The Three Components Of An Effective Third Party Oversight Program

THE 3 COMPONENTS OF AN EFFECTIVE THIRD PARTY OVERSIGHT PROGRAM

Christine Ferrusi Ross, Partner & SVP, Neo Group January 29, 2015

2 2

© 2015 Neo Group Inc. Proprietary

•  Globalization Strategy •  Location Strategy •  Health Checks •  Renegotiations •  Governance

"   Since 1999, we have been helping clients achieve business objectives and address business challenges by leveraging global services and sourcing.

"   We have a singular focus on the global services supply chain.

"   We achieve outcomes through deep IP, real-time analytics, globally recognized experts, proven methodologies and co-creation with our clients.

NEO GROUP OVERVIEW

We deliver results through three distinct and linked solutions and services:

ADVISORY SERVICES GOVERNANCE SOLUTIONS

•  Design •  Run and Support •  Ongoing Resource, Contract

and Performance Management Services

SUPPLY MONITORING & ANALYTICS

•  Data, Analytics & Guidance on Countries, Cities & Suppliers

•  Real-Time Event Alerts •  Subscription-Based Monitoring

3 3


TODAY’S PRESENTER

Christine Ferrusi Ross Christine is a senior vice president at Neo Group. She’s passionate about helping clients solve complex global risk, sourcing, and supplier issues to achieve better business results. Christine has helped some of the largest companies in the world operationalize their supplier risk efforts, and she’s a recognized expert in the space. She’s been quoted in the Wall Street Journal, on CNBC, and other national media regarding supplier risk, outsourcing, and globalization.


4 4 WHY FOCUS ON SUPPLIER RISK? "   Expanding Global Sourcing Footprint = Increasing Risk

•  Increasingly, regulators and boards seek evidence of supply risk monitoring.

"   Higher Exposure, if your Firm •  Operates in a Regulated industry such as Financial Services or Pharma.

o  Fines to $100MM+ for service supply issues •  Has a large or increasing globally sourced portfolio, whether in-house or with partner. •  Globally sources critical functions from multiple countries, cities and locations.

"   Impact on Operations Can Be Drastic •  Low cost global sourcing locations face economic, political and social upheaval. •  Providers may propose/adopt alternate strategies that can impact quality. •  Attrition can skyrocket in a growing economy and strip you of your best resources.

"   Monitoring Provides the Opportunity to Take Pro-Active Measures •  Active governance often leads to pro-active actions. •  Informs negotiations, re-negotiations and company owned location strategies. •  Enables you to leverage emerging trends, tax and SEZ changes/situations, visa reforms, etc.


5 5 A QUICK VIEW: RISK MANAGEMENT PROCESS

What risks ma+er?

Assign responsibility for tracking and taking ac9on on the risks

Decide the risk indicators (with specifics like percentages, not

“declining”)

Create an ac9on plan for what to do for each

risk as it happens Track risk data

Take ac9on as pre-‐determined

Feedback loop, including process

changes and supplier/contract changes


6 6

Ø Define supplier-related risks

Ø Monitor your suppliers and their geographic locations

Ø Build an actionable risk management program

Ø Use third party oversight to take advantage of new business opportunities

AGENDA


7 7 BEFORE WE START: YOU HAVE LIMITED RESOURCES

Supplier risk management is like pulling a loose thread…

Throughout the presentation, think about two pieces: 1)  the process and action steps 2)  your key suppliers and locations


8 8

•  What are you really worried about? –  That the supplier can’t deliver what was promised

to you? –  That the supplier does something (or doesn’t do

something) that causes you to be noncompliant with legal or regulatory requirements?

–  That the supplier does something that reflects badly on you and harms your brand?

–  That I won’t get a good deal in my next negotiation with my supplier

DEFINE SUPPLIER-RELATED RISKS


9 9 QUICK POLL

What is your primary reason to monitor and manage risks in your services supply chain?


