Embed Size (px)
Van dienstverlening naar partnershipThird Party Assurance, (g)een overbodige luxe?Carlo Pietersma en Ruud Kerssens10 juni 2010, Zeist
donderdag 20 mei 2010 © 2010 BDOPage 2
Roadmap
Outsourcing life cycleDrivers for outsourcingDrivers and risk profileRisks of outsourcingMitigationPartnershipThird party reportsBest practices
donderdag 20 mei 2010 © 2010 BDOPage 3
Outsourcing lifecycle
donderdag 20 mei 2010 © 2010 BDOPage 4
Drivers voor outsourcing
• Improve focus on core competences• Reduce costs• Reduction of capital investment• Increase flexibility• Gain access to external competencies & capabilities• Improve quality and productivity• Better service• Control and Quality improvement
< Drivers / risks gebaseerd op praktijkcases --> benoemen cases>
donderdag 20 mei 2010 © 2010 BDOPage 5
Drivers and Risk profile
donderdag 20 mei 2010 © 2010 BDOPage 6
Buyer’s risks
• Becoming dependent on service provider• Savings not realized• Poor quality of service• Loss of control• Loss of skill• Difficulty in implementing changes• Technology not in aligned with business• Security• Lowering personnel motivation
donderdag 20 mei 2010 © 2010 BDOPage 7
Service provider’s risks
• Unanticipated cost• Large initial investments• Restrictions in standardization architecture• Discussions about responsibilities• Return on investment
donderdag 20 mei 2010 © 2010 BDOPage 8
Mutual risks
• Unclear contractual terms• Not agreed upon responsibilities• Unanticipated requirements• Change management• Incident response• Conflict in goals• Relationship …
donderdag 20 mei 2010 © 2010 BDOPage 9
Mitigation
• Executive-level support for outsourcing• Good communication to all key stakeholders• Well defined contracts, SLA’s concrete DAP’s• Demand organization in place to manage, monitor and control the service
provider• Communication demand and supply is regulated and defined in procedures at
both sides• Include control objectives based on best practices in contract• Right to audit / external audit for assurance
Partnership between client organizationand service provider
=Win Win
donderdag 20 mei 2010 © 2010 BDOPage 10
Partnership
No one is perfect. Seldom is only one party (e.g.,the IT vendor) always at fault. Control weaknessescontribute to poor vendor relations.
“In an ideal marriage one partner is blind and theother is deaf”
Beware long term outsourcing agreements. Oncesigned, it can be very expensive to terminate.
“in sickness and in health, to love and to cherish,till death do us part”
Document the understanding and all expectationswith the IT Vendor in writing
“Can two walk together, except they be agreed?”
TRIGGER VENDOR MANAGEMENTTRIGGER VENDOR MANAGEMENTQUOTE ATTRIBUTABLE TO PARTNERSHIPQUOTE ATTRIBUTABLE TO PARTNERSHIP
donderdag 20 mei 2010 © 2010 BDOPage 11
Confidence
SAS70 / ISAE 3402Type II
SAS70 / ISAE 3402Type I
TPMSLA, DAP,Rapportage
Periodiek overleg /rapp.
vertrouwen
Stuurmiddelen:
objectiefNiveau van relatie tussenserviceorganisatie en u
subjectief
Prove meShow meTell meTrust me
donderdag 20 mei 2010 © 2010 BDOPage 12
Relationships
donderdag 20 mei 2010 © 2010 BDOPage 13
SAS70 type I and II
<wat behelst het>< plus en minpunten>
donderdag 20 mei 2010 © 2010 BDOPage 14
ISAE3402 type I and II
<wat behelst het>< plus en minpunten>
donderdag 20 mei 2010 © 2010 BDOPage 15
ISO27001
<wat behelst het>< plus en minpunten>
donderdag 20 mei 2010 © 2010 BDOPage 16
TPM
<wat behelst het>< plus en minpunten>
donderdag 20 mei 2010 © 2010 BDOPage 17
Practice
< wat hebben de betrokken partijen ermee gedaan en aan gehadTerugkoppeling naar klant indien die in de zaal kan zijn. Anders lijstje op basis vanwat hij heeft aangegeven>
donderdag 20 mei 2010 © 2010 BDOPage 18
Vragen
donderdag 20 mei 2010 © 2010 BDOPage 19
Contactgegevens
