Drive Your Business

The Top 9 Trends in Vendor Management

2 ©2015 WGroup. ThinkWGroup.com

Multi-vendor systems are becoming the

standard model for delivering outsourcing

services in today’s workplace. This approach

allows clients to leverage the best service

for a particular business environment.

However, multi-vendor delivery models also

require a client organization to integrate

multiple vendors with varying roles and

coordinate their activities in an effective

manner. Furthermore, many industries, such

as finance and healthcare, face increasingly

stringent regulations that place a burden on

the client to ensure regulatory compliance

over its vendors throughout its service

delivery chain. Clients also must maintain

oversight over their third-party relationships.

Vendor governance and management

are therefore becoming high priorities for

outsourcing clients. These areas have often

been overlooked in the past, but clients

now recognize that the lack of vendor

management is a key factor in reducing

the value of outsourcing. These clients

also should understand that third-party

oversight is essential for obtaining value

from relationships with service providers.

This white paper discusses the following

nine trends in vendor management and how

enterprises can take advantage of them:

• Standardization

• Vendor consolidation

• Robotic process automation

• Labor arbitrage

• Corporate culture

• Third-party governance

• Innovation

• Relationships

• Service levels

Introduction

3 ©2015 WGroup. ThinkWGroup.com

StandardizationThe standardization of outsourcing processes allows organizations to improve vendor

management and obtain an advantage in an increasingly competitive business environment.

In particular, standardization provides organizations that perform financial services

with greater confidence regarding regulatory reviews. Informal reviews by the Office of

the Comptroller of the Currency (OCC) are becoming more common, so it’s especially

important to implement standard processes and document them adequately. This

preparation can often cause the OCC to forgo a formal audit and look for other enterprises

that are at greater risk of regulatory noncompliance. Greater standardization also will

increase the demand for more automated tools for performing vendor management.

Vendor consolidationThe increased priority for oversight over third-party

vendors is causing clients to focus on audits as a means

of ensuring compliance readiness among vendors.

Small third-party firms, especially those with fewer than

50 employees, will be unwilling or unable to bear the

growing costs of regulatory compliance. These vendors

will therefore be acquired by larger service providers.

4 ©2015 WGroup. ThinkWGroup.com

Robotic Process Automation (RPA) is the

use of software known as virtual robots

to automatically manipulate existing

applications in a manner similar to that of

a person processing a transaction in an

application. RPA tools provide the potential to

significantly reduce operational costs, since

they’re able to perform routine functions at

a lower cost than human workers. RPA is

especially important to banking organizations,

since it directly addresses some of the

requirements for regulatory compliance.

The use of RPA tools to ensure compliance

will increase and provide enterprises with

a competitive advantage, due to their

ability to improve the speed, accuracy,

and auditability of outsourcing services.

Robotic process automation

Organizations that use RPA will also gain

a broader advantage in their ability to bring

vendor management and governance, risk

and compliance (GRC) solutions to market.

The requirement for regulatory compliance

is especially likely to benefit financial

services that use RPA. The financial crisis

of 2008 resulted in regulatory agencies

placing a greater responsibility for oversight

on client organizations. This change

generally means that a financial services

organization is ultimately responsible

for any breaches in the service delivery

chain, regardless of their cause.

The increase in regulatory pressures

caused financial institutions to increase

their oversight capabilities throughout the

lifecycle of the outsourcing process. The most

common areas of focus include improving

process definition and contract discipline.

Financial institutions also use RPA to develop

more robust compliance strategies.

5 ©2015 WGroup. ThinkWGroup.com

The primary advantage of an RPA solution over a human worker is that it performs a process the

same way every time. It also provides a detailed activity log for audit purposes, which is essential

for demonstrating compliance readiness. Another advantage of RPA tools is that they’re easy to

scale and can be reconfigured quickly to perform many functions, including data consolidation,

document review, and invoice reconciliation, without the need to train a human worker. RPA also

can define a process for making decisions about sourcing location by changing the premise of

labor arbitrage. These benefits of RPA make onshore sourcing more cost-effective, providing

clients that use offshore sourcing with a lower-risk option.

RPA solutions provide a wide range of capabilities

for monitoring and reporting software processes.

