2. OUTSOURCING / OFF-SHORING CONTROLS
Use of service providers doesn’t
reduce the Responsibility of corporate
executives from maintaining effective
internal controls
- Public Company Accounting Oversight Board
Promoting
Techserv Consulting Confidential & Private
2
Systems Integrity
3. THIS IS MEANT FOR THOSE WHO HAVE CONCERNS ON THE
FOLLOWING …………
DO YOU WISH TO OUTSOURCE / OFFSHORE IT SERVICES?
ARE YOU NOT SURE ABOUT SELECTING THE RIGHT IT SUPPLIER?
DO YOU FEEL THE NEED TO CONSIDER EXTERNAL DUE DILIGENCE COMPETENCE?
WOULD YOU LIKE TO BE INDEPENDENT IN SUPPLIER SELECTION?
ARE YOU NOT SURE ABOUT LOCAL REALITIES AND SUPPLIER FACTS?
ARE YOU NOT ABLE TO ASSURE YOURSELF THAT SUPPLIER BILLING IS ACCURATE?
HAVE YOU REGULARLY OBSERVED THAT SLAs ARE NOT COMPLIED WITH?
ARE YOU NOT SURE THAT SUPPLIER IS FOLLOWING THE PROCESSES AS AGREED?
ARE YOUR DELIVERABLES BECOME UNPREDICTABLE?
DO YOU FIND SUPPLIER’S PRODUCT QUALITY IS NOT ACCEPTABLE?
ARE YOU FEELING MISALIGNED WITH THE SUPPLIER?
ARE YOU NOT SURE THAT IT / IS SECURITY WILL NOT BE COMPROMISED?
Promoting
Techserv Consulting Confidential & Private
3
Systems Integrity
4. Off-shoring / Outsourcing Risks Vs. Controls
Wrong selection of Lack of unity
Dishonor of Resource / Billing Failure to
of Supplier / Of minds. realize benefits, Risks
processes / Expectation Obligations, Inaccuracies, Reverse flow of
Applications? Information security? Leakages? knowledge?
Alignment?
Phases
Strategies Transition Execution Execution Programme
& (Knowledge (Steady (Value add Closure
Planning Transfer) State) State)
Strategy Transition Continuous Continuous Continuous Control
Due-Diligence Advisory Assurance Assurance Assurance Measures
Strategic Process Cultural & Value Smooth Desired
Alignment Alignment Performance Alignment Reverse Results
Alignment Transition
Promoting
Techserv Consulting Confidential & Private
4
Systems Integrity
5. The Need for Independent Outsourcing Oversight
Security Execution
Assurance Assurance
Start-up Relationship
Assurance Assurance
Value / Cost Compliance
Assurance Assurance
Outsourcing organizations require a structured, independent and competent
assurance throughout the outsourcing / off-shoring relationships. This would help the
organization to have checks and balances to realize the objectives.
We have the competence to provide assurance services to the organizations to ensure
that the outsourcing relationships realize the anticipated benefits.
Promoting
Techserv Consulting Confidential & Private
5
Systems Integrity
6. The focus areas of Outsourcing Assurance
Outsourcing Assurance is a management
process to provide a independent comfort to
management that Outsourcing engagement
processes are effective and efficient enough to
provide the desired results envisaged at the
beginning of the outsourcing engagement. Also,
IC to provide identified material weaknesses in the
EG NT AL VAL
AT E IG UE outsourcing processes either at Outsourced
TR GNM
S I
NM
EN organization or at supplier end.
AL T
This assurance function should be established
Outsourcing at strategic checkpoints to provide the required
PER IGNME
NT
A LI G U R E
Alignment alignment in the following focus areas:
AL
FOR
NME
T
CUL
MA N T
www.itgi.org Strategic Alignment
N
Value alignment
CE
Performance alignment
PROCESS
ALIGNMENT Culture alignment
Product alignment
Promoting
Techserv Consulting Confidential & Private
6
Systems Integrity
7. Why Outsourcing Assurance focus on these areas?
Focuses on ensuring the linkage of business and outsourcing plans;
Strategic alignment on defining, maintaining and validating the outsourcing value proposition;
and on aligning outsourcing operations with enterprise operations
Is about executing the value proposition throughout the outsourcing cycle,
Value alignment ensuring that supplier delivers the benefits against the outsourcing strategy,
concentrating on optimising costs and proving the intrinsic value of outsourcing
Culture alignment Focuses on bridging the cultural gaps between two organization
Focuses on ensuring required process infrastructure is established and
implemented and institutionalized to have transparency in outsourced
Process alignment processes. Ensure that these processes are improved continually and aligned
to outsourcing objectives
Tracks and monitors strategy implementation, project completion, resource
Performance alignment usage, process performance and service delivery, using, for example,
scorecards that translate strategy into action to achieve goals measurable
beyond conventional accounting
Promoting
Techserv Consulting Confidential & Private
7
Systems Integrity
8. Outsourcing Assurance aims
Conformance
• Adhering to Laws, Regulations, Legislation,
Policies and Procedures, audit requirements,
etc.
Performance Performance
• Improving Performance Score card,
Outsourcing efficiency and effectiveness,
growth, etc. Conformance
Outsourcing Assurance aims to balance conformance and performance goals
Promoting
Techserv Consulting Confidential & Private
8
Systems Integrity
9. Outsourcing Governance Stakeholders
Board and executive Set direction for outsourcing, monitor results and insist on
corrective measures
Defines business requirements for outsourcing and ensures
Business management that value is delivered and risks are managed
Supplier management Monitors outsourcing services as required by the Business
Management
Provides independent assurance services to demonstrate
Assurance services that outsourcing delivers what is needed
Outsourcing management Delivers and improves outsourcing services as required by
the Client Management
Risk and compliance Measures compliance with policies and focuses on alerts to
new risks
Supplier Service Buyer Independent Assurance
Promoting
Techserv Consulting Confidential & Private
9
Systems Integrity
10. Outsourcing Assurance Framework
Enterprise Drivers PERFORMANCE CONFORMANCE
Business Goals Acts & Regulations
A Outsourcing Drivers Scorecard
Sarbanes-Oxley Act, A
COBIT,CMMI,ISO
S 27001 etc. S
S S
U U
R Outsourcing Governance
R
COBIT
A A
N N
C C
E Best Practice Standards
ISO ISO
CMMI
E
9001:2008 27001
Processes and Procedures Governance Functional Operational
Processes Processes Processes
Promoting
Techserv Consulting Confidential & Private
10
Systems Integrity
11. Alignment Agents
Program Management
•
A
A
Process Design
l
l
•
i
Process Implementation
i
V
g
g
V
a
n •
n
Delivery Management
a
m
m
l
l
u
e
•
e
SLA Management
u
e
n
n
e
t
t
P P
R R
Program Management O O Client Management
D C
• U E
Contract Administration T S • Contract Administration
• Assurance S
Program Oversight • Program Planning
(Alignment Agents)
• SLA Management • Program Oversight
• Program Oversight • Escalation Resolution
PERFORMANCE
S
S t
A t Supplier Management A
r r l
l a
i a i
t
g t • Outsourcing Strategies e
g
n e n
g • Outsourcing Oversight g m
m I
e I e
n c • Supplier Selection c n
t t
• Program termination
Promoting
Techserv Consulting Confidential & Private
11
Systems Integrity
12. Assurance Scope (Strategy & Planning)
Deliverables
Report on Strategies
Strategy & Transition
Due Diligence Reports
Planning
Supplier selection process review report
IT Processes Information Security Assessment report
Systems & Processes assessment Report
Contract Review Report
Execution Program Strategy & Planning
Closure
Strategy reviews
Planning reviews
Supplier Selection reviews
Supplier infrastructure due diligence
Outcome Suppliers Human Resources due diligence
Right Pricing is established
Suppliers Process infrastructure due diligence
Strategy and Planning verified
Suppliers’ claims validated Supplier readiness due diligence
Risks towards security assessed Contract negotiation / re-negotiation (Pricing)
Human resources claims assessed
Outsourcing (Supplier) readiness assessed Information Security and Privacy assessment
Outsourcing (Customer) readiness assessed Effort estimation review
Promoting
Techserv Consulting Confidential & Private
12
Systems Integrity
13. Assurance Scope (Transition)
Deliverables
Strategy &
Transition Review Reports (Processes in transition)
Planning
Process documentation (if required)
IT Processes Review report on Knowledge transfer
Establish On-site Oversight mechanisms
Review of Staffing
Audit reports (Transition Phase
Execution Program
Closure Transition
Transition Planning review
Transition Schedule review
Program staffing review
Outcome
Effective transition strategy Knowledge transfer execution audit
Efficient transition strategy Pilot project execution review
Process infrastructure readiness
Program & Project Planning Process definition
Program transition health status
Pilot project validation Program & Project execution Process definition
Supplier readiness against the plan Quality Assurance Process definition
Risk assessment and mitigation
Quality Control process definition
Information Security process definition
Promoting
Techserv Consulting Confidential & Private
13
Systems Integrity
14. Assurance Scope (Execution)
Strategy & Transition
Deliverables
Planning
Process advisory
Assurance Process Audit reports
Information Security audit reports
Billing verification report
Program
Execution
Closure
Execution
Periodic Audit of Contractual obligations
Periodic Audit of Information Security processes
Outcome
Alignment of execution processes Periodic Audit of process implementation
Alignment of info. Security requirements Periodic Audit of Service Level Agreements
Independent Program status Periodic Audit of deviations, escalations
Process improvements
Contractual obligations by supplier Periodic Audit of Supplier’s infrastructure
Risk identification & Mitigation Periodic Audit of Billing Account
Accurate billing as per contract
Promoting
Techserv Consulting Confidential & Private
14
Systems Integrity
15. Assurance Scope (Program Closure)
Strategy & Transition
Planning
Deliverables
IT Processes Review Reports
Validation Reports
Audit report
Execution Program
Closure
Program Closure
Reverse Transition Planning
Outcome Reverse Transitioning
Smooth reverse transition
Compliance to regulations, laws etc., Contract, Regulatory compliance
Effective reverse knowledge transfer Program sign-offs
All assets are returned Program closure
Promoting
Techserv Consulting Confidential & Private
15
Systems Integrity