10 10 POLL RESULTS

QUICKPOLL

What is your primary reason to monitor and manage risks in your services supply chain? Poll Results:

Ensure compliance 61%

Avoid service disruptions 28%

Protect my brand 21%

Inform contract renegotiations 0%


11 11

•  Risks are chances that you could be harmed

•  Trigger events are occurrences that cause a risk to happen

•  Defining risks means going back to what you’re really worried about (the risk that your supplier suddenly can’t deliver on its commitments, for example)

•  But to be effective, you need a definition of each risk type, what events could cause that risk to increase (or decrease)

DEFINING RISKS


12 12

Supplier Category Descrip2on and Tracked Metrics

Financial Risk Key investment, ra9os balance sheet, liquidity, profitability, and revenue/revenue diversity metrics

Services Risk Key talent pool size, quality cer9fica9ons (e.g., CMMI, ISO 9001), specialized cer9fica9ons, opera9ng model, services & ver9cal lines, and geographic metrics

Governance Risk Organiza9onal (strength of corporate governance, changes in organiza9onal structure, etc.), func9onal, and opera9onal levels

People Risk A+ri9on (overall a+ri9on for the quarter), new hires, produc9vity, u9liza9on, and employee development & training measures

Infrastructure Risk Security policies (physical security, informa9on security, data theX/fraud), measures of delivery center networks, opening of new delivery centers and risks associated with them, up9me policy/performance, and expansion plans

Clients Risk Client porZolio measures, including acquisi9on, reten9on/flight, concentra9on, and sa9sfac9on

Partner/Ecosystem/Alliances Risk

Key partners and addi9ons across enterprises, new alliances/partnerships during the relevant 9me period, ver9cal and horizontal solu9ons

Thought Leadership Innova9on, published papers, event and topic leadership, patent informa9on, and key CSR metrics

SAMPLE RISK CATEGORIES


13 13 SUPPLIER RISK REQUIRES LOCATION CONTEXT

"   Expanding Global Sourcing Footprint = Increasing Risk •  Increasingly, regulators and boards seek evidence of supply risk monitoring.

"   Higher Exposure, if your Firm •  Operates in a Regulated industry such as Financial Services or Pharma.

o  Fines to $100MM+ for service supply issues

•  Has a large or increasing globally sourced portfolio, whether in-house or with partner. •  Globally sources critical functions from multiple countries, cities and locations.

"   Impact on Operations Can Be Drastic •  Low cost global sourcing locations face economic, political and social upheaval. •  Providers may propose/adopt alternate strategies that can impact quality. •  Attrition can skyrocket in a growing economy and strip you of your best resources.

"   Monitoring Provides the Opportunity to Take Pro-Active Measures •  Active governance often leads to pro-active actions. •  Informs negotiations, re-negotiations and company owned location strategies. •  Enables you to leverage emerging trends, tax and SEZ changes/situations, visa reforms, etc.


14 14 SAMPLE RISK CATEGORIES FOR GEOGRAPHIES Loca2on Category

Descrip2on and Tracked Metrics Macro-‐Economic Risk

Key macro-‐economic indicators, including infla9on, foreign direct investment, credit risk, currency risk, and market fluctua9ons

Financial Risk Key labor cost metrics for ITO, BPO, KPO; opera9onal costs, and taxa9on factors

Geo-‐Poli9cal Risk Poli9cal risk and stability, social and security risk (e.g. terrorism, prevalence of travel advisory/warnings, and natural disaster risks)

Infrastructure Risk Government support and incen9ves to source (including forward availability), power and u9li9es, transport and facili9es, technological readiness (adop9on of exis9ng technologies by an economy), and quality of connec9vity metrics

Business Risk Ease of business (permits, start up costs, etc.), regulatory and statutory requirements, business sophis9ca9on (quality of business networks and individual firm’s opera9ons), and trade and logis9cs

Legal Risk Legal and regulatory policies and acts, cyber crime, ITO and BPO industry trade union ac9vity, and key in-‐market labor and workday laws

Scalability Risk Size and growth characteris9cs for ITO and BPO, provider and process maturity, worker popula9on spreads, a+ri9on/hiring measures, and languages

Quality of Life Risk Expat quality of life measures and business support and ameni9es


15 15 A RISK MODEL HELPS PULL IT ALL TOGETHER

Supply WisdomSM Real-Time Risk Model RISK

RATING NEGLIGIBLE LOW MODERATE HIGH EXTREME

SUPPLIER RISKS

FINANCIAL CLIENTS PEOPLE ALLIANCES

SERVICE CAPABILITY GOVERNANCE INFRASTRUCTURE THOUGHT

LEADERSHIP

CITY RISKS

MACRO-ECONOMIC FINANCIAL BUSINESS INFRASTRUCTURE

GEO-POLITICAL LEGAL SCALABILITY QUALITY OF LIFE

COUNTRY RISKS

MACRO-ECONOMIC FINANCIAL BUSINESS INFRASTRUCTURE

GEO-POLITICAL LEGAL SCALABILITY QUALITY OF LIFE

2 4 6 8 10


16 16

•  Yes, you need to update your definitions and trigger events regularly, but it’s not a real-time, constant activity

•  But the real heavy lifting comes in continuously monitoring all potential trigger events

•  To monitor data you can use software, you can hire internal analysts to find relevant data and make decisions on how important that event is to a risk, or ask consultants to do regular assessments, etc.

