12
Information Technology Vendor Risk Management Identified Risks Throughout the Sourcing and Vendor Management Life Cycle
| Date post: | 28-Jan-2018 |
| Category: |
Technology |
| Upload: | deepak-bansal-cpa-cissp |
| View: | 126 times |
| Download: | 3 times |
Information Technology Vendor Risk ManagementIdentified Risks Throughout the Sourcing and Vendor Management Life Cycle
i | P a g e
Table of Contents
1.0 Overview of IT Vendor Risk Management ....................................................................................... 2
2.0 Relationship Vendor Risk Management ............................................................................................ 3
2.1 Human Capital ..................................................................................................................3
2.2 Communication .................................................................................................................4
3.0 Contract Vendor Risk Management ................................................................................................... 5
3.1 Compliance ........................................................................................................................5
3.2 Transition Risk ..................................................................................................................5
4.0 Financial Vendor Risk Management .................................................................................................. 6
4.1 Value Leakage ...................................................................................................................7
4.2 Financial Transactional Risk .............................................................................................8
5.0 Performance Vendor Risk Management ........................................................................................... 9
5.1 Performance/Service Level Agreements.............................................................................9
5.2 Security............................................................................................................................ 10
6.0 Summary .................................................................................................................................................11
2 | P a g e
Information Technology Vendor Risk Management
1.0 Overview of IT Vendor Risk Management
As mature organizations begin to implement IT Sourcing Strategy & Vendor Management Offices, these initiatives must begin to account and operate in areas of uncertainty that comes along with developing new relationships for sourced products or services. Sourcing Strategy comprises of the philosophy, decisions, and implementation approach in dealing with potential service providers in an organization to achieve its business objectives. Vendor Management empowers an organization to benefit from the excellent service contracted service provider’s offer, while managing costs and mitigation of risks. A mature Information Technology Vendor Management Office, “IT VMO,” will result in a greater value in engagements, and create mutually beneficial relationships between the organization and service providers.
As the Sourcing environment becomes global, perhaps with many unique set of interacting partners, the importance of a proper risk approach management becomes more essential. The risk management of potential third party IT Vendors is not only to establish a framework in which sourcing partners and an organization’s VMO will identify risks, but to develop strategies to mitigate and avoid those risks. However, before IT third party risks can be identified and managed within the IT VMO, there are preliminary elements which must be accounted and measured by each sourcing provider to the organization.
The foundation of an effective IT VMO relies on the maturity and implementation of four key processes risk areas. Within each of these key processes there are two subareas of Vendor Management, each with their own set of risks that can occur during the life of an organization’s IT VMO. Within the Sourcing & VMO lifecycle,these risk areas need to be constantly assessed and mitigated.
ü Relationship Vendor Risk Management
• Human Capital
• Communication
ü Contract Vendor Risk Management
• Transition
• Compliance
ü Financial Vendor Risk Management
• Value Leakage
• Invoice Processing
ü Performance Vendor Risk Management
• Service Level Agreements
• Security
3 | P a g e
“Train people well enough so they can leave, treat them well enough so they don’t
want to.” -Richard Branson
Financial Risk consists of managing the contract Value Leakage, and transactional invoices for completeness against the contract and accuracy. Relationship Risk consists of managing human capital and communication to both internal and external stakeholders. Contract Risk relates to managing the vendor transition from in-house to sourced environment, and a vendor’s compliance to the organization’s policies and governing regulations. Performance Risk oversees a vendor’s adherence to contract Service Level Agreement and capturing of Security Requirements & Risks in case of unforeseen service disruption.
2.0 Relationship Vendor Risk Management
When managing the IT Relationship Risks, an organization must consider the gain or loss of the organization’shuman capital during transition from in-house to the sourced environment. Proper communication to all stakeholders must be consistent and transparent to avoid the rumor spiral, where “appearance becomes fact.”
2.1 Human Capital
Once a contract has been signed, and before the service provider onboarding process has been initiated, attrition of human capital must be considered for the organization resource in defining and identifying the retained employees. During the transition phase, attrition of the key original organization resources is expected to reach high levels, with potential internal challenges of labor unions.
