180 likes | 351 Views
Outsourcing Business Processes ( without In-sourcing the Associated Risks). Gregg Anderson – Crowe Horwath (risk manager) Doug Tripp – Crowe Dunlevy (outsourced provider) Leslie Lamb – Cisco Systems, Inc (facilitator) RMG 303 April 2012. The Scenario.
E N D
Outsourcing Business Processes (without In-sourcing the Associated Risks) Gregg Anderson – Crowe Horwath (risk manager) Doug Tripp – Crowe Dunlevy (outsourced provider) Leslie Lamb – Cisco Systems, Inc (facilitator) RMG 303 April 2012
The Scenario • Sport Co is an industry leader in manufacturing sporting goods products and services • Revenues are $1B annually • Headcount is 10,000 worldwide • Headquarters is in North Carolina • Major locations include North Carolina, California, Bangalore and London 2
The Solution • Outsourcing • Information technology infrastructure services, including data centers • Supply chain management • Customer care 5
The Risk Manager • Identify potential events that may affect the entity, and manage risk to be within its risk appetite, to provide reasonable assurance regarding the achievement of entity objectives. • Derived from COSOERM Definition • In other words – “Manage risk to achieve objectives.” 6
Our Enterprise Risks • Market • Macro Economics • Customer Economics • Financing • Competition • Consolidation • Financial • Foreign Exchange • Budget • Revenue Recognition • Financial Reporting • Access to Funding • Margin • Human Resources • HR Compliance • Attract, Develop & Retain Talent • Employee Morale & Culture Market Strategic • Strategic • Right Solutions • Business Model • Brand & Marketing • Growth • Acquisitions • Organizational Design & Resources • Integrity • Regulatory Compliance • Legal • Fraud • Data Security Financial Integrity Human Resources Operations • Training • Aging Workforce • Incentives & Compensation • Operations • Facilities • Business Disruption • Policies & Procedures • Decision Making • System Capabilities • Authorization • Costs & Efficiencies • Customer Service • Contracting 7
Sample Risk UniverseTraditional Third Party Risks • Market • Macro Economics • Customer Economics • Financing • Competition • Consolidation • Financial • Foreign Exchange • Budget • Revenue Recognition • Financial Reporting • Access to Funding • Margin • Human Resources • HR Compliance • Attract, Develop & Retain Talent • Employee Morale & Culture Market Strategic • Strategic • Right Solutions • Business Model • Brand & Marketing • Growth • Acquisitions • Organizational Design & Resources • Integrity • Regulatory Compliance • Legal • Fraud • Data Security Financial Integrity Human Resources Operations • Training • Aging Workforce • Incentives & Compensation • Operations • Facilities • Business Disruption • Policies & Procedures • Decision Making • System Capabilities • Authorization • Costs & Efficiencies • Customer Service • Contracting 8
Sample Risk UniverseExpanded Third Party Risks • Market • Macro Economics • Customer Economics • Financing • Competition • Consolidation • Financial • Foreign Exchange • Budget • Revenue Recognition • Financial Reporting • Access to Funding • Margin • Human Resources • HR Compliance • Attract, Develop & Retain Talent • Employee Morale & Culture Market Strategic • Strategic • Right Solutions • Business Model • Brand & Marketing • Growth • Acquisitions • Organizational Design & Resources • Integrity • Regulatory Compliance • Legal • Fraud • Data Security Financial Integrity Human Resources Operations • Training • Aging Workforce • Incentives & Compensation • Operations • Facilities • Business Disruption • Policies & Procedures • Decision Making • System Capabilities • Authorization • Costs & Efficiencies • Customer Service • Contracting 9
Understanding the Objectives Primary Objective: Reduce Operating Cost Secondary: Maintain Fixed Costs below a target % of Revenue 10
Other Objectives of Outsourcing • Improve Results – leverage the outsourcer’s expertise • Re-focus on core competency – redirect management’s skills toward what made Sport Co. the industry leader • Improve customer experience • Compliance 11
Understanding the Risks • Operational– poor service, disruption in operations, loss of control, deterioration • Financial – overruns, change requests, 3rd party charges, the outsourcer’s solvency • Compliance and Security– data breach, disclosure of sensitive information / customer data / PII or PHI, compliance with laws • Extraordinary Risks– armed conflict near service facility, tsunamis and earthquakes, major security breaches • Brand Reputation – spans across all of the above 14
Engaging the Outsource Provider(things to think about) Super IT Consultancy - Outsourcing IT Infrastructure • Flow of information from SportCo to Super IT • Super IT’s storage facility: cloud or data center • Understanding the type of data stored: HR related, customer info etc • Contractual issues • Super IT’s compliance with standards i.e. PCI • Super IT’s call center availability 15
Engaging the Outsource Provider(things to think about) Flexible Outsourcing International – Contract Manufacturer • Location, location, location • what are the hazards? • International or US? • Flexible’s Quality Control Program • Intellectual Property • Contractual issues • Flexible’s Business Continuity Program • Social Responsibility • Environmental Responsibility • Political Issues (terrorism, govt unrest, employee care) 16
Engaging the Outsource Provider(things to think about) Accentumetrics Technical Responders – Outsourcing Customer Care • Location and language • Hours of operation • Training programs • Brand reputation • Intellectual Property • Contractual issues • Social Responsibility • Political Issues (terrorism, govt unrest, employee care) 17
Managing the Risks via the Contract • Robust Governance Provisions • Comprehensive Audit Rights • Contractual Requirements • Continuity of Key Personnel • Compliance with Laws • Mandatory Technology Refresh / Release Versions • Key Performance Metrics with Meaningful Remedies 18