This versatility will cause some confusion as

vendor management solutions begin to merge with GRC

solutions. The primary difference between these solutions is

that vendor management focuses on increasing the supplier’s capability, while GRC focuses

on mitigating the risk of using that supplier. Organizations that are able to acquire both of

these capabilities will be in a better position to manage their supplier costs effectively.

Many RPA tools still lack maturity, although a lack of maturity in the processes

they’re designed to monitor is a more critical issue for most enterprises. The

urgency of improving process documentation will result in organizations adopting

the RPA tools that are available, rather than waiting for this market to mature.

An RPA solution will perform a process the same way – every time.

6 ©2015 WGroup. ThinkWGroup.com

Enterprises will focus on driving higher levels of performance to obtain the original business

case for outsourcing rather than looking for sources of low-cost labor. Research shows that

proper governance in a multi-vendor model can increase profitability by six times more than

similar improvements in governance over labor costs. Common steps for improving multi-

vendor governance include implementing a multi-vendor governance model, transforming the

complexity of that model into service value, and balancing accountability for multi-vendor model.

The trend in multisourcing will increase the skills and structures needed in all areas of

governance. Other trends also are increasing the need for governance, resulting in a

complex environment that erodes the value of the multi-vendor market and adversely affects

customer service. Simplification generally involves successfully leveraging the available

solutions, including developing the governance structure, defining sourcing strategies,

managing the transition to multiple vendors and facilitating contract reviews. Solid experience

in engaging IT suppliers also can help clients meet the multi-vendor challenge.

Executives are beginning to recognize the value of effective vendor management and are

changing their priorities accordingly. This shift in priorities reflects the maturation of the

outsourcing marketplace, which is changing the definition of a “company.” For example, today’s

enterprises typically externalize over 70 percent of the cost base. This increase in outsourcing

means that vendor management skills such as coordinating multiple vendors, managing

service deliveries, and overseeing contract obligations will have paramount importance.

Labor arbitrage

7 ©2015 WGroup. ThinkWGroup.com

The concept of effective governance will shift

from mere compliance to a cultural imperative.

This trend in vendor management means

that compliance will become embedded in an

organization’s daily operations, rather than the

responsibility of a specific department. Each

organization has a unique set of core products

that influence executive decisions, business

practices, and employee actions. This culture

consists of the tone that the organization’s

top executives set, as well as written policies.

The internalization of

effective governance

provides

additional

benefits beyond

operational alignment

and regulatory

compliance, including

increased business value and improved

relationships between clients and providers.

A strong corporate culture is necessary for

vendor-management practices that will protect

an organization’s reputation and bottom line.

It also guides employees towards responsible

behavior by ensuring that the organization

will support and approve of their actions.

An organization without a strong culture can

aggressively pursue earnings at any cost,

which can cause it to lose direction or enter a

new market without performing due diligence.

Corporate cultureFor example, employee character and

customer confidence are especially important

for financial institutions. The loss of these

qualities caused national economic problems

with consequences that go well beyond these

institutions themselves. The financial crisis

of 2008 provides a recent example of the

wide-reaching effects of poor governance

among financial institutions. This crisis was

due in large part to unsound lending practices

among financial institutions, especially large

banks. These

practices adversely

affected their own

customers, the

national economy,

and the institutions

themselves.

The improprieties that led to the 2008 crisis

included lapses in oversight over trading

activities, Bank Secrecy Act controls, and

outsourcing vendors. They also included a

range of abuses in mortgage foreclosures,

collectively known as robo-signing. These

improprieties cost the largest banks in

the United States billions of dollars in

fines and restitution. They also have

been the subject of many headlines and

congressional hearings. More importantly,

these practices have eroded the public’s

confidence, which is vital for banks.

The internalization of effective governance provides additional benefits beyond operational alignment and regulatory compliance.

8 ©2015 WGroup. ThinkWGroup.com

The federal government was able to avert further catastrophe by supporting the

economy with decisive action. Many of the large banks also had national charters that

provided them with the financial strength to absorb high-risk institutions. Nevertheless,

the 2008 crisis had a major adverse effect on the world economy and many financial

customers. The long-term effects of this crisis were still being felt as late as 2012.

The 2008 crisis resulted in the development of much stricter standards for major banks,

which are intended to prevent it from recurring. These standards include minimum

requirements for the design of a large financial institution’s risk governance framework

and its implementation. It also provides minimum standards for the oversight of this

framework, which must address the risks arising from organization’s activities. Common

sources of risk for a financial institution include capital, earnings and liquidity.