A carefully defined retained organization, with a new set of roles and responsibilities for the remainingorganization employees, must reach a form of consensus with all higher level stakeholders. Risk of the retained staff being underutilized to optimal advantages occurs when a significant portion of highly qualified employees are focused on purely administrative activities. A proper flight risk and skills overlap assessment of the original enterprise will assist in determining the retained organization versus displaced employees. Over the course of the contract, there is always the tendency of distrust of new service provider. The level of distrust can result in an over staffed retained organization mimicking the new service provider’s organization, “man-mark.” The result of man marking will diminishing business returns, fuels job dissatisfaction, and fails to employ people with skills to the best advantage. The IT VMO should ensure the retained staff is conversant indiscussing around agreed innovation, process improvement support, and defining solutions to address future challenges. There should be continuous investing into training the retained organization staff, while monitoring the service provider training metrics and turnover rate. Finally, the VMO should also leverage communication tools such as an incentive plan to retain the key resources, and highlight opportunities and benefits.
Subsequent to the service provider being fully on board, the IT VMO must monitor staffing of the service provider to ensure service quality does not decline over the life of the contract. The IT VMO should beperiodically obtaining current and historical attrition rates from all tiered service providers for monitoring this fluctuation. Turnover at the new service provider can be both considered negative and positive in service delivery. A high sourced turnover rate greater than 15% would lead to a decline in efficiency of team results,delay in service delivery, and result in inconsistent service quality as new staff are on boarded and off boarded. There becomes a potential loss of knowledge transfer, partner relationship credibility, and can eventually lead to impacting the overall contact value. A low turnover rate of less than 2-3% could result in a lack of new ideas in innovation to stale problems. It also indicates a service provider not leveraging from other existing client knowledge bases, and not bringing fresh ideas to old processes.
Human Capital Risks
ü Service Provider and Organization Attrition
ü Suboptimal Sourced Turnover Rate
ü Fragmented Retained Organization
4 | P a g e
“A lie can travel half way around the world while the truth is putting on its shoes.”-Mark Twain
Human Capital Mitigations
ü Defined Retained Organization with Flight Risk Assessment
ü Monitor of Service Provider Employee Turnover Rate
ü Continuous Training of Retained Organization
2.2 Communication
The risk and importance of communication by the IT VMO between thetransforming organization to its internal staff, incumbent service provider, and/or the new service provider cannot be understated. The concept of rumors and nervousness reaches its pinnacle height within the transforming organization internal staff during the period of transition from in-house to outsource. This is when the rumor mill is the strongest, and any form of communication leak results in fear, uncertainty, and elevated attrition rates. A dysfunctional IT VMO communication would result in incorrect information being disseminated to both internal staff and relevant stakeholders. The potential dysfunction will solidify any doubt of the original sourcing strategy amongst internal business leaders, while decreasing the value of the entire sourcing initiative.
In the case of international sourcing, there is an additional risk of domestic perceptions of jobs being sent offshore. The foreign accent, general ignorance, or lack of background of different cultures and international exposure can be risks in a global service delivery model.
There are several opportunities of mitigating the risks associated in communication by the organization’s IT VMO. Develop a thorough change and a communication plan engaging both internal and external stakeholders, while documenting a Relationship Peer Group Diagram for roles between the vendor and the retained organization. This Peer Group diagram describes roles with clear terms of references and specific accountability, while defining an escalation hierarchy. For clarity of process and interaction between the vendor and organization, a Shared Operations Manual should be in place detailing processes for the general operation of the services delivered through the contract. Within this manual, it will contain reporting schedules and frequency, on boarding/off boarding personnel, and standard operational agendas. These plans and diagrams are to be based from the organization policies and culture, and ensuring the sourcing strategy is aligned with corporate strategy.
A successful set of mitigating approaches consist of identifying the proper stakeholders, conduct numerous town hall meetings, deliver a consistent message of the overall objective, benefits, and timing of the transition within the organization. During this phase, the organization must publishing timely Frequently Asked Questions and Answers to the relevant portion of the organization, while being as transparent as possible. In cases of international sourcing, there have been effective instances of creating a cultural exposition between the transforming organization and the new service provider to build a better life style and understanding of one another.
