Vendor/ Supplier Management & Project Management
What should happen during the selection process for vendors?
-A vendor risk assessment needs to be completed and should be reviewed for potential impacts that the enterprise could experience (information security). - Potential risk related to the products or services should be evaluated and addressed by defining service level requirements and contingency procedures to mitigate possible vendor failure. - Enterprise rules and policies should be shared and compared with the selected vendor to create awareness about the internal control environment and requirements for compliance.
What are 8 components of a governance framework for vendor management?
-A well-defined contract, which includes a detailed list of services, roles and responsibilities plus specific Service Level Agreements or Key Performance Indicators. - Standard for quality, performance and acceptance of work-product. - A system of robust measures and reporting along with relevant incentives and penalties. -An escalation and problem-resolution program which may include customer complaint definition and handling. -A resource and capacity management plan including key resources to be assigned; skills/quantity of resources; and incentive/retention/hiring practices. -Self and independent assessments/ audits/ evidence to confirm controls are operating and procedures are being followed. -Documented and tested information management procedures including business continuity, records retention and privacy/information security. -Specifications for controls and governance in situations where a vendor may subcontract an affiliated or unaffiliated provider.
What are 5 risks to successful project management?
-Ambiguous direction -Focusing on deadlines but not cost -Focusing on project plan but forgetting the end goal -Not managing relationships -Not closing out
What happens during the initiating stage?
-Business case provides information required for the organization to decide if a project should proceed. -Project sponsor will gather information to support approval. -Approval is captured and the project is authorized to begin. -Project Charter
What are 3 Vendor Management Risks/Pitfalls?
-Contracting with vendors not within the organization's risk profile. - Ignoring red flags when evaluating vendors or not evaluating vendors equally. - Having a solid vendor assessment at the onset of the relationship, but failing to adequately monitor performance on a periodic basis.
What are the characteristic of a successful vendor management?
-Match the vendor management model to organizational needs -Establish the selection process -Ensure contract contains all relevant components and vendors are fully vetted up front -Perform regular measurement and data monitoring -Define the partnership for long-term success`
What should the closing report include?
-Notes on successful completion of each milestone. -Changes in the scope of work. -The differences between the budgeted resources and the actual resources needed. -The impact of the project - Lessons learned.
According to the 2013 Trustwave Global Security Report on 450 global data breach investigations, what was the % linked to a third party component of IT system administration?
63%
What is a common practice for performance reporting?
A common practice is to require a third-party assurance provider to conduct audits and prepare a report that can be used to gain insight into applicable vendor processes.
What is vendor management?
A strategic process that is dedicated to the sourcing and management of vendor relationships so that value creation is maximized and risk to the enterprise is minimized.
What is a project?
A temporary(defined beginning and end) endeavor undertaken to create a unique(not a routine operation) product, service or result.
What is a vendor?
A vendor is a third-party that supplies products or services to an enterprise.
What is Governance?
Articulates organizational structures and reporting lines for the day-to-day execution and management of vendor management activities.
What do we need a Vendor Management Strategy?
Because organization need to establish an effective vendor management process with goals and objectives that ensure the following: - Vendor Management Strategy is consistent with enterprise goals. - Effective Cooperation and governance models are in place. - Service, quality, cost and business goals are clear. - All parties perform as agreed. - Vendor risk is assessed and properly addressed. - Vendor relationships are working effectively, as measured according to service objectives.
What are the Roles and Responsibilities?
Communicates the specific roles and responsibilities of all stakeholders involved in the vendor management lifecycle.
What is Vendor Management Policy?
Defines the expectations and policy requirements of the framework.
What are the performance reporting?
Defines the reporting standards, tools and templates to be used to monitor a vendor's performance and ongoing viability, identifying emerging vendor-specific risks and enforce vendor management activities.
What is Process and Control?
Describes the activities through which the policies will be applied, defining process flows, accountabilities and activities to ensure that vendor management activities are conducted in a consistent manner. Identifies critical vendor management risks and controls for managing these risks.
Define Vendor Management.
Discipline that enables organizations to control costs, drive service excellence and mitigate risks to gain increased value from their vendors throughout the deal life cycle.
The Project Management Office play a pivotal role by?
Ensuring business objectives are successfully met.
What is Vendor Management Strategy?
