Post on 15-Apr-2017
Drive Your Business
The Top 9 Trends in Vendor Management
2 ©2015 WGroup. ThinkWGroup.com
Multi-vendor systems are becoming the
standard model for delivering outsourcing
services in today’s workplace. This approach
allows clients to leverage the best service
for a particular business environment.
However, multi-vendor delivery models also
require a client organization to integrate
multiple vendors with varying roles and
coordinate their activities in an effective
manner. Furthermore, many industries, such
as finance and healthcare, face increasingly
stringent regulations that place a burden on
the client to ensure regulatory compliance
over its vendors throughout its service
delivery chain. Clients also must maintain
oversight over their third-party relationships.
Vendor governance and management
are therefore becoming high priorities for
outsourcing clients. These areas have often
been overlooked in the past, but clients
now recognize that the lack of vendor
management is a key factor in reducing
the value of outsourcing. These clients
also should understand that third-party
oversight is essential for obtaining value
from relationships with service providers.
This white paper discusses the following
nine trends in vendor management and how
enterprises can take advantage of them:
• Standardization
• Vendor consolidation
• Robotic process automation
• Labor arbitrage
• Corporate culture
• Third-party governance
• Innovation
• Relationships
• Service levels
Introduction
3 ©2015 WGroup. ThinkWGroup.com
StandardizationThe standardization of outsourcing processes allows organizations to improve vendor
management and obtain an advantage in an increasingly competitive business environment.
In particular, standardization provides organizations that perform financial services
with greater confidence regarding regulatory reviews. Informal reviews by the Office of
the Comptroller of the Currency (OCC) are becoming more common, so it’s especially
important to implement standard processes and document them adequately. This
preparation can often cause the OCC to forgo a formal audit and look for other enterprises
that are at greater risk of regulatory noncompliance. Greater standardization also will
increase the demand for more automated tools for performing vendor management.
Vendor consolidationThe increased priority for oversight over third-party
vendors is causing clients to focus on audits as a means
of ensuring compliance readiness among vendors.
Small third-party firms, especially those with fewer than
50 employees, will be unwilling or unable to bear the
growing costs of regulatory compliance. These vendors
will therefore be acquired by larger service providers.
4 ©2015 WGroup. ThinkWGroup.com
Robotic Process Automation (RPA) is the
use of software known as virtual robots
to automatically manipulate existing
applications in a manner similar to that of
a person processing a transaction in an
application. RPA tools provide the potential to
significantly reduce operational costs, since
they’re able to perform routine functions at
a lower cost than human workers. RPA is
especially important to banking organizations,
since it directly addresses some of the
requirements for regulatory compliance.
The use of RPA tools to ensure compliance
will increase and provide enterprises with
a competitive advantage, due to their
ability to improve the speed, accuracy,
and auditability of outsourcing services.
Robotic process automation
Organizations that use RPA will also gain
a broader advantage in their ability to bring
vendor management and governance, risk
and compliance (GRC) solutions to market.
The requirement for regulatory compliance
is especially likely to benefit financial
services that use RPA. The financial crisis
of 2008 resulted in regulatory agencies
placing a greater responsibility for oversight
on client organizations. This change
generally means that a financial services
organization is ultimately responsible
for any breaches in the service delivery
chain, regardless of their cause.
The increase in regulatory pressures
caused financial institutions to increase
their oversight capabilities throughout the
lifecycle of the outsourcing process. The most
common areas of focus include improving
process definition and contract discipline.
Financial institutions also use RPA to develop
more robust compliance strategies.
5 ©2015 WGroup. ThinkWGroup.com
The primary advantage of an RPA solution over a human worker is that it performs a process the
same way every time. It also provides a detailed activity log for audit purposes, which is essential
for demonstrating compliance readiness. Another advantage of RPA tools is that they’re easy to
scale and can be reconfigured quickly to perform many functions, including data consolidation,
document review, and invoice reconciliation, without the need to train a human worker. RPA also
can define a process for making decisions about sourcing location by changing the premise of
labor arbitrage. These benefits of RPA make onshore sourcing more cost-effective, providing
clients that use offshore sourcing with a lower-risk option.
RPA solutions provide a wide range of capabilities
for monitoring and reporting software processes.
