emerges
ValueFlowIT: A new IT Operating Model Emerges
David Favelle
 
How to build an integrated and actionable IT Service Catalog
How to build an integrated and actionable IT Service CatalogHow to build an integrated and actionable IT Service Catalog
How to build an integrated and actionable IT Service Catalog
mboyle
 
cobit 2019 presentation.pdf
cobit 2019 presentation.pdfcobit 2019 presentation.pdf
cobit 2019 presentation.pdf
mohammed539963
 
Digital Operating Model & IT4IT
Digital Operating Model & IT4ITDigital Operating Model & IT4IT
Digital Operating Model & IT4IT
David Favelle
 
IT Governance Framework
IT Governance FrameworkIT Governance Framework
IT Governance Framework
Sherri Booher
 
Understanding IT Governance and Risk Management
Understanding IT Governance and Risk ManagementUnderstanding IT Governance and Risk Management
Understanding IT Governance and Risk Management
jiricejka
 
Optimize the IT Operating Model
Optimize the IT Operating ModelOptimize the IT Operating Model
Optimize the IT Operating Model
Info-Tech Research Group
 
LinkedIn Executive Summit in Munich: Digital Transformation @ Scale
LinkedIn Executive Summit in Munich: Digital Transformation @ ScaleLinkedIn Executive Summit in Munich: Digital Transformation @ Scale
LinkedIn Executive Summit in Munich: Digital Transformation @ Scale
LinkedIn D-A-CH
 
DevOps, BA and COBIT don’t really align, or do they?
DevOps, BA and COBIT don’t really align, or do they?DevOps, BA and COBIT don’t really align, or do they?
DevOps, BA and COBIT don’t really align, or do they?
IIBA-Canberra
 
IT Governance - Capability Assessment using COBIT 5
IT Governance - Capability Assessment using COBIT 5IT Governance - Capability Assessment using COBIT 5
IT Governance - Capability Assessment using COBIT 5
Eryk Budi Pratama
 
ITIL Basic concepts
ITIL Basic conceptsITIL Basic concepts
ITIL Basic concepts
Spyros Ktenas
 
Implement cobit in your organization
Implement cobit in your organizationImplement cobit in your organization
Implement cobit in your organizationCheikh Hamallah DJIBA
 
IT Strategy I Best Practices I NuggetHub
IT Strategy I Best Practices I NuggetHubIT Strategy I Best Practices I NuggetHub
IT Strategy I Best Practices I NuggetHub
RichardNowack
 
Integrating Risk Appetite With Strategy Feb 14 2011
Integrating Risk Appetite With Strategy Feb 14 2011Integrating Risk Appetite With Strategy Feb 14 2011
Integrating Risk Appetite With Strategy Feb 14 2011
Andrew Smart
 
Governance and Management of Enterprise IT with COBIT 5 Framework
Governance and Management of Enterprise IT with COBIT 5 FrameworkGovernance and Management of Enterprise IT with COBIT 5 Framework
Governance and Management of Enterprise IT with COBIT 5 Framework
Goutama Bachtiar
 
Information Technology Service Management (ITSM) Implementation Methodology B...
Information Technology Service Management (ITSM) Implementation Methodology B...Information Technology Service Management (ITSM) Implementation Methodology B...
Information Technology Service Management (ITSM) Implementation Methodology B...
Waqas Tariq
 
It governance
It governanceIt governance
It governance
Mahetab Khan
 
Align IT and Enterprise Operating Models.pdf
Align IT and Enterprise Operating Models.pdfAlign IT and Enterprise Operating Models.pdf
Align IT and Enterprise Operating Models.pdf
JoelRodriguze
 
Presentation on Audit Findings
Presentation on Audit FindingsPresentation on Audit Findings
Presentation on Audit Findings
Deshapriya Senanayake
 
Using ITIL 4 and IT4IT together
Using ITIL 4 and IT4IT togetherUsing ITIL 4 and IT4IT together
Using ITIL 4 and IT4IT together
Rob Akershoek
 
IT4IT - itSMFUK v4 (3)
IT4IT - itSMFUK v4 (3)IT4IT - itSMFUK v4 (3)
IT4IT - itSMFUK v4 (3)Tony Price
 
CISA exam 100 practice question
CISA exam 100 practice questionCISA exam 100 practice question
CISA exam 100 practice question
Arshad A Javed
 
The Path To Effective IT Chargeback
The Path To Effective IT ChargebackThe Path To Effective IT Chargeback
The Path To Effective IT Chargeback
Pete Hidalgo
 