Communication Risks
ü Rumors Proliferation
ü International Perceptions
Communication Mitigations
ü Transparency
ü Updated Frequently Asked Questions
ü International Expositions
5 | P a g e
“If you think compliance is expensive, try non-compliance.”-Paul McNutty
“There is no more difficult transition from Sunday to Monday.”-Unknown
ü Town Hall Meetings
3.0 Contract Vendor Risk Management
Proper contract management and service provider compliance must be consistent with organizational policies and regulations. When managing the IT Contract Risks, an organization must consider the gain or loss of knowledge transfer transition from in-house to the sourced environment. The IT VMO acts as the point of co-coordination and governance over both the vendor and the organization to track the delivery of obligations detailed within the contract. When drafting the contract an Obligation Tracker should be created. This would primarily be focused on the one-off or quarterly/annual deliveries (E.G SOC report, Environmental report), and not the day to day service delivery aspect, but it would cover obligations for both the vendor and retained organization.
3.1 Compliance
There is always difficulty in navigating the complexity of regulations in transitioning from in-house services to outsourced services. If an organization accepts a sourcing service provider, with a lack of industry experience inregulations, there can be an unforeseen cost impact of not meeting requirements. An unskilled service provider can position the transforming organization in being non-conformant in the laws, rules, and regulations, resulting in significant financial and reputational costs.
The IT VMO needs to ensure the engagement for contracted services complies with country/regional laws and regulations affecting financial reporting, accounting, data protection, and software licensing. Involving the essential stakeholders, such as Legal, Human Resource, and Tax are often important to ensure compliance.
During the Sourcing phases of strategy development, service provider evaluation, selection, and contract negotiations, the service provider and organizational risk managers must identify the compliance and audit risks. These assurances are not only at the initiation phase, but during the entire life of the contract. Proper procedures must be defined and accounted, but be aligned with regulations such as SOX 404 Third Party Compliance. SOX Section 404 ensures Third Party Compliance procedures and processes are in place of controls and presentation of financial statements.
The IT VMO should assist with each of the Sourcing phases to ensure these compliance requirements are seamlessly integrated within the delivery model by the service provider and appropriately governed. The selected service provider corporate compliance must be clearly spelled out, and the transition organization must be prepared to conduct or facilitate the necessary regular or ad hoc audit cycles.
Compliance Risks
ü Nonconformance to Regulations
ü Financial Fines for Non-Compliance
Compliance Mitigations
ü Clearly Defining Compliance Regulations during the early Sourcing Phases
ü Conduct or Facilitate Audits of the Service Provider
3.2 Transition Risk
Identifying and selecting the appropriate Service provider is only half the battle in Sourcing Life Cycle. The transition from the incumbent service
6 | P a g e
provider to the new selected vendor must be seamless while minimizing disruptions. There should be a complete transition vision, with a fully transparent communication plan laid out to all stakeholders. At the end of transition phase and for clarity purposes, this when the Shared Operations Manual be created. This manual should detail the processes for general operations of services delivered through the contract, such as work order and on/off boarding of personnel.
The transition phase has the highest degree of margin of error and contains the most risk of potential service interruption. There is a risk of initial service degradation during transition, or possible misalignment of service provider solutions with its own capabilities.
One key step of transition is the facilitation of proper knowledge transfer. Risks associated to an ineffective knowledge transfer from incumbent service provider or client to the new service provider can be related tosteep learning curves, or the amount of knowledge to be transferred in a short period of time. “Knowledge stickiness” is an inherit risk and characteristic of a specialized, personal, and tacit knowledge, which are components that inhibit easy knowledge transfer. The potential causes of this stickiness are due to strained relationships, lack of motivation, lack of absorptive capacity, and actual extent of knowledge being understood.
There are also risks of an inadequate retained organization with duplicative skill sets, and not accounting forflight risk of transformation organization employees. The potential lack of availability of resources from the transforming organization will hinder the service provider in conducting face to face shadowing, and enhance the inability to share or gain access to incumbent service provider/transforming organization information.
Upon the transition from an incumbent service provider to a newly selected one, there is a risk of failure of the incumbent service provider to support or cooperate with a graceful transition to a new service provider. All these factors can lead to a delay of all parties to quickly accept operational responsibilities in the event of termination or reduction of incumbent services.
To assist in minimizing the impact of knowledge loss, the service provider and organization must clearly define roles and responsibilities of all stakeholders. There should be required increases in knowledge transfers sessions and ample shadowing. A clear set of Run Books documentation, with updates, should be available and aligned with the shadowing process. Within the sourcing contract, a detailed and proactive transition plan should be defined, with financial incentives for quality and meeting milestones. The overall goal for the transition phase is to move the transforming organization from an operational focus to a managed focus.
