How do I incorporate Business Continuity Management into Vendor Management?

normaldeerΔιαχείριση

20 Νοε 2013 (πριν από 3 χρόνια και 9 μήνες)

211 εμφανίσεις

How do I incorporate Business Continuity
Management into Vendor Management?


Resiliency DC


April 19, 2011

Margaret J. Millett, MBCP, MBCI

eBay, Inc.
-

Director of Global Continuity
Services

mmillett@ebay.com

eBay Inc. confidential

2

Agenda


What is Vendor Management


Top 10 Risks for 2010


Risk in Vendor Management


Vendor Management Models


Vendor Management Assessments


eBay Inc. confidential

3

What is Vendor Management


Vendor management is a working
relationship between your company and
your vendors. The goal is to have a
relationship which allows both companies to
gain from the relationship.

eBay Inc. confidential

4

Top 10 Risks for 2010

http://www.cfo.com/article.cfm/14467748

1. Strategic change management.

The upheaval of
the past year and the desire to seize opportunities
during the recovery will make for a lot of changes,
including mergers, acquisitions, and divestitures.
These shifts leave a lot of room for controls to fall
through the cracks and can create new liabilities.

2. Capacity.

Faced with uncertain demand,
companies risk both over
-

and understaffing. Timing
capital expenditures, such as new facilities or
equipment, will also pose a challenge
.

eBay Inc. confidential

5

Top 10 Risks for 2010

3. Incentive plans.

Compensation is under extreme
scrutiny in the wake of the recession and could
pose a risk for public companies.

4. Human resources.

Layoffs have left many
companies with skill gaps and possible holes in their
compliance structures.

5. Fraud.

Widely thought to pick up (or be revealed)
in down times, fraud can be easier to commit at
companies that are short
-
staffed and under
pressure, which would describe most businesses
today.


eBay Inc. confidential

6

Top 10 Risks for 2010

6. Innovation/R&D.

Companies that have cut back in
this area during the downturn risk falling behind their
competitors.

7. Third
-
party relationships.

The collapse of Lehman
Brothers opened CFOs' eyes to just how careful and
far
-
reaching they need to be in evaluating third
parties.

8. Shared services.

Under pressure to cut costs,
finance executives are exploring new locations for
their back
-
office functions. These changes can
affect companies' control structures and processes.


eBay Inc. confidential

7

Top 10 Risks for 2010

9. Inflation/Deflation.

Currency risk remains an open
question for 2010.

10. Tax management.

Recession
-
scarred states are
looking to raise funds through new taxes and stricter
enforcement of existing tax laws.


eBay Inc. confidential

8

Risk in Vendor Management


Lack of end to end process and tools which impair
deployment of effective risk management


Diverse and uncoordinated efforts to address gaps
in overall program management (for example, Info
Security, Business Impact Analysis, Insurance, and
Contingency Planning)


Unclear end to end ownership and exposure
tolerance for key vendors


Lack of guidance on materiality criteria for vendors
at business unit or company level


eBay Inc. confidential

9

Executive Management


Risk Mitigation Strategy


Controls
-

evaluate the effectiveness of controls
that ensure vendor service levels are being
measured, monitored and reported to
management and the vendor.


Risk specific mitigations


receive
recommendations on risk mitigation actions.


Efficiency Gains


What, if any, significant
opportunities are there for improving efficiency?


eBay Inc. confidential

10

Executive Management


What organizational structure is best suited to
address the risk?