Vendor Management Systems Best Practices
Vendor Management Systems Best PracticesVendor Management Systems Best Practices
Vendor Management Systems Best Practicesjeffmonaghan
 
Agility under Control - SCRUM vs COBIT
Agility under Control - SCRUM vs COBITAgility under Control - SCRUM vs COBIT
Agility under Control - SCRUM vs COBIT
Przemek Wysota
 

More Related Content

What's hot

Digital Operating Model & IT4IT
Digital Operating Model & IT4ITDigital Operating Model & IT4IT
Digital Operating Model & IT4IT
David Favelle
 
IT Governance Framework
IT Governance FrameworkIT Governance Framework
IT Governance Framework
Sherri Booher
 
Understanding IT Governance and Risk Management
Understanding IT Governance and Risk ManagementUnderstanding IT Governance and Risk Management
Understanding IT Governance and Risk Management
jiricejka
 
Optimize the IT Operating Model
Optimize the IT Operating ModelOptimize the IT Operating Model
Optimize the IT Operating Model
Info-Tech Research Group
 
LinkedIn Executive Summit in Munich: Digital Transformation @ Scale
LinkedIn Executive Summit in Munich: Digital Transformation @ ScaleLinkedIn Executive Summit in Munich: Digital Transformation @ Scale
LinkedIn Executive Summit in Munich: Digital Transformation @ Scale
LinkedIn D-A-CH
 
DevOps, BA and COBIT don’t really align, or do they?
DevOps, BA and COBIT don’t really align, or do they?DevOps, BA and COBIT don’t really align, or do they?
DevOps, BA and COBIT don’t really align, or do they?
IIBA-Canberra
 
IT Governance - Capability Assessment using COBIT 5
IT Governance - Capability Assessment using COBIT 5IT Governance - Capability Assessment using COBIT 5
IT Governance - Capability Assessment using COBIT 5
Eryk Budi Pratama
 
ITIL Basic concepts
ITIL Basic conceptsITIL Basic concepts
ITIL Basic concepts
Spyros Ktenas
 
Implement cobit in your organization
Implement cobit in your organizationImplement cobit in your organization
Implement cobit in your organizationCheikh Hamallah DJIBA
 
IT Strategy I Best Practices I NuggetHub
IT Strategy I Best Practices I NuggetHubIT Strategy I Best Practices I NuggetHub
IT Strategy I Best Practices I NuggetHub
RichardNowack
 
Integrating Risk Appetite With Strategy Feb 14 2011
Integrating Risk Appetite With Strategy Feb 14 2011Integrating Risk Appetite With Strategy Feb 14 2011
Integrating Risk Appetite With Strategy Feb 14 2011
Andrew Smart
 
Governance and Management of Enterprise IT with COBIT 5 Framework
Governance and Management of Enterprise IT with COBIT 5 FrameworkGovernance and Management of Enterprise IT with COBIT 5 Framework
Governance and Management of Enterprise IT with COBIT 5 Framework
Goutama Bachtiar
 
Information Technology Service Management (ITSM) Implementation Methodology B...
Information Technology Service Management (ITSM) Implementation Methodology B...Information Technology Service Management (ITSM) Implementation Methodology B...
Information Technology Service Management (ITSM) Implementation Methodology B...
Waqas Tariq
 
It governance
It governanceIt governance
It governance
Mahetab Khan
 
Align IT and Enterprise Operating Models.pdf
Align IT and Enterprise Operating Models.pdfAlign IT and Enterprise Operating Models.pdf
Align IT and Enterprise Operating Models.pdf
JoelRodriguze
 
Presentation on Audit Findings
Presentation on Audit FindingsPresentation on Audit Findings
Presentation on Audit Findings
Deshapriya Senanayake
 
Using ITIL 4 and IT4IT together
Using ITIL 4 and IT4IT togetherUsing ITIL 4 and IT4IT together
Using ITIL 4 and IT4IT together
Rob Akershoek
 
IT4IT - itSMFUK v4 (3)
IT4IT - itSMFUK v4 (3)IT4IT - itSMFUK v4 (3)
IT4IT - itSMFUK v4 (3)Tony Price
 
CISA exam 100 practice question
CISA exam 100 practice questionCISA exam 100 practice question
CISA exam 100 practice question
Arshad A Javed
 
The Path To Effective IT Chargeback
The Path To Effective IT ChargebackThe Path To Effective IT Chargeback
The Path To Effective IT Chargeback
Pete Hidalgo
 

What's hot (20)

Digital Operating Model & IT4IT
Digital Operating Model & IT4ITDigital Operating Model & IT4IT
Digital Operating Model & IT4IT
 
