Outsourcing Business Processes ( without In-sourcing the Associated Risks) Gregg Anderson – Crowe...
-
Upload
tyrone-mclaughlin -
Category
Documents
-
view
226 -
download
0
Transcript of Outsourcing Business Processes ( without In-sourcing the Associated Risks) Gregg Anderson – Crowe...
![Page 1: Outsourcing Business Processes ( without In-sourcing the Associated Risks) Gregg Anderson – Crowe Horwath (risk manager) Doug Tripp – Crowe Dunlevy (outsourced.](https://reader036.fdocuments.us/reader036/viewer/2022062304/56649ea25503460f94ba6041/html5/thumbnails/1.jpg)
Outsourcing Business Processes (without In-sourcing the Associated Risks)
Gregg Anderson – Crowe Horwath (risk manager)Doug Tripp – Crowe Dunlevy (outsourced provider)Leslie Lamb – Cisco Systems, Inc (facilitator)
RMG 303April 2012
![Page 2: Outsourcing Business Processes ( without In-sourcing the Associated Risks) Gregg Anderson – Crowe Horwath (risk manager) Doug Tripp – Crowe Dunlevy (outsourced.](https://reader036.fdocuments.us/reader036/viewer/2022062304/56649ea25503460f94ba6041/html5/thumbnails/2.jpg)
The Scenario
• Sport Co is an industry leader in manufacturing sporting goods products and services
• Revenues are $1B annually• Headcount is 10,000 worldwide• Headquarters is in North Carolina• Major locations include North Carolina,
California, Bangalore and London
2
2
![Page 3: Outsourcing Business Processes ( without In-sourcing the Associated Risks) Gregg Anderson – Crowe Horwath (risk manager) Doug Tripp – Crowe Dunlevy (outsourced.](https://reader036.fdocuments.us/reader036/viewer/2022062304/56649ea25503460f94ba6041/html5/thumbnails/3.jpg)
The Challenge
3
3
![Page 4: Outsourcing Business Processes ( without In-sourcing the Associated Risks) Gregg Anderson – Crowe Horwath (risk manager) Doug Tripp – Crowe Dunlevy (outsourced.](https://reader036.fdocuments.us/reader036/viewer/2022062304/56649ea25503460f94ba6041/html5/thumbnails/4.jpg)
The COO’s Worst Nightmare
4
4
![Page 5: Outsourcing Business Processes ( without In-sourcing the Associated Risks) Gregg Anderson – Crowe Horwath (risk manager) Doug Tripp – Crowe Dunlevy (outsourced.](https://reader036.fdocuments.us/reader036/viewer/2022062304/56649ea25503460f94ba6041/html5/thumbnails/5.jpg)
The Solution
• Outsourcing – Information technology infrastructure
services, including data centers– Supply chain management–Customer care
5
5
![Page 6: Outsourcing Business Processes ( without In-sourcing the Associated Risks) Gregg Anderson – Crowe Horwath (risk manager) Doug Tripp – Crowe Dunlevy (outsourced.](https://reader036.fdocuments.us/reader036/viewer/2022062304/56649ea25503460f94ba6041/html5/thumbnails/6.jpg)
The Risk Manager
• Identify potential events that may affect the entity, and manage risk to be within its risk appetite, to provide reasonable assurance regarding the achievement of entity objectives.– Derived from COSO ERM Definition
• In other words – “Manage risk to achieve objectives.”