The new governance standards also define the responsibilities and roles of the departmental

units that design and implement the risk governance framework for a financial institution.

These lines of defense in risk governance include front-line business, internal audits

and independent risk management. The new standards also require organizations to

establish appropriate systems for controlling risk in business practices. For example,

financial institutions must provide risk statements that describe levels and types of risk

that they are willing to assume in the pursuit of their strategic objectives. These risks

must be consistent with regulatory requirements regarding capital and liquidity.

The latest guidelines for financial institutions also include standards for the boards of directors’

oversight over the design and implementation of the organization’s risk governance framework.

These directors must be engaged in the risks of the organization to ensure they manage those

risks appropriately. Furthermore, directors must have the authority to challenge managers when

necessary to maintain the sanctity of the organization’s federal charter. This level of authority

will help an organization to avoid becoming a mere booking agency for its holding company.

The OCC can require a bank to submit a compliance plan when it determines

that the bank has failed to meet a particular governance standard. This plan must

detail the actions that the bank will take to identify key deficiencies, along with a

projected timeline for those actions. The OCC can also issue an order enforcing

compliance if the bank fails to implement a plan approved by the OCC.

9 ©2015 WGroup. ThinkWGroup.com

Key metrics for financial institutions, such as earning strength or credit quality, are relatively

easy for regulators to measure. The strength of an organization’s culture is far more difficult to

assess, despite its strong influence on the actions and decisions within that organization. The

OCC has recently started to look to board members and senior management to set the tone for

creating a healthy culture that engages in proper practices, such as reasonable risk taking.

Supervisory agencies also fell short of expectations during the time leading up to the 2008

crisis, along with many financial institutions.

For example, the OCC is looking for ways

to improve its ability to regulate these

institutions. Major areas of concern include

recognizing problems more quickly and

taking decisive corrective action.

The OCC also is looking at other aspects

of how it does business in an effort to

improve its performance in the future.

One of the major steps towards this goal

was to invite a group of international

regulators to evaluate the OCC’s supervisory process. This step was difficult for OCC

staff members, since it involved a critical analysis by their peers. Nevertheless, senior

executives at OCC felt this peer review was essential for improving its corporate culture.

10 ©2015 WGroup. ThinkWGroup.com

The results of this peer review affected all aspects of OCC’s supervision over financial institutions,

including enterprise governance, organizational structure, and risk management. OCC’s vision

statement and strategic goals also were significantly impacted. OCC management reports that

the peer review was extremely helpful, despite the discomfort it caused staff members. OCC is

implementing recommendations from the peer review. The most important goal for OCC’s changes

in corporate culture is to set the same standards for itself that it sets for large financial institutions.

The OCC is crafting legislation to ensure that large organizations develop compensation

programs that balance financial rewards with risk. This legislation will prohibit excessive

compensation or compensation that exposes the organization to risks that could lead

to financial loss. It also will require compensation programs to comply with standards in

corporate governance. Multiple agencies are developing the proposed OCC legislation,

which could have prevented some of the practices that led to the 2008 crisis had it been

in place at that time. For example, it could have prevented the originate-to-distribute

model from becoming a means of ignoring risk instead of a means of managing risk.

Regulations only go so far in ensuring effective governance, since regulatory agencies can’t

write rules to cover every possible situation. Furthermore, internal controls are only as strong

as an organization’s culture since risk officers must receive support from an organization’s

senior executives. All organizations should strive to develop a healthy culture that reflects sound

governance principles. This goal is particularly important for large financial institutions, which

are capable of affecting so many people throughout the world. Inertia is typically the primary

challenge in developing a strong culture, making it especially difficult for large organizations.

11 ©2015 WGroup. ThinkWGroup.com

Third-party governanceThe need to develop a culture of awareness and commitment toward regulatory compliance will

lead to increased oversight over the governance of third parties. This trend will be especially

prevalent among organizations that provide financial services, where third-party oversight is likely

to become the responsibility of the organization’s board of directors. The ability of organizations

to respond to regulatory requirements will continue to be outpaced by the proliferation of those

regulations. For example, the OCC already tightly regulates financial institutions. However,

other agencies, such as the Consumer Financial Protection Bureau (CFPB), Federal Financial

Institutions Examination Council (FFIEC) and Federal Reserve Board (FRB) also are becoming

more involved in assessing

the regulatory compliance

of financial institutions.

The trend towards greater

third-party governance will lead

to a growing recognition that

enterprises must go beyond

merely providing lip service to

regulations. Early measures

in this process will typically

include the development of new

corporate policies and value

statements, which should lead to

the development of mandates for

enforcing the desired behavior.

Boards of directors must also take

responsibility for driving cultural

changes by promoting and supporting the actions of C-level executives. These measures

are essential eliminating the old ways of thinking about vendor management.

12 ©2015 WGroup. ThinkWGroup.com

InnovationInnovation in outsourcing includes concepts

such as continuous improvement and

leadership. These topics may be covered

thoroughly during negotiations, but often

fail to meet expectations after the contract

is signed. However, this traditional practice

has begun to change in recent years.

Service providers are now more willing

to look for innovative ways in which to

distinguish themselves from their competitors.

The widespread use of mature offshore

services means that labor costs are often

approximately equal among many providers.

This trend means that providers must find

other ways to reduce prices over time.

For example, providers are now investing in

processes and tools that improve delivery

and cost efficiencies. This strategy allows

providers to obtain future cost savings from

their outsourcing services. However, it also

motivates providers to prefer long-term

contracts, which have a greater probability

of realizing a profit from those savings.

Providers also are more likely to require

the freedom to change delivery locations.

Service providers are finding other ways

to be innovative, such as increasing the

use of innovation pools. This concept

consists of defining a governance process

for funding selected initiatives based on

a set of established priorities. The

client and service provider negotiate

the amount of funding that each party

will contribute toward the innovation

pool. The client is thus able to

indicate the innovative activities that

it considers to be most valuable, and

the provider is able to demonstrate

its commitment to those activities.

Service providers are looking for

ways to demonstrate the value of

their internal processes and tools,

which typically include tool kits for

development, testing, and productivity.

For example, a provider can use these

tools to improve service performance

in cases where they align with the

client’s objectives. The primary benefit

of these processes and tools is the

value they bring to the client, although

they also can improve the technical

capability and organization of the

provider’s business environment.

Service providers are looking for ways to demonstrate the value of their internal processes and tools.

13 ©2015 WGroup. ThinkWGroup.com

It’s vital for clients to evaluate the available evidence and assess the potential value of these

techniques against their potential risk. For example, new processes and tools should provide

some improvement in service delivery, pricing, or risk mitigation. They also must fulfill change-

management requirements, comply with federal regulations, and meet internal security policies.

Another recent innovation among service providers is the offering of rationalization services

as part of their managed IT services. These typically include infrastructure-rationalization or

applications-rationalization services, which providers have traditionally offered as a separate

consulting project. Infrastructure-rationalization services identify methods of streamlining the

management of IT assets, while application-rationalization services are intended to streamline

the application portfolio. The primary benefit of rationalization services is to reduce the cost of

IT maintenance and management costs. They also allow the provider to elevate a discussion on

services from price to value, while offering the client the opportunity to receive real benefit.

14 ©2015 WGroup. ThinkWGroup.com

A client that has already outsourced services has learned some important lessons in managing

outsourcing agreements. These lessons provide the opportunity to take corrective action in

the next relationship with a service provider. Experienced clients are more likely to understand

the importance of managing vendors and the outsourcing process. They also understand that

governance should go beyond simply managing the contract to include managing the relationship

with the service provider. Clients should therefore apply strong governance principles to all

products and services that it receives from vendors.

Clients with experience in outsourcing are generally improving

the processes and organization of their Vendor Management

Office (VMO). This trend includes a shift from using one service

provider to fulfill all sourcing requirements to multiple providers,

including insourced and outsourced services. This strategy

provides clients with greater outsourcing flexibility, but it also

requires a more effective VMO. The additional complexity of a

multi-vendor environment means that clients must manage their

providers more aggressively than in the single-source model.

A multi-vendor strategy therefore requires a client to invest in

its VMO to obtain long-term benefits from outsourcing. In particular, a strong VMO is essential

for the benefits of managing a multi-vendor environment to exceed those of managing a simple

“one-stop shop” sourcing model. Multi-vendor sourcing provides other benefits, including

maintaining a competitive pricing environment between the service providers. Furthermore, it

allows the client to select the vendor that is best able to fulfill a particular sourcing requirement.

Service providers are becoming more accustomed to the multi-vendor model and are

more likely to offer general contracting services, especially to their long-term clients.

Relationships

15 ©2015 WGroup. ThinkWGroup.com

These changes in client/provider relationships cause governance to move into other

areas outside its traditional role of contract management. Clients are using governance

to manage business outcomes, innovation initiatives, Conformance to Quality (CTQ),

Customer Satisfaction (CSAT), and Service Level Agreements (SLAs). This shift from

managing the contract to managing the relationship requires senior executives to

adopt a broader focus when thinking about governance. They also must become more

closely involved when either party becomes dissatisfied with the relationship.

This process generally requires adjusting the relationship between client and service

provider to ensure that both parties find increased value in doing business together. These

relationships must therefore become more flexible in future outsourcing agreements. Effective

governance requires a contract schedule to better document the expectations of both

parties. The contract schedule may be used to define the specific relationship desired.

16 ©2015 WGroup. ThinkWGroup.com

Service levelsThe outsourcing market traditionally focuses on a large number of metrics to determine

typical service levels. For example, the metrics for IT services commonly include application

availability, first-call resolution, and incident resolution. These metrics may be helpful

to IT executives, but they’re less important to business users. The large numbers of

service-level metrics that are reported on a monthly basis often have little value for their

readers. The process of translating these metrics into business terms has historically

presented a challenge to clients, who often rely on their VMO to perform this task.

Service providers have traditionally been adverse to measuring their performance beyond the

scope of the contract. However, they have recently started to realize that they can distinguish

themselves from their competition by achieving actionable measures

that fall outside the contractual scope. This trend should not imply that

providers will willingly agree to additional SLAs, especially those that

could be used to terminate for cause or place the providers’ own dollars

at risk. It does mean that providers are more likely to measure metrics

that are more focused on business than IT, even when they don’t own the

entire process. Common metrics of this type include number of defects in

production, number of invoices paid, and number of orders processed.

Service providers have several reasons for measuring metrics that

aren’t required by the contract. For example, providers in a multi-sourced environment can

gain insights into a competitor’s performance by accepting responsibility for the business

performance of their services. Providers also can build relationships with the client’s CFO,

CIO and other senior executives by showing the ID value of their services in terms those

executives can understand. Furthermore, the strategy of measuring business metrics can give

providers insight into the client’s business process, which may lead to new opportunities.

Providers have started implementing dashboards that measure real-time performance in an

effort to increase the transparency of service levels. This capability allows them to respond

to service deficiencies before they result in SLA penalties. The combination of reporting

business metrics and real-time performance can add significant value to a vendor’s services,

thus providing another way for them to separate themselves from the competition. For

example, a provider in a multi-vendor environment that can integrate reporting measures

into a single tool is more likely to be chosen as the client’s general contractor.

17 ©2015 WGroup. ThinkWGroup.com

SummaryThese trends in vendor management affect outsourcing contracts and the manner in which

these relationships are governed. A better understanding of these trends can help enterprises

to structure more beneficial contracts and develop more mature relationships with their service

providers. Vendor management is becoming increasingly important due to greater competitive

pressures, regulatory scrutiny, and multi-vendor delivery models. Effective governance over vendor

relationships is essential for compliance with regulatory standards. It’s also helpful for leveraging

outsourcing to obtain a competitive advantage and create value for long-term shareholders.

Leaders in outsourcing will be increasingly likely to view vendor management and governance as

a means of investing in a strategy that yields significant returns. These enterprises will recognize

the relationship between stock price and service levels, which will require a corporate culture with

greater accountability. Followers in outsourcing will continue to view vendor management as an

expense that provides minimal ROI. They also will react to problems that continuously arise as

the result of an inability to measure vendor performance and obtain stakeholder involvement.

Drive Your Business

Founded in 1995, WGroup is a boutique management consulting firm that provides Strategy,

Management and Execution Services to optimize business performance, minimize cost and create

value. Our consultants have years of experience both as industry executives and trusted advisors

to help clients think through complicated and pressing challenges to drive their business forward.

WGroup offers cloud strategy consulting and a full range of IT transformation

advisory services. Visit us at www.thinkwgroup.com or give us a call at

(610) 854-2700 to learn how we can help you with your cloud strategy.

301 Lindenwood Drive, Suite 301 Malvern, PA 19355

610-854-2700

ThinkWGroup.com