IT Governance Framework
IT Governance FrameworkIT Governance Framework
IT Governance Framework
 
Understanding IT Governance and Risk Management
Understanding IT Governance and Risk ManagementUnderstanding IT Governance and Risk Management
Understanding IT Governance and Risk Management
 
Optimize the IT Operating Model
Optimize the IT Operating ModelOptimize the IT Operating Model
Optimize the IT Operating Model
 
LinkedIn Executive Summit in Munich: Digital Transformation @ Scale
LinkedIn Executive Summit in Munich: Digital Transformation @ ScaleLinkedIn Executive Summit in Munich: Digital Transformation @ Scale
LinkedIn Executive Summit in Munich: Digital Transformation @ Scale
 
DevOps, BA and COBIT don’t really align, or do they?
DevOps, BA and COBIT don’t really align, or do they?DevOps, BA and COBIT don’t really align, or do they?
DevOps, BA and COBIT don’t really align, or do they?
 
IT Governance - Capability Assessment using COBIT 5
IT Governance - Capability Assessment using COBIT 5IT Governance - Capability Assessment using COBIT 5
IT Governance - Capability Assessment using COBIT 5
 
ITIL Basic concepts
ITIL Basic conceptsITIL Basic concepts
ITIL Basic concepts
 
Implement cobit in your organization
Implement cobit in your organizationImplement cobit in your organization
Implement cobit in your organization
 
IT Strategy I Best Practices I NuggetHub
IT Strategy I Best Practices I NuggetHubIT Strategy I Best Practices I NuggetHub
IT Strategy I Best Practices I NuggetHub
 
Integrating Risk Appetite With Strategy Feb 14 2011
Integrating Risk Appetite With Strategy Feb 14 2011Integrating Risk Appetite With Strategy Feb 14 2011
Integrating Risk Appetite With Strategy Feb 14 2011
 
Governance and Management of Enterprise IT with COBIT 5 Framework
Governance and Management of Enterprise IT with COBIT 5 FrameworkGovernance and Management of Enterprise IT with COBIT 5 Framework
Governance and Management of Enterprise IT with COBIT 5 Framework
 
Information Technology Service Management (ITSM) Implementation Methodology B...
Information Technology Service Management (ITSM) Implementation Methodology B...Information Technology Service Management (ITSM) Implementation Methodology B...
Information Technology Service Management (ITSM) Implementation Methodology B...
 
It governance
It governanceIt governance
It governance
 
Align IT and Enterprise Operating Models.pdf
Align IT and Enterprise Operating Models.pdfAlign IT and Enterprise Operating Models.pdf
Align IT and Enterprise Operating Models.pdf
 
Presentation on Audit Findings
Presentation on Audit FindingsPresentation on Audit Findings
Presentation on Audit Findings
 
Using ITIL 4 and IT4IT together
Using ITIL 4 and IT4IT togetherUsing ITIL 4 and IT4IT together
Using ITIL 4 and IT4IT together
 
IT4IT - itSMFUK v4 (3)
IT4IT - itSMFUK v4 (3)IT4IT - itSMFUK v4 (3)
IT4IT - itSMFUK v4 (3)
 
CISA exam 100 practice question
CISA exam 100 practice questionCISA exam 100 practice question
CISA exam 100 practice question
 
The Path To Effective IT Chargeback
The Path To Effective IT ChargebackThe Path To Effective IT Chargeback
The Path To Effective IT Chargeback
 

Viewers also liked

Vendor Management Systems Best Practices
Vendor Management Systems Best PracticesVendor Management Systems Best Practices
Vendor Management Systems Best Practicesjeffmonaghan
 
Agility under Control - SCRUM vs COBIT
Agility under Control - SCRUM vs COBITAgility under Control - SCRUM vs COBIT
Agility under Control - SCRUM vs COBIT
Przemek Wysota
 
Vendor Management
Vendor ManagementVendor Management
Vendor Management
Anand Subramaniam
 
Vendor Management - Compliance Checklist Manifesto Series
Vendor Management - Compliance Checklist Manifesto SeriesVendor Management - Compliance Checklist Manifesto Series
Vendor Management - Compliance Checklist Manifesto Series
Continuity Control
 
IT Strategic Vendor Management
IT Strategic Vendor ManagementIT Strategic Vendor Management
IT Strategic Vendor ManagementBill Whetstone
 
Outsourcing and Vendor management
Outsourcing and Vendor managementOutsourcing and Vendor management
Outsourcing and Vendor managementRaminder Pal Singh
 
