Professional Documents
Culture Documents
VendorPartnerOptimisationforDigitalEcosystem Whitepaper
VendorPartnerOptimisationforDigitalEcosystem Whitepaper
net/publication/339237968
CITATIONS READS
0 569
1 author:
Neeraj Parashar
Tech Mahindra
12 PUBLICATIONS 0 CITATIONS
SEE PROFILE
Some of the authors of this publication are also working on these related projects:
All content following this page was uploaded by Neeraj Parashar on 13 February 2020.
Business contracts and vendor engagements earlier are not structured or compatible to the principles
of digital business environmental and the dynamic needs of the business. Changes in external and
internal business environment like stringent privacy laws, massive penalties on non-compliances,
surfacing new risk scenarios, and ability of upstream and downstream partners, suppliers and vendors
(are all considered as vital stakeholder of the business) to create business disruption.
Similarly new business architecture like in the shared database as in Blockchain, it is imperative to have
the internal value chain align to demands of real-time processing.
This requires organizations to own a robust and scalable risk management program that can allow
business to run in nearly in autopilot mode. Tech Mahindra offers comprehensive risk management
framework to align all third party service providers different on parameters of geography, service type
and engagement level to come on common board for governance and monitoring to fulfil compliance and
manage risk.
Key Activities
■ Conduct stakeholders interviews for reviews inputs
■ Assses other primary & secondary data, documents and other submitted information.
■ Propose against gaps and missing areas
■ Seeking agreement on dimensions for inherint, SME and other areas to be finalzied for risk
assessment for supplier stake.
■ Refer historic performance of the supplier from the system
Deliverables
■ Dimension Details for each individual purchase / supply type
■ Weightage of parameter freeze with all exceptions / factors
■ Flagging system in case of deviations and exceptions
■ Additional dimension identified
■ Agreement of functional groups, TPRM Group and TechM risk review team
Deliverables
■ Publication of risk summary
■ Details of cost and other investments seperately as per the control plan submitted by supplier
■ Flagging of areas which are non-compliant and control plan needed on such issues
Phase 3: Mitigation
Ownership - TechM seeks issues plugged from Third Party controls
Objective
■ If final risk summary accepted by the functional groups for next level, getting control plan on list of
issues from the supplier
■ Seeking control plan from other other stakeholder groups, if required like areas of legal and other
grey areas of reporting compliance.
■ Seeking the consolidated residual risk rating lowest for the supplier
Key Activities
■ Based on the final risk summary, communicate / ask supplier to submit control plan against the issue log
■ Once supplier submits the control plan against the issue log, reviewer reasses the risk in the tool as
per newly submitetd status
■ Complete the assessment, seek clarification from supplier via proper channel, if required
■ Complete the rating process in system as per SOP and inscope dimensions
■ Completing the supplier rating in system with flagging areas to be governed and monitered in the
post contract phase.
■ Map the supplier contract proposal against the enterprise framework as per category details and gaps.
Deliverables
■ Publication of Residual Risk Rating
■ Seek a decision from Client on contract for go/no go.
■ Publish supplier proposal against the target frame agreement in focus
■ Publish risk impact assessment report from system to the stakeholders based on residual ratings
Phase 4: Governance & Monitoring
Ownership - Post Contract reviews , reporting done by TechM
Objective
■ As per system calendar capture, process and publish contract performance data
■ Identify red, amber & green areas
■ Seek clarifiation from supplier in system and update MoM of review
■ Raise flag in case of deviations, new issue identified and contract voilations
■ Protect the interest of Client group
Key Activities
■ As per review schedule seek data of contract performance, exceptions and comments (NPS etc.)
■ As per agreed format & stakeholder identifed, produce the contact review & audit report.
■ Seek clarification and control plan for open issues areas from supplier, in case of exceptions &
dimension added/ changed
■ Raise flag to impose penalties, invoke exit plan, termination proceedings etc.
■ Update the status of contract in system with comments, SLA adherence and other achievements
and misses
Deliverables
■ Update the risk tool against the contract performance
■ Update the learning tool / risk register and other supplier / issue reference sources
■ Seek standing rating of supplier
■ Update stakeholders if new dimension are relevant to be added and changed to contract reneual.
Business Problem
Organization is a leading banking service provider in UK, it is looking to develop a robust and scalable
risk management center of excellence to have to proactive mechanism to manage operations, market,
compliance, cyber and regulatory risk with timely and effective system to identify and mitigate all
known issues.
The program expected to deliver enterprise business agility by seamless change management and
culture building to cover reputation, financial risk.
Benefits Secured
■ Consistent & sustainable ecosystem, enterprise resilience against control execution, governance
& transparent reporting.
■ Maturity with enterprise learnings, agile change management
■ Reduction of loss, cost avoidance and cost control with stricter implementation of parameters
from planning, DD, review and control and execution phase.
■ Reduction of Headcount with 70% of the process is governed on a common platform and real-time
decision making, processing and governance
References
1. ISAQA Technical Security or COBIT 5
2. SSE16 Standards
About Author
Neeraj Parashar
Email: neeraj.parashar@techmahindra.com