This versatility will cause some confusion as
vendor management solutions begin to merge with GRC
solutions. The primary difference between these solutions is
that vendor management focuses on increasing the supplier’s capability, while GRC focuses
on mitigating the risk of using that supplier. Organizations that are able to acquire both of
these capabilities will be in a better position to manage their supplier costs effectively.
Many RPA tools still lack maturity, although a lack of maturity in the processes
they’re designed to monitor is a more critical issue for most enterprises. The
urgency of improving process documentation will result in organizations adopting
the RPA tools that are available, rather than waiting for this market to mature.
An RPA solution will perform a process the same way – every time.
6 ©2015 WGroup. ThinkWGroup.com
Enterprises will focus on driving higher levels of performance to obtain the original business
case for outsourcing rather than looking for sources of low-cost labor. Research shows that
proper governance in a multi-vendor model can increase profitability by six times more than
similar improvements in governance over labor costs. Common steps for improving multi-
vendor governance include implementing a multi-vendor governance model, transforming the
complexity of that model into service value, and balancing accountability for multi-vendor model.
The trend in multisourcing will increase the skills and structures needed in all areas of
governance. Other trends also are increasing the need for governance, resulting in a
complex environment that erodes the value of the multi-vendor market and adversely affects
customer service. Simplification generally involves successfully leveraging the available
solutions, including developing the governance structure, defining sourcing strategies,
managing the transition to multiple vendors and facilitating contract reviews. Solid experience
in engaging IT suppliers also can help clients meet the multi-vendor challenge.
Executives are beginning to recognize the value of effective vendor management and are
changing their priorities accordingly. This shift in priorities reflects the maturation of the
outsourcing marketplace, which is changing the definition of a “company.” For example, today’s
enterprises typically externalize over 70 percent of the cost base. This increase in outsourcing
means that vendor management skills such as coordinating multiple vendors, managing
service deliveries, and overseeing contract obligations will have paramount importance.
Labor arbitrage
7 ©2015 WGroup. ThinkWGroup.com
The concept of effective governance will shift
from mere compliance to a cultural imperative.
This trend in vendor management means
that compliance will become embedded in an
organization’s daily operations, rather than the
responsibility of a specific department. Each
organization has a unique set of core products
that influence executive decisions, business
practices, and employee actions. This culture
consists of the tone that the organization’s
top executives set, as well as written policies.
The internalization of
effective governance
provides
additional
benefits beyond
operational alignment
and regulatory
compliance, including
increased business value and improved
relationships between clients and providers.
A strong corporate culture is necessary for
vendor-management practices that will protect
an organization’s reputation and bottom line.
It also guides employees towards responsible
behavior by ensuring that the organization
will support and approve of their actions.
An organization without a strong culture can
aggressively pursue earnings at any cost,
which can cause it to lose direction or enter a
new market without performing due diligence.
Corporate cultureFor example, employee character and
customer confidence are especially important
for financial institutions. The loss of these
qualities caused national economic problems
with consequences that go well beyond these
institutions themselves. The financial crisis
of 2008 provides a recent example of the
wide-reaching effects of poor governance
among financial institutions. This crisis was
due in large part to unsound lending practices
among financial institutions, especially large
banks. These
practices adversely
affected their own
customers, the
national economy,
and the institutions
themselves.
The improprieties that led to the 2008 crisis
included lapses in oversight over trading
activities, Bank Secrecy Act controls, and
outsourcing vendors. They also included a
range of abuses in mortgage foreclosures,
collectively known as robo-signing. These
improprieties cost the largest banks in
the United States billions of dollars in
fines and restitution. They also have
been the subject of many headlines and
congressional hearings. More importantly,
these practices have eroded the public’s
confidence, which is vital for banks.
The internalization of effective governance provides additional benefits beyond operational alignment and regulatory compliance.
8 ©2015 WGroup. ThinkWGroup.com
The federal government was able to avert further catastrophe by supporting the
economy with decisive action. Many of the large banks also had national charters that
provided them with the financial strength to absorb high-risk institutions. Nevertheless,
the 2008 crisis had a major adverse effect on the world economy and many financial
customers. The long-term effects of this crisis were still being felt as late as 2012.
The 2008 crisis resulted in the development of much stricter standards for major banks,
which are intended to prevent it from recurring. These standards include minimum
requirements for the design of a large financial institution’s risk governance framework
and its implementation. It also provides minimum standards for the oversight of this
framework, which must address the risks arising from organization’s activities. Common
sources of risk for a financial institution include capital, earnings and liquidity.