It governance & cobit 5
It governance & cobit 5It governance & cobit 5
It governance & cobit 5
Laddawan Rattanaruang
 
Top 10 Procurement KPI\'s
Top 10 Procurement KPI\'sTop 10 Procurement KPI\'s
Top 10 Procurement KPI\'samberkar
 
Jeffrey Sweet - Third Party Risk Governance - Why? and How?
Jeffrey Sweet - Third Party Risk Governance - Why? and How?Jeffrey Sweet - Third Party Risk Governance - Why? and How?
Jeffrey Sweet - Third Party Risk Governance - Why? and How?
centralohioissa
 
Equipo Interno de Implementacion ERP
Equipo Interno de Implementacion ERPEquipo Interno de Implementacion ERP
Equipo Interno de Implementacion ERP
Corponet
 
Horizon 2013 Zycus Vision
Horizon 2013 Zycus Vision Horizon 2013 Zycus Vision
Horizon 2013 Zycus Vision
Zycus
 
BravoConnect 2014: Risk Management
BravoConnect 2014: Risk ManagementBravoConnect 2014: Risk Management
BravoConnect 2014: Risk Management
BravoSolution
 
Talend Data Preparation Overview
Talend Data Preparation OverviewTalend Data Preparation Overview
Talend Data Preparation Overview
Jean-Michel Franco
 
Procurement Solutions - Paul Turner
Procurement Solutions - Paul TurnerProcurement Solutions - Paul Turner
Procurement Solutions - Paul Turner
Paul_M_Turner
 
Introduction to Val IT
Introduction to Val ITIntroduction to Val IT
Introduction to Val IT
Varuna Harshana
 
Tactica advanced sourcing solution
Tactica advanced sourcing solutionTactica advanced sourcing solution
Tactica advanced sourcing solutionChee Wee Loke
 
Key Challenges Facing Vendor Risk Management Programs
Key Challenges Facing Vendor Risk Management ProgramsKey Challenges Facing Vendor Risk Management Programs
Key Challenges Facing Vendor Risk Management Programs
Colleen Beck-Domanico
 
Negotiation
NegotiationNegotiation
Negotiation
Ira Tobing
 
Supply Chain Council
Supply Chain CouncilSupply Chain Council
Supply Chain Council
Sergio Grisa
 

Viewers also liked (20)

Vendor Management Systems Best Practices
Vendor Management Systems Best PracticesVendor Management Systems Best Practices
Vendor Management Systems Best Practices
 
Agility under Control - SCRUM vs COBIT
Agility under Control - SCRUM vs COBITAgility under Control - SCRUM vs COBIT
Agility under Control - SCRUM vs COBIT
 
Vendor Management
Vendor ManagementVendor Management
Vendor Management
 
Vendor Management
Vendor ManagementVendor Management
Vendor Management
 
Vendor Management - Compliance Checklist Manifesto Series
Vendor Management - Compliance Checklist Manifesto SeriesVendor Management - Compliance Checklist Manifesto Series
Vendor Management - Compliance Checklist Manifesto Series
 
IT Strategic Vendor Management
IT Strategic Vendor ManagementIT Strategic Vendor Management
IT Strategic Vendor Management
 
Outsourcing and Vendor management
Outsourcing and Vendor managementOutsourcing and Vendor management
Outsourcing and Vendor management
 
It governance & cobit 5
It governance & cobit 5It governance & cobit 5
It governance & cobit 5
 
Top 10 Procurement KPI\'s
Top 10 Procurement KPI\'sTop 10 Procurement KPI\'s
Top 10 Procurement KPI\'s
 
Jeffrey Sweet - Third Party Risk Governance - Why? and How?
Jeffrey Sweet - Third Party Risk Governance - Why? and How?Jeffrey Sweet - Third Party Risk Governance - Why? and How?
Jeffrey Sweet - Third Party Risk Governance - Why? and How?
 
Equipo Interno de Implementacion ERP
Equipo Interno de Implementacion ERPEquipo Interno de Implementacion ERP
Equipo Interno de Implementacion ERP
 
Horizon 2013 Zycus Vision
Horizon 2013 Zycus Vision Horizon 2013 Zycus Vision
Horizon 2013 Zycus Vision
 
BravoConnect 2014: Risk Management
BravoConnect 2014: Risk ManagementBravoConnect 2014: Risk Management
BravoConnect 2014: Risk Management
 
Talend Data Preparation Overview
Talend Data Preparation OverviewTalend Data Preparation Overview
Talend Data Preparation Overview
 