6
6
![Page 7: Outsourcing Business Processes ( without In-sourcing the Associated Risks) Gregg Anderson – Crowe Horwath (risk manager) Doug Tripp – Crowe Dunlevy (outsourced.](https://reader036.fdocuments.us/reader036/viewer/2022062304/56649ea25503460f94ba6041/html5/thumbnails/7.jpg)
Financial
Human Resources
Integrity
Market StrategicMarket• Macro Economics• Customer Economics• Financing• Competition• Consolidation
Financial• Foreign Exchange• Budget• Revenue Recognition• Financial Reporting• Access to Funding• Margin
Human Resources• HR Compliance• Attract, Develop &
Retain Talent• Employee Morale &
Culture
Strategic• Right Solutions• Business Model• Brand & Marketing• Growth• Acquisitions• Organizational Design
& Resources
Integrity• Regulatory
Compliance• Legal• Fraud• Data Security
Operations
Operations• Facilities• Business Disruption• Policies & Procedures• Decision Making• System Capabilities
• Authorization• Costs & Efficiencies• Customer Service• Contracting
• Training• Aging Workforce• Incentives &
Compensation
Our Enterprise Risks
7
7
![Page 8: Outsourcing Business Processes ( without In-sourcing the Associated Risks) Gregg Anderson – Crowe Horwath (risk manager) Doug Tripp – Crowe Dunlevy (outsourced.](https://reader036.fdocuments.us/reader036/viewer/2022062304/56649ea25503460f94ba6041/html5/thumbnails/8.jpg)
Financial
Human Resources
Integrity
Market StrategicMarket• Macro Economics• Customer Economics• Financing• Competition• Consolidation
Financial• Foreign Exchange• Budget• Revenue Recognition• Financial Reporting• Access to Funding• Margin
Human Resources• HR Compliance• Attract, Develop &
Retain Talent• Employee Morale &
Culture
Strategic• Right Solutions• Business Model• Brand & Marketing• Growth• Acquisitions• Organizational Design
& Resources
Integrity• Regulatory
Compliance• Legal• Fraud• Data Security
Operations
Operations• Facilities• Business Disruption• Policies & Procedures• Decision Making• System Capabilities
• Authorization• Costs & Efficiencies• Customer Service• Contracting
• Training• Aging Workforce• Incentives &
Compensation
Sample Risk UniverseTraditional Third Party Risks
8
8
![Page 9: Outsourcing Business Processes ( without In-sourcing the Associated Risks) Gregg Anderson – Crowe Horwath (risk manager) Doug Tripp – Crowe Dunlevy (outsourced.](https://reader036.fdocuments.us/reader036/viewer/2022062304/56649ea25503460f94ba6041/html5/thumbnails/9.jpg)
Financial
Human Resources
Integrity
Market StrategicMarket• Macro Economics• Customer Economics• Financing• Competition• Consolidation
Financial• Foreign Exchange• Budget• Revenue Recognition• Financial Reporting• Access to Funding• Margin
Human Resources• HR Compliance• Attract, Develop &
Retain Talent• Employee Morale &
Culture
Strategic• Right Solutions• Business Model• Brand & Marketing• Growth• Acquisitions• Organizational Design
& Resources
Integrity• Regulatory
Compliance• Legal• Fraud• Data Security
Operations
Operations• Facilities• Business Disruption• Policies & Procedures• Decision Making• System Capabilities
• Authorization• Costs & Efficiencies• Customer Service• Contracting
• Training• Aging Workforce• Incentives &
Compensation
Sample Risk UniverseExpanded Third Party Risks
9
9
![Page 10: Outsourcing Business Processes ( without In-sourcing the Associated Risks) Gregg Anderson – Crowe Horwath (risk manager) Doug Tripp – Crowe Dunlevy (outsourced.](https://reader036.fdocuments.us/reader036/viewer/2022062304/56649ea25503460f94ba6041/html5/thumbnails/10.jpg)
Understanding the Objectives
Primary Objective: Reduce Operating Cost
Secondary: Maintain Fixed Costs below a target % of Revenue
10
10
![Page 11: Outsourcing Business Processes ( without In-sourcing the Associated Risks) Gregg Anderson – Crowe Horwath (risk manager) Doug Tripp – Crowe Dunlevy (outsourced.](https://reader036.fdocuments.us/reader036/viewer/2022062304/56649ea25503460f94ba6041/html5/thumbnails/11.jpg)
Other Objectives of Outsourcing
• Improve Results – leverage the outsourcer’s expertise
• Re-focus on core competency – redirect management’s skills toward what made Sport Co. the industry leader
• Improve customer experience• Compliance
11
11