•  Each new event gets incorporated into the risk tracking and if necessary, changes the supplier’s or location’s risk score

MONITOR CONTINUOUSLY


17 17 SAMPLE TRIGGER EVENTS

•  Changes in Investor Holdings

•  Changes in Board

•  Changes in Senior Management •  Financial Liquidity

•  Revenue & Profitability Issues •  Employee Attrition

•  Client Losses / Attrition

•  Legal Actions •  Significant Awards

•  Significant Partnerships •  IP Filings

•  Company-Specific Job Actions

•  Credit Ratings / Downgrades

•  Changes in Budget

•  Stock Market Volatility •  Tax Changes

•  New Special Economic Zones •  Cyber Legislation

•  Visa Changes

•  Power Imbalances •  Geopolitical Events

•  Labor Union Formation & Strikes •  Key Policy Changes

•  New Center formation

SUPPLIERS GEOGRAPHIES


18 18

•  The natural reaction is to try to reduce risk to zero. That’s unrealistic

•  Several standards, including ISO, include risk management

•  The most common ways to address a risk include: –  Avoid the risk completely (example: decide not to hire a supplier) –  Reduce the risk (example: put better governance in place to avoid

operational risk) –  Accept the risk (example: decide to renew a supplier contract) –  Increase the risk (example: expand scope with a supplier to increase

value received)

ACTION PLAN: HOW TO ADDRESS RISKS


19 19

•  With your assessment of risks and the trigger events, decide what you will do if you see a risk rising

•  This means you need a clear set of “if/then” statements that you make beforehand so you don’t need to panic when something happens

•  Tactical examples can include: –  “If our supplier has two quarters of rising financial risk, we’ll ask for a specific

meeting to understand the supplier’s plans to ensure our engagement isn’t going to be at risk because of cost cuts, etc.”

–  If our supplier begins to lose customers in our industry, we’ll call and ask about redeploying newly available resources to our account”

BUILD AN ACTIONABLE RISK PLAN


20 20

•  What risks are you willing to accept?

•  Supplier risk tolerance needs to match the company’s overall risk appetite

•  Generally, risk tolerance decreases when scope, spend, and data access increase

•  Risk tolerance can be intentionally raised by improving internal governance, transparency, and oversight

TREATMENTS DEPEND ON TOLERANCE


21 21 SAMPLE RISK ASSESSMENT


22 22

•  Risk management isn’t just about insurance

•  Having an action plan gives you power to move forward with confidence

•  Clear risk management and action plans help you build confidence with internal and external constituents – no getting caught off guard by “surprise” supplier events

USE RISK MANAGEMENT TO GAIN ADVANTAGE


23 23 QUESTIONS


24 24 THANK YOU NEO GROUP GLOBAL HEADQUARTERS 6200 Stoneridge Mall Road, 3rd Floor Pleasanton, CA 94588, USA www.neogroup.com ASIA-PACIFIC HEADQUARTERS No. 36, 3rd Floor Prestige Garnet, Ulsoor Road Bangalore 560 042, India AMSTERDAM, NETHERLANDS AUSTIN, TEXAS BOGOTA, COLOMBIA LONDON, UK

NEW YORK, USA ATLANTA, USA SAO PAOLO, BRAZIL SILICON VALLEY, USA

SYDNEY, AUSTRALIA

CHRISTINE FERRUSI ROSS Partner & SVP [email protected] 781.405.9851 CASEY CHECHE Manager, Business Development [email protected] 775.354.5564 WILLIAM SELLERS Partner & SVP Supply Wisdom [email protected] 617.510.3800

The Three Components Of An Effective Third Party Oversight Program

Data & Analytics

Transcript of The Three Components Of An Effective Third Party Oversight Program