Procurement Solutions - Paul Turner
Procurement Solutions - Paul TurnerProcurement Solutions - Paul Turner
Procurement Solutions - Paul Turner
 
Introduction to Val IT
Introduction to Val ITIntroduction to Val IT
Introduction to Val IT
 
Tactica advanced sourcing solution
Tactica advanced sourcing solutionTactica advanced sourcing solution
Tactica advanced sourcing solution
 
Key Challenges Facing Vendor Risk Management Programs
Key Challenges Facing Vendor Risk Management ProgramsKey Challenges Facing Vendor Risk Management Programs
Key Challenges Facing Vendor Risk Management Programs
 
Negotiation
NegotiationNegotiation
Negotiation
 
Supply Chain Council
Supply Chain CouncilSupply Chain Council
Supply Chain Council
 

Similar to Vendor management using COBIT 5

How to implement a strategic IT vendor management program
How to implement a strategic IT vendor management programHow to implement a strategic IT vendor management program
How to implement a strategic IT vendor management program
Jeff Kubacki
 
Post Award Contract Management for IT Suppliers v1.0 20200701
Post Award Contract Management for IT Suppliers v1.0 20200701Post Award Contract Management for IT Suppliers v1.0 20200701
Post Award Contract Management for IT Suppliers v1.0 20200701
Peter Soetevent
 
The Journey to World Class Presentation Contract Management - IACCM Sydney Co...
The Journey to World Class Presentation Contract Management - IACCM Sydney Co...The Journey to World Class Presentation Contract Management - IACCM Sydney Co...
The Journey to World Class Presentation Contract Management - IACCM Sydney Co...David Gee
 
Vendor selection
Vendor selectionVendor selection
Vendor selection
janessa24
 
Outsource.ppt
Outsource.pptOutsource.ppt
Outsource.ppt
Sampath Sredharran
 
Procurement-Contract_Management_v2
Procurement-Contract_Management_v2Procurement-Contract_Management_v2
Procurement-Contract_Management_v2
Business Services Support Limited
 
The Enterprise Supply Chain View
The Enterprise Supply Chain ViewThe Enterprise Supply Chain View
The Enterprise Supply Chain View
ScottMadden, Inc.
 
The biggest problems caused by suppliers and how to prevent them
The biggest problems caused by suppliers and how to prevent themThe biggest problems caused by suppliers and how to prevent them
The biggest problems caused by suppliers and how to prevent them
Ali Zeeshan
 
Iso 20000 presentation
Iso 20000 presentationIso 20000 presentation
Iso 20000 presentation
Musibau Taiwo Lasisi
 
EFS Facilities Services Group | Performance Management
EFS Facilities Services Group | Performance ManagementEFS Facilities Services Group | Performance Management
EFS Facilities Services Group | Performance Management
Tariq Chauhan
 
EFS Facilities Services Group | Performance Management
EFS Facilities Services Group | Performance ManagementEFS Facilities Services Group | Performance Management
EFS Facilities Services Group | Performance Management
Tariq Chauhan
 
Supplier Relationship & Performance Management
Supplier Relationship & Performance ManagementSupplier Relationship & Performance Management
Supplier Relationship & Performance Management
Craig Thornton
 
Vendor Management Best Practices: Is Your Program Up to Par?
Vendor Management Best Practices: Is Your Program Up to Par?Vendor Management Best Practices: Is Your Program Up to Par?
Vendor Management Best Practices: Is Your Program Up to Par?
EDR
 
Vendor Selection Process
Vendor Selection ProcessVendor Selection Process
Vendor Selection Processgrinehart
 
The Enterprise Supply Chain View
The Enterprise Supply Chain ViewThe Enterprise Supply Chain View
The Enterprise Supply Chain View
ScottMadden, Inc.
 
The Enterprise Supply Chain View
The Enterprise Supply Chain ViewThe Enterprise Supply Chain View
The Enterprise Supply Chain View
ScottMadden, Inc.
 
Danforth Intl Presentation
Danforth Intl PresentationDanforth Intl Presentation
Danforth Intl Presentationkendan4th
 
Governance in Outsourcing Made Simple
Governance in Outsourcing Made SimpleGovernance in Outsourcing Made Simple
Governance in Outsourcing Made Simple
Rebecca Naughton
 
Improve Regulatory Compliance & Risk Management Using Best Practices
Improve Regulatory Compliance & Risk Management Using Best PracticesImprove Regulatory Compliance & Risk Management Using Best Practices
Improve Regulatory Compliance & Risk Management Using Best Practices
Lavante Inc.
 