![Page 12: Outsourcing Business Processes ( without In-sourcing the Associated Risks) Gregg Anderson – Crowe Horwath (risk manager) Doug Tripp – Crowe Dunlevy (outsourced.](https://reader036.fdocuments.us/reader036/viewer/2022062304/56649ea25503460f94ba6041/html5/thumbnails/12.jpg)
Understanding the Objectives
Reduce Operating Costs
Outsource IT Infrastructure Reduce Spend
Outsource Supply Chain Management Improve Resiliency
Outsource Customer Care
Improve Performance
12
12
![Page 13: Outsourcing Business Processes ( without In-sourcing the Associated Risks) Gregg Anderson – Crowe Horwath (risk manager) Doug Tripp – Crowe Dunlevy (outsourced.](https://reader036.fdocuments.us/reader036/viewer/2022062304/56649ea25503460f94ba6041/html5/thumbnails/13.jpg)
Anticipating the Risks
Reduce Operating
Costs
Outsource IT Infrastructure Reduce Spend
Loss of Talent
Data Breach
Outsource Supply Chain Management
Improve Resiliency
Business Disruption
Outdated Systems
Outsource Customer Care
Improve Performance
Brand Deterioration
13
13
![Page 14: Outsourcing Business Processes ( without In-sourcing the Associated Risks) Gregg Anderson – Crowe Horwath (risk manager) Doug Tripp – Crowe Dunlevy (outsourced.](https://reader036.fdocuments.us/reader036/viewer/2022062304/56649ea25503460f94ba6041/html5/thumbnails/14.jpg)
Understanding the Risks•Operational – poor service, disruption in operations, loss of control, deterioration
•Financial – overruns, change requests, 3rd party charges, the outsourcer’s solvency
•Compliance and Security – data breach, disclosure of sensitive information / customer data / PII or PHI, compliance with laws
•Extraordinary Risks – armed conflict near service facility, tsunamis and earthquakes, major security breaches
•Brand Reputation – spans across all of the above
14
14
![Page 15: Outsourcing Business Processes ( without In-sourcing the Associated Risks) Gregg Anderson – Crowe Horwath (risk manager) Doug Tripp – Crowe Dunlevy (outsourced.](https://reader036.fdocuments.us/reader036/viewer/2022062304/56649ea25503460f94ba6041/html5/thumbnails/15.jpg)
Engaging the Outsource Provider(things to think about)
Super IT Consultancy - Outsourcing IT Infrastructure• Flow of information from SportCo to Super IT• Super IT’s storage facility: cloud or data center• Understanding the type of data stored: HR related, customer
info etc• Contractual issues • Super IT’s compliance with standards i.e. PCI• Super IT’s call center availability
15
15
![Page 16: Outsourcing Business Processes ( without In-sourcing the Associated Risks) Gregg Anderson – Crowe Horwath (risk manager) Doug Tripp – Crowe Dunlevy (outsourced.](https://reader036.fdocuments.us/reader036/viewer/2022062304/56649ea25503460f94ba6041/html5/thumbnails/16.jpg)
Engaging the Outsource Provider(things to think about)
Flexible Outsourcing International – Contract Manufacturer• Location, location, location
• what are the hazards?• International or US?
• Flexible’s Quality Control Program• Intellectual Property• Contractual issues • Flexible’s Business Continuity Program• Social Responsibility• Environmental Responsibility• Political Issues (terrorism, govt unrest, employee care)
16
16
![Page 17: Outsourcing Business Processes ( without In-sourcing the Associated Risks) Gregg Anderson – Crowe Horwath (risk manager) Doug Tripp – Crowe Dunlevy (outsourced.](https://reader036.fdocuments.us/reader036/viewer/2022062304/56649ea25503460f94ba6041/html5/thumbnails/17.jpg)
Engaging the Outsource Provider(things to think about)
Accentumetrics Technical Responders – Outsourcing Customer Care
• Location and language• Hours of operation• Training programs• Brand reputation• Intellectual Property• Contractual issues• Social Responsibility• Political Issues (terrorism, govt unrest, employee care)
17
17
![Page 18: Outsourcing Business Processes ( without In-sourcing the Associated Risks) Gregg Anderson – Crowe Horwath (risk manager) Doug Tripp – Crowe Dunlevy (outsourced.](https://reader036.fdocuments.us/reader036/viewer/2022062304/56649ea25503460f94ba6041/html5/thumbnails/18.jpg)
Managing the Risks via the Contract
• Robust Governance Provisions• Comprehensive Audit Rights• Contractual Requirements– Continuity of Key Personnel– Compliance with Laws– Mandatory Technology Refresh / Release Versions– Key Performance Metrics with Meaningful
Remedies
18
18