Centralized


Business unit


Hybrid


eBay Inc. confidential

11

Recommendations:

Centralized model

Global

Procurement

Supplier
Relationship
Manager

Supplier
Relationship
Manager

Category

Manager

BU

BU

BU

BU

Supplier

Supplier

Category

Buyer

eBay Inc. confidential

12

Centralized model

Pros


High degree of standardization


Streamlines communication and decision making

Cons


Difficult to build and maintain internal business
partner buy
-
in


Risk of disconnect with needs of the business


eBay Inc. confidential

13

Center
-
led model

Global Procurement

Supply Relationship Manager (SRM) Office

BU

Supplier
Relationship
Manager

Supplier

BU

Supplier
Relationship
Manager

Supplier

BU

Supplier

BU

Cross
-
BU SRM team

eBay Inc. confidential

14

Center
-
led model

Pros


Supports alignment of Supplier Relationship
Manager Office with needs of business


Balances standardization and sharing best
practices with high stakeholder engagement

Cons


Creates governance complexity and requires a
high degree of effectiveness in cross
-
business unit
collaboration


eBay Inc. confidential

15

Decentralized model


Global Procurement

BU

Supplier
Relationship
Manager

Supplier

BU

Supplier
Relationship
Manager

Supplier

BU

Supplier
Relationship
Manager

BU

Supplier
Relationship
Manager

Supplier

eBay Inc. confidential

16

Decentralized model

Pros


Supports alignment of Supply Relationship Manager with
needs of the business unit

Cons


Effectiveness of collaboration with suppliers is variable


Undermines alignment between sourcing and
management of post
-
award interactions with suppliers


Relationships with cross
-
business unit suppliers
significantly sub
-
optimized


eBay Inc. confidential

17

New Vendor Profile/Assessment

Executive Summary


Basic information on the relationship between the
company and the Vendor profiled.

Sponsor Compliance Statement


Detail gathered and authenticated by the Sponsor,
leading to compliance sign
-
off of all interested
parties at your company


eBay Inc. confidential

18

New Vendor Profile/Assessment

Legal Compliance Statement


Detail provided for and authenticated by the
Sponsor and the Corporate Legal representative,
leading to compliance sign
-
off of all interested
parties at your company.

Vendor Compliance Statement


Detail provided directly by the Vendor and
authenticated by the Sponsor, leading to
compliance sign
-
off of all interested parties at your
company.


eBay Inc. confidential

19

Vendor Profile/Assessment


Executive Summary


Relationship sponsor


Relationship summary


Current state


Dependencies


Future considerations


Alternatives


Expenditure history


eBay Inc. confidential

20

Vendor Profile/Assessment


Sponsor Compliance Statement


Product/service information


Responsible Parties


Company operations and controls


Service level agreement management


Fee management


Reports


User groups/influential parties


eBay Inc. confidential

21

Vendor Profile/Assessment


Legal compliance statement


General information


Service contract provisions


Service levels


eBay Inc. confidential

22

New Vendor Profile/Assessment


Vendor compliance information


Administrative


Responsible parties


Experience summary


Published documents


Governance summary


Operations and controls (includes a Business
Continuity sub
-
section)


eBay Inc. confidential

23

New Vendor Profile/Assessment


Functional area review statements


Overview


Compliance


Information Security


Business Continuity


Internal Audit


Risk Management


eBay Inc. confidential

24

New Vendor Profile/Assessment


Functional area review statements


Legal


Vendor Management


Corporate Sponsor


All areas listed should consider:

Process overview

Issues, concerns and strengths identified

Exceptions


eBay Inc. confidential

25

Existing Vendor Profile/Assessment


Vendor compliance information


Administrative


Responsible parties


Experience summary


Published documents


Governance summary


Vendor Operations and Controls


eBay Inc. confidential

26

Monthly Vendor Profile/Assessment


Completed by Vendor Relationship Owner


Performance / service levels


Operational disruptions


Breach notification


Monitoring and testing


eBay Inc. confidential

27

Reminder on why organizations need Vendor
Management


Global increase in outsourcing


Risk is unavoidable and is present in all parts of a
company


High
-
level officers must know they are responsible
for risk management


eBay Inc. confidential

28

Thank you for attending the session. I hope everyone
learns a lot at the
Resiliency DC event
.


Margaret Millett

mmillett@ebay.com