Business procurement audit
Business procurement auditBusiness procurement audit
Business procurement audit
Business Services Support Limited
 

Similar to Vendor management using COBIT 5 (20)

How to implement a strategic IT vendor management program
How to implement a strategic IT vendor management programHow to implement a strategic IT vendor management program
How to implement a strategic IT vendor management program
 
Post Award Contract Management for IT Suppliers v1.0 20200701
Post Award Contract Management for IT Suppliers v1.0 20200701Post Award Contract Management for IT Suppliers v1.0 20200701
Post Award Contract Management for IT Suppliers v1.0 20200701
 
The Journey to World Class Presentation Contract Management - IACCM Sydney Co...
The Journey to World Class Presentation Contract Management - IACCM Sydney Co...The Journey to World Class Presentation Contract Management - IACCM Sydney Co...
The Journey to World Class Presentation Contract Management - IACCM Sydney Co...
 
Vendor selection
Vendor selectionVendor selection
Vendor selection
 
Outsource.ppt
Outsource.pptOutsource.ppt
Outsource.ppt
 
Procurement-Contract_Management_v2
Procurement-Contract_Management_v2Procurement-Contract_Management_v2
Procurement-Contract_Management_v2
 
The Enterprise Supply Chain View
The Enterprise Supply Chain ViewThe Enterprise Supply Chain View
The Enterprise Supply Chain View
 
The biggest problems caused by suppliers and how to prevent them
The biggest problems caused by suppliers and how to prevent themThe biggest problems caused by suppliers and how to prevent them
The biggest problems caused by suppliers and how to prevent them
 
Iso 20000 presentation
Iso 20000 presentationIso 20000 presentation
Iso 20000 presentation
 
EFS Facilities Services Group | Performance Management
EFS Facilities Services Group | Performance ManagementEFS Facilities Services Group | Performance Management
EFS Facilities Services Group | Performance Management
 
EFS Facilities Services Group | Performance Management
EFS Facilities Services Group | Performance ManagementEFS Facilities Services Group | Performance Management
EFS Facilities Services Group | Performance Management
 
Supplier Relationship & Performance Management
Supplier Relationship & Performance ManagementSupplier Relationship & Performance Management
Supplier Relationship & Performance Management
 
Vendor Management Best Practices: Is Your Program Up to Par?
Vendor Management Best Practices: Is Your Program Up to Par?Vendor Management Best Practices: Is Your Program Up to Par?
Vendor Management Best Practices: Is Your Program Up to Par?
 
Vendor Selection Process
Vendor Selection ProcessVendor Selection Process
Vendor Selection Process
 
The Enterprise Supply Chain View
The Enterprise Supply Chain ViewThe Enterprise Supply Chain View
The Enterprise Supply Chain View
 
The Enterprise Supply Chain View
The Enterprise Supply Chain ViewThe Enterprise Supply Chain View
The Enterprise Supply Chain View
 
Danforth Intl Presentation
Danforth Intl PresentationDanforth Intl Presentation
Danforth Intl Presentation
 
Governance in Outsourcing Made Simple
Governance in Outsourcing Made SimpleGovernance in Outsourcing Made Simple
Governance in Outsourcing Made Simple
 
Improve Regulatory Compliance & Risk Management Using Best Practices
Improve Regulatory Compliance & Risk Management Using Best PracticesImprove Regulatory Compliance & Risk Management Using Best Practices
Improve Regulatory Compliance & Risk Management Using Best Practices
 
Business procurement audit
Business procurement auditBusiness procurement audit
Business procurement audit
 

Recently uploaded

Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
Ramesh Iyer
 
DevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA ConnectDevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA Connect
Kari Kakkonen
 
Designing Great Products: The Power of Design and Leadership by Chief Designe...
Designing Great Products: The Power of Design and Leadership by Chief Designe...Designing Great Products: The Power of Design and Leadership by Chief Designe...
Designing Great Products: The Power of Design and Leadership by Chief Designe...
Product School
 
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdfFIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance
 
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Tobias Schneck
 
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
DanBrown980551
 
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Product School
 
Elevating Tactical DDD Patterns Through Object Calisthenics
Elevating Tactical DDD Patterns Through Object CalisthenicsElevating Tactical DDD Patterns Through Object Calisthenics
Elevating Tactical DDD Patterns Through Object Calisthenics
Dorra BARTAGUIZ
 
How world-class product teams are winning in the AI era by CEO and Founder, P...
How world-class product teams are winning in the AI era by CEO and Founder, P...How world-class product teams are winning in the AI era by CEO and Founder, P...
How world-class product teams are winning in the AI era by CEO and Founder, P...
Product School
 
UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4
DianaGray10
 
Leading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdfLeading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdf
OnBoard
 
Bits & Pixels using AI for Good.........
Bits & Pixels using AI for Good.........Bits & Pixels using AI for Good.........
Bits & Pixels using AI for Good.........
Alison B. Lowndes
 
Mission to Decommission: Importance of Decommissioning Products to Increase E...
Mission to Decommission: Importance of Decommissioning Products to Increase E...Mission to Decommission: Importance of Decommissioning Products to Increase E...
Mission to Decommission: Importance of Decommissioning Products to Increase E...
Product School
 
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdfFIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance
 
The Future of Platform Engineering
The Future of Platform EngineeringThe Future of Platform Engineering
The Future of Platform Engineering
Jemma Hussein Allen
 
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Jeffrey Haguewood
 
Assuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyesAssuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyes
ThousandEyes
 
Connector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a buttonConnector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a button
DianaGray10
 
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdfSmart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
91mobiles
 
Epistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI supportEpistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI support
Alan Dix
 

Recently uploaded (20)

Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
 
DevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA ConnectDevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA Connect
 
Designing Great Products: The Power of Design and Leadership by Chief Designe...
Designing Great Products: The Power of Design and Leadership by Chief Designe...Designing Great Products: The Power of Design and Leadership by Chief Designe...
Designing Great Products: The Power of Design and Leadership by Chief Designe...
 
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdfFIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
 
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
 
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
 
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
 
Elevating Tactical DDD Patterns Through Object Calisthenics
Elevating Tactical DDD Patterns Through Object CalisthenicsElevating Tactical DDD Patterns Through Object Calisthenics
Elevating Tactical DDD Patterns Through Object Calisthenics
 
How world-class product teams are winning in the AI era by CEO and Founder, P...
How world-class product teams are winning in the AI era by CEO and Founder, P...How world-class product teams are winning in the AI era by CEO and Founder, P...
How world-class product teams are winning in the AI era by CEO and Founder, P...
 
UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4
 
Leading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdfLeading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdf
 
Bits & Pixels using AI for Good.........
Bits & Pixels using AI for Good.........Bits & Pixels using AI for Good.........
Bits & Pixels using AI for Good.........
 
Mission to Decommission: Importance of Decommissioning Products to Increase E...
Mission to Decommission: Importance of Decommissioning Products to Increase E...Mission to Decommission: Importance of Decommissioning Products to Increase E...
Mission to Decommission: Importance of Decommissioning Products to Increase E...
 
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdfFIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
 
The Future of Platform Engineering
The Future of Platform EngineeringThe Future of Platform Engineering
The Future of Platform Engineering
 
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
 
Assuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyesAssuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyes
 
Connector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a buttonConnector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a button
 
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdfSmart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
 
Epistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI supportEpistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI support
 

Vendor management using COBIT 5

  • 3. New Guidance from ISACA Areas covered • IT • Process owners and stakeholders • Compliance and laws • Risk management • Audit • Contracts • Service monitoring
  • 4. Vendors • A vendor is a third party that supplies products or services to an enterprise. • Most enterprises seek external vendor support for assistance with operations for one of the following reasons: – Vendor expertise – Vendor capacity – Vendor assuming risk – Vendor leveraging scale
  • 5. Vendor Management • Vendor management is a strategic process that is dedicated to the sourcing and management of vendor relationships so that: – value creation is maximized and – risk to the enterprise is minimized
  • 6. Vendor Management Objectives Managing vendors has many benefits, including: • Data loss reduction • Decrease in audit findings • Cost optimization • Increased availability • Liability reduction • Increased end-user satisfaction • Value creation
  • 7. Vendors to include  Play a critical role in daily operations  Can have critical impact on the success of strategic projects  Require long-term contracts  Have potential significant financial implications  Are difficult to change overnight  Require frequent interaction and/or disputes  Access or manage substantial critical or sensitive data
  • 10. Contract Contracts accomplishes the following: • Form a common understanding of what needs to be achieved • Define all deliverables, relevant service levels and metrics • Define responsibilities and obligations • Define the terms and conditions • Specify how risk will be allocated between parties • Define legal counsel and jurisdiction stipulations
  • 11. SLAs • An SLA is an agreement, preferably documented, between a product or service provider and the enterprise that defines minimum performance targets for a deliverable and how they will be measured and reported. • The SLA enables customer and vendor accountabilities and expectations to be clearly understood. Performance can have the following implications: – Financial rewards (for exceeding targets) – Financial penalties (for underperformance)
  • 12. SLA Common Pitfalls • Focus on the wrong objectives • Simplistic metrics • Inappropriate terminology • Room for interpretation • Labor-intensive reporting requirements
  • 13. SLA Management Benefits • Better alignment with business objectives • Ability to manage services proactively • Greater transparency of service delivery • Lower service level management overhead • Better relationships between the enterprise and vendor
  • 16. Risk – 5 Threat Categories • T1 – Selection: Wrong vendor • T2 – Contract: Incomplete | Static • T3 – Requirements: Poorly defined • T4 – Governance: Inadequate vendor management • T5 – Strategy: Vendor lock-in
  • 17. Mitigation Strategy Threat COBIT 5 Guidance 1. Diversify sourcing strategy to avoid overreliance or vendor lock in T5 APO02 Manage strategy, APO10 Manage suppliers 2. Establish policies and procedures for vendor management T4, T5 APO11 Manage quality – Enablers: Principles, Policies and Frameworks; Information 3. Establish a vendor management governance model T4, T5 APO09 Manage service agreements, APO10 Manage suppliers – Enabler: Organisational Structures 4. Set up a vendor management organization within the enterprise (VMO) T4, T5 APO10 Manage suppliers -- Enablers: Organisational Structures; People, Skills and Competencies 5. Forecast requirements regarding the skills and competencies of the vendor employees T2 APO10 Manage suppliers – Enablers: People, Skills and Competencies 6. Use standard documents and templates T2 – Enabler: Information
  • 18. Mitigation Strategy Threat COBIT 5 Guidance 7. Formulate clear requirements T3, T5 BAI02 Manage requirements definition, BAI03 Manage solutions identification and build – Enabler: Information 8. Perform adequate vendor selection T1, T5 APO10 Manage suppliers, APO12 Manage risk – Enablers: People, Skills and Competencies 9. Cover all relevant life-cycle events during contract drafting T2 APO11 Manage quality, APO12 Manage risk – Enabler: Information 10. Determine the adequate security and controls needed during the relationship T4, T2 APO11 Manage quality; APO12 Manage risk, MEA01 Monitor, evaluate and assess performance and conformance – Enablers: Service, Infrastructure and Applications; Information
  • 19. Mitigation Strategy Threat COBIT 5 Guidance 11. Set up SLAs T2 APO09 Manage service agreements – Enabler: Information 12. Set up operating level agreements (OLAs) and underpinning contracts T2 APO09 Manage service agreements – Enabler: Information 13. Set up appropriate vendor performance/service level monitoring and reporting T2, T4 APO09 Manage service agreements, APO10 Manage suppliers, MEA01 Monitor, evaluate and assess performance and conformance – Enabler: Information 14. Establish a penalties and reward model with the vendor T2 APO09 Manage service agreements, APO10 Manage suppliers
  • 20. Mitigation Strategy Threat COBIT 5 Guidance 15. Conduct adequate vendor relationship management during the life cycle T4 APO08 Manage relationships, APO10 Manage suppliers – Enablers: Ethics, Culture and Behaviour 16. Review contracts and SLAs on a periodic basis T4, T5 APO09 Manage service agreements, MEA01 Monitor, evaluate and assess performance and conformance – Enabler: Information 17. Conduct vendor risk management T4, T5 APO10 Manage suppliers, APO12 Manage risk – Enabler: Organisational Structures
  • 21. Mitigation Strategy Threat COBIT 5 Guidance 18. Perform an evaluation of compliance with enterprise policies T4 APO10 Manage suppliers; MEA01 Monitor, evaluate and assess performance and conformance; MEA03 Monitor, evaluate and assess compliance with external requirements – Enablers: Principles, Policies and Frameworks; Information 19. Perform an evaluation of vendor internal controls T4 APO10 Manage suppliers; APO12 Manage risk; MEA01 Monitor, evaluate and assess performance and conformance – Enabler: Organisational Structures; Information
  • 22. Mitigation Strategy Threat COBIT 5 Guidance 20. Plan and manage the end of the relationship T2, T4, T5 APO09 Manage service agreements; APO10 Manage suppliers; APO12 Manage risk – Enabler: Services, Infrastructure and Applications; People, Skills and Competencies; Information 21. Use a vendor management system T1, T2, T3, T4 APO08 Manage relationships; APO09 Manage service agreements; APO11 Manage quality; APO12 Manage risk – Enabler: Services, Infrastructure and Applications 22. Create data and hardware disposal stipulations T2, T4 APO12 Manage risk – Enablers: Services, Infrastructure and Applications; Information; Principles, Policies and Frameworks
  • 23. Q&A