Establish context, strategy, objectives and guiding principles which the framework is based.
Organizations need to establish an effective vendor management process with?
Goals & Objectives
Ineffective contract change management procedures during the contract life cycle does what?
Increase operational risk and financial risk.
Failure to define an adequate governance model between the enterprise and the vendor does what?
Increases operational and compliance risk.
What kind of rules and policies should be shared with vendor?
Information Security Policies Physical and Environmental Security Policy Access Control Policy List of applicable laws and regulations
Define the 5 groups project management processes fall under.
Initiating Planning Executive Monitoring & Controlling Closing
What does the Vendor Framework link?
Link strategies, policies, and processes.
A lack of governance during the contractual vendor relationship lifecycle can be considered as a what to proper vendor management?
Major Threat
What were some of the key weaknesses identified related to Target's HVAC contractor?
Make sure you know what access vendors have; Access should be restricted to the vendor's need and reviewed; Vendors need to secure their systems if they have access to your organization's system; Make sure vendors are throughly reviewed.
A vendor management policy can?
Mitigate much of the risk that comes along with the contracting of third parties.
Describe the Planning stage.
Most time intensive phase and identify deliverables.
Vendors Management Programs that focus on solely on what are likely to fail?
Optimization and Service-level agreements
Enterprises should focus on their vendor management efforts on third-party relationships that?
Play a vital role in the enterprise's daily operations. Have a critical impact on the success of the enterprise's strategic projects. Require long-term contracts. Have potential for significant financial implications. Are difficult to change overnight. Require frequent interaction and collaboration for disputes or have complex problem-resolution mechanisms. Access or manage substantial critical or sensitive data.
What happens in the executing phase?
Project Managers respond to changes in the business. The tasks listed in the plan are accomplished in the way they were conceived.
What is a Project Charter?
Project objectives, stakeholders, project plan, team responsibilities, etc.
What happens during monitoring and controlling phase?
Project scope changes, resource usage, and risk needs to be managed.
What does the Vendor Framework provide?
Provide structure, consistency, accountability and controls over vendor management activities.
What are the roles and responsibilities for vendors?
Purchasing/Procurement Legal Enterprise Risk Management Compliance/Audit IT Security Business Owner/Relationship Manager
What does the AICPA Service Organization Control 2 Report on?
Report on controls at a service organization relevant to security, availability, processing integrity, confidentiality or privacy.
What is a common way to control a project?
Status report
What are the 5 components of a project plan?
Tasks Sequence Priority Duration Resources
What varies based on the vendor relationship and the scope of services and products?
The Approach & Level of Effort
What is project management?
The application of knowledge, skills, tools, and techniques to project activities to meet the project requirements.
What is vendor capacity?
The enterprise does not have the resources to handle the work related to a specific product or service. The vendor can supply the resources to support the entire operation or to supplement in-house resources.
What is vendor expertise?
The enterprise needs expert knowledge or a broader perspective and experience with similar enterprises to effectively and efficiently handle certain activities.
What is vendor assuming risk?
The enterprise outsources activities to leverage a vendor's experience with operational risk and corresponding risk mitigation service.
What is Vendor Management Strategy?
The first step in implementing a robust vendor management process is to define and document a sourcing strategy that aligns with enterprise strategy.
What are the enabling technology?
The outlines the systems and infrastructures requires to enable vendor management processes, including reporting, that are complaint with the framework and policies.
Each type of relationship may require a different set of steps and documents, depending on?
The relationship and the enterprise strategy.
The Vendor Management Policy should translate?
The vendor management strategy into the organization's approach to vendor management practices.
What are the 4 reasons why enterprises seek external vendor support for assistance with operations?
Vendor Expertise Vendor Capacity Vendor Assuming Risk Vendor Leveraging Scale
What are the 7 Components of the Vendor Management Framework?
Vendor Management Strategy Vendor Management Policy Governance Process and Controls Roles and Responsibilities Performance Reporting Enabling Technology
What happens in Performance Reporting?
Vendor risk and performance should be monitored according to the criticality of the vendor.
What is vendor leveraging scale?
Vendors can offer services at a lower cost because working for multiple customers allows vendors to leverage scale.
How should projects be closed?
Writing a summary of the project, with good documentation.
Depending on the number of vendors, is it a good practice to implement an IT system to store critical information on vendors?
Yes