Transition Risks
ü Improper Knowledge Transfer
ü Displaced Employees Flight Risk
Transition Mitigations
ü Defined Retained Organization
ü Defined Transition Plan
ü Shadowing and Run Books
ü Shared Operations Manual
4.0 Financial Vendor Risk Management
Proper financial management entails the governance of the service provider’s financial footprint in the transforming organization through monitoring the Value Leakage at the Financial Transactional level. Value Leakage is monitoring the overall cost impact of the contract is seeking ensure the capture of saving opportunities.
7 | P a g e
“It is not the money that is important, but the people attached to it.”-
Unknown
4.1 Value Leakage
The main pillar in conducting the original sourcing initiative is the result of expected savings from in-house functions to outsourced functions. As the relationship with a sourced vendor matures from one stage to the next, the risk of the expected savings for the transformational organization canevaporate.
This evaporation is called “Value Leakage,” and is portrayed as both hard and soft metrics. Value Leakage can be the result of poorly defined statements of work, unmeasurable service levels, inaccurate collection of vendor pricing, incorrect baselines or financial base case, inaccurate benchmarking, and the use of specialized skills not on the rate card with a service provider’s tendency of resource upskilling. All these scenarios will directly impact the amount of expected savings identified during the sourcing strategy stage, and lead to the contract Value Leakage. Many recent international sourcing agreements expect resources to be offshore to drive the savings. There are risks where the supplier may inflate costs due to inefficient onshore/offshore resource availability mix.
The potential impact of an inaccurate statement of work or resource upskilling will lead to challenges in project scheduling and budget slippage, and higher costs of services due to change orders in post contract execution. These higher costs can eventually cause loss of goodwill and a negative financial impact to both the service provider and the transitional organization.
One of the baseline components in deriving the sourcing strategy is the original set of current spendingnumbers of the sourcing initiative, financial “Base Case.” The current spending in an organization must be data derived from the transforming organization to ensure the financial sourcing strategy is aligned with corporate strategy. This base case must be created during the early sourcing strategy phase, justifiable with realistic assumptions, and be challengeable with difference scenarios. There also must be consideration for adjusting baselines, such as commissioning and decommissioning of applications in application development service providers. During the sourcing selection phase, this base case will account for different vendor Request For Proposal,”RFP,” pricing to project a proper service provider cost comparison and leverage into opportunities of negotiation. This base case is the starting point in maintaining an accurate Value Leakage report.
Some risk mitigating approaches consist of capturing the components to implement a real-time Value Leakage report, while creating a clear Statements of Work to track the financial and performance health of the sourcing vendor relationship. Also, there should be significant effort to normalize rate cards amongst all the vendors in the transforming organization, which would allow oversight of the use of service provider’s tendency of upskilling resources or deviated roles from the rate card. There should also be business case justification for the commercial arrangement being supported by a milestone driven Benefit Realization plan. This plan should then be pro-actively reviewed throughout the agreed term, during which benefits should be realized and on-going to track any additional value over and above the original expectation. This would typically be led by an internal meeting of the retained organization and communicated to leadership.
Value Leakage Risks
ü Loss of Initial Savings Opportunities
ü Upskilling and Resources
ü Unmeasurable Service Level Agreements
Value Leakage Mitigations
ü Clear Financial Base Case
ü Monitoring Resource Mix
8 | P a g e
“Life is like Accounting, everything must be in balance.”-Unknown
ü Normalized Rate Cards
ü Benefits Realization Plan
4.2 Financial Transactional Risk
Once Service Providers are selected and integrated within the transformation organization, there is the organization’s responsibility to continuously monitor a service provider’s financial viability. There are risks of service provider’sfinancial “going concern”, or taking into account any potential lawsuits in the horizon. The transforming organization financial position within the service provider needs to be taken into consideration.
The transformational organization should be no less than 5% or greater than 15% of the service provider’s base yearly revenue. If revenues to the service provider are less than 5%, there is a risk of the transformational organization being insignificant to the service provider. If revenues are greater than 15% to the service provider, there is a risk of its financial health being dependent to the current relationship. Any disruptions to the transformational organization or service provider relationship would have a severe impact to the existence of the service provider.
Part of SOX Section 404 governance on the transformation entity’s financial statements