The new governance standards also define the responsibilities and roles of the departmental
units that design and implement the risk governance framework for a financial institution.
These lines of defense in risk governance include front-line business, internal audits
and independent risk management. The new standards also require organizations to
establish appropriate systems for controlling risk in business practices. For example,
financial institutions must provide risk statements that describe levels and types of risk
that they are willing to assume in the pursuit of their strategic objectives. These risks
must be consistent with regulatory requirements regarding capital and liquidity.
The latest guidelines for financial institutions also include standards for the boards of directors’
oversight over the design and implementation of the organization’s risk governance framework.
These directors must be engaged in the risks of the organization to ensure they manage those
risks appropriately. Furthermore, directors must have the authority to challenge managers when
necessary to maintain the sanctity of the organization’s federal charter. This level of authority
will help an organization to avoid becoming a mere booking agency for its holding company.
The OCC can require a bank to submit a compliance plan when it determines
that the bank has failed to meet a particular governance standard. This plan must
detail the actions that the bank will take to identify key deficiencies, along with a
projected timeline for those actions. The OCC can also issue an order enforcing
compliance if the bank fails to implement a plan approved by the OCC.
9 ©2015 WGroup. ThinkWGroup.com
Key metrics for financial institutions, such as earning strength or credit quality, are relatively
easy for regulators to measure. The strength of an organization’s culture is far more difficult to
assess, despite its strong influence on the actions and decisions within that organization. The
OCC has recently started to look to board members and senior management to set the tone for
creating a healthy culture that engages in proper practices, such as reasonable risk taking.
Supervisory agencies also fell short of expectations during the time leading up to the 2008
crisis, along with many financial institutions.
For example, the OCC is looking for ways
to improve its ability to regulate these
institutions. Major areas of concern include
recognizing problems more quickly and
taking decisive corrective action.
The OCC also is looking at other aspects
of how it does business in an effort to
improve its performance in the future.
One of the major steps towards this goal
was to invite a group of international
regulators to evaluate the OCC’s supervisory process. This step was difficult for OCC
staff members, since it involved a critical analysis by their peers. Nevertheless, senior
executives at OCC felt this peer review was essential for improving its corporate culture.
10 ©2015 WGroup. ThinkWGroup.com
The results of this peer review affected all aspects of OCC’s supervision over financial institutions,
including enterprise governance, organizational structure, and risk management. OCC’s vision
statement and strategic goals also were significantly impacted. OCC management reports that
the peer review was extremely helpful, despite the discomfort it caused staff members. OCC is
implementing recommendations from the peer review. The most important goal for OCC’s changes
in corporate culture is to set the same standards for itself that it sets for large financial institutions.
The OCC is crafting legislation to ensure that large organizations develop compensation
programs that balance financial rewards with risk. This legislation will prohibit excessive
compensation or compensation that exposes the organization to risks that could lead
to financial loss. It also will require compensation programs to comply with standards in
corporate governance. Multiple agencies are developing the proposed OCC legislation,
which could have prevented some of the practices that led to the 2008 crisis had it been
in place at that time. For example, it could have prevented the originate-to-distribute
model from becoming a means of ignoring risk instead of a means of managing risk.
Regulations only go so far in ensuring effective governance, since regulatory agencies can’t
write rules to cover every possible situation. Furthermore, internal controls are only as strong
as an organization’s culture since risk officers must receive support from an organization’s
senior executives. All organizations should strive to develop a healthy culture that reflects sound
governance principles. This goal is particularly important for large financial institutions, which
are capable of affecting so many people throughout the world. Inertia is typically the primary
challenge in developing a strong culture, making it especially difficult for large organizations.
11 ©2015 WGroup. ThinkWGroup.com
Third-party governanceThe need to develop a culture of awareness and commitment toward regulatory compliance will
lead to increased oversight over the governance of third parties. This trend will be especially
prevalent among organizations that provide financial services, where third-party oversight is likely
to become the responsibility of the organization’s board of directors. The ability of organizations
to respond to regulatory requirements will continue to be outpaced by the proliferation of those
regulations. For example, the OCC already tightly regulates financial institutions. However,
other agencies, such as the Consumer Financial Protection Bureau (CFPB), Federal Financial
Institutions Examination Council (FFIEC) and Federal Reserve Board (FRB) also are becoming
more involved in assessing
the regulatory compliance
of financial institutions.
The trend towards greater
third-party governance will lead
to a growing recognition that
enterprises must go beyond
merely providing lip service to
regulations. Early measures
in this process will typically
include the development of new
corporate policies and value
statements, which should lead to
the development of mandates for
enforcing the desired behavior.
Boards of directors must also take
responsibility for driving cultural
changes by promoting and supporting the actions of C-level executives. These measures
are essential eliminating the old ways of thinking about vendor management.
12 ©2015 WGroup. ThinkWGroup.com
InnovationInnovation in outsourcing includes concepts
such as continuous improvement and
leadership. These topics may be covered
thoroughly during negotiations, but often
fail to meet expectations after the contract
is signed. However, this traditional practice
has begun to change in recent years.
Service providers are now more willing
to look for innovative ways in which to
distinguish themselves from their competitors.
The widespread use of mature offshore
services means that labor costs are often
approximately equal among many providers.
This trend means that providers must find
other ways to reduce prices over time.
For example, providers are now investing in
processes and tools that improve delivery
and cost efficiencies. This strategy allows
providers to obtain future cost savings from
their outsourcing services. However, it also
motivates providers to prefer long-term
contracts, which have a greater probability
of realizing a profit from those savings.
Providers also are more likely to require
the freedom to change delivery locations.
Service providers are finding other ways
to be innovative, such as increasing the
use of innovation pools. This concept
consists of defining a governance process
for funding selected initiatives based on
a set of established priorities. The
client and service provider negotiate
the amount of funding that each party
will contribute toward the innovation
pool. The client is thus able to
indicate the innovative activities that
it considers to be most valuable, and
the provider is able to demonstrate
its commitment to those activities.
Service providers are looking for
ways to demonstrate the value of
their internal processes and tools,
which typically include tool kits for
development, testing, and productivity.
For example, a provider can use these
tools to improve service performance
in cases where they align with the
client’s objectives. The primary benefit
of these processes and tools is the
value they bring to the client, although
they also can improve the technical
capability and organization of the
provider’s business environment.
Service providers are looking for ways to demonstrate the value of their internal processes and tools.
13 ©2015 WGroup. ThinkWGroup.com
It’s vital for clients to evaluate the available evidence and assess the potential value of these
techniques against their potential risk. For example, new processes and tools should provide
some improvement in service delivery, pricing, or risk mitigation. They also must fulfill change-
management requirements, comply with federal regulations, and meet internal security policies.
Another recent innovation among service providers is the offering of rationalization services
as part of their managed IT services. These typically include infrastructure-rationalization or
applications-rationalization services, which providers have traditionally offered as a separate
consulting project. Infrastructure-rationalization services identify methods of streamlining the
management of IT assets, while application-rationalization services are intended to streamline
the application portfolio. The primary benefit of rationalization services is to reduce the cost of
IT maintenance and management costs. They also allow the provider to elevate a discussion on
services from price to value, while offering the client the opportunity to receive real benefit.
14 ©2015 WGroup. ThinkWGroup.com
A client that has already outsourced services has learned some important lessons in managing
outsourcing agreements. These lessons provide the opportunity to take corrective action in
the next relationship with a service provider. Experienced clients are more likely to understand
the importance of managing vendors and the outsourcing process. They also understand that
governance should go beyond simply managing the contract to include managing the relationship
with the service provider. Clients should therefore apply strong governance principles to all
products and services that it receives from vendors.
Clients with experience in outsourcing are generally improving
the processes and organization of their Vendor Management
Office (VMO). This trend includes a shift from using one service
provider to fulfill all sourcing requirements to multiple providers,
including insourced and outsourced services. This strategy
provides clients with greater outsourcing flexibility, but it also
requires a more effective VMO. The additional complexity of a
multi-vendor environment means that clients must manage their
providers more aggressively than in the single-source model.
A multi-vendor strategy therefore requires a client to invest in
its VMO to obtain long-term benefits from outsourcing. In particular, a strong VMO is essential
for the benefits of managing a multi-vendor environment to exceed those of managing a simple
“one-stop shop” sourcing model. Multi-vendor sourcing provides other benefits, including
maintaining a competitive pricing environment between the service providers. Furthermore, it
allows the client to select the vendor that is best able to fulfill a particular sourcing requirement.
Service providers are becoming more accustomed to the multi-vendor model and are
more likely to offer general contracting services, especially to their long-term clients.
Relationships
15 ©2015 WGroup. ThinkWGroup.com
These changes in client/provider relationships cause governance to move into other
areas outside its traditional role of contract management. Clients are using governance
to manage business outcomes, innovation initiatives, Conformance to Quality (CTQ),
Customer Satisfaction (CSAT), and Service Level Agreements (SLAs). This shift from
managing the contract to managing the relationship requires senior executives to
adopt a broader focus when thinking about governance. They also must become more
closely involved when either party becomes dissatisfied with the relationship.
This process generally requires adjusting the relationship between client and service
provider to ensure that both parties find increased value in doing business together. These
relationships must therefore become more flexible in future outsourcing agreements. Effective
governance requires a contract schedule to better document the expectations of both
parties. The contract schedule may be used to define the specific relationship desired.
16 ©2015 WGroup. ThinkWGroup.com
Service levelsThe outsourcing market traditionally focuses on a large number of metrics to determine
typical service levels. For example, the metrics for IT services commonly include application
availability, first-call resolution, and incident resolution. These metrics may be helpful
to IT executives, but they’re less important to business users. The large numbers of
service-level metrics that are reported on a monthly basis often have little value for their
readers. The process of translating these metrics into business terms has historically
presented a challenge to clients, who often rely on their VMO to perform this task.
Service providers have traditionally been adverse to measuring their performance beyond the
scope of the contract. However, they have recently started to realize that they can distinguish
themselves from their competition by achieving actionable measures
that fall outside the contractual scope. This trend should not imply that
providers will willingly agree to additional SLAs, especially those that
could be used to terminate for cause or place the providers’ own dollars
at risk. It does mean that providers are more likely to measure metrics
that are more focused on business than IT, even when they don’t own the
entire process. Common metrics of this type include number of defects in
production, number of invoices paid, and number of orders processed.
Service providers have several reasons for measuring metrics that
aren’t required by the contract. For example, providers in a multi-sourced environment can
gain insights into a competitor’s performance by accepting responsibility for the business
performance of their services. Providers also can build relationships with the client’s CFO,
CIO and other senior executives by showing the ID value of their services in terms those
executives can understand. Furthermore, the strategy of measuring business metrics can give
providers insight into the client’s business process, which may lead to new opportunities.
Providers have started implementing dashboards that measure real-time performance in an
effort to increase the transparency of service levels. This capability allows them to respond
to service deficiencies before they result in SLA penalties. The combination of reporting
business metrics and real-time performance can add significant value to a vendor’s services,
thus providing another way for them to separate themselves from the competition. For
example, a provider in a multi-vendor environment that can integrate reporting measures
into a single tool is more likely to be chosen as the client’s general contractor.
17 ©2015 WGroup. ThinkWGroup.com
SummaryThese trends in vendor management affect outsourcing contracts and the manner in which
these relationships are governed. A better understanding of these trends can help enterprises
to structure more beneficial contracts and develop more mature relationships with their service
providers. Vendor management is becoming increasingly important due to greater competitive
pressures, regulatory scrutiny, and multi-vendor delivery models. Effective governance over vendor
relationships is essential for compliance with regulatory standards. It’s also helpful for leveraging
outsourcing to obtain a competitive advantage and create value for long-term shareholders.
Leaders in outsourcing will be increasingly likely to view vendor management and governance as
a means of investing in a strategy that yields significant returns. These enterprises will recognize
the relationship between stock price and service levels, which will require a corporate culture with
greater accountability. Followers in outsourcing will continue to view vendor management as an
expense that provides minimal ROI. They also will react to problems that continuously arise as
the result of an inability to measure vendor performance and obtain stakeholder involvement.
Drive Your Business
Founded in 1995, WGroup is a boutique management consulting firm that provides Strategy,
Management and Execution Services to optimize business performance, minimize cost and create
value. Our consultants have years of experience both as industry executives and trusted advisors
to help clients think through complicated and pressing challenges to drive their business forward.
WGroup offers cloud strategy consulting and a full range of IT transformation
advisory services. Visit us at www.thinkwgroup.com or give us a call at
(610) 854-2700 to learn how we can help you with your cloud strategy.
301 Lindenwood Drive, Suite 301 Malvern, PA 19355
610-854-2700
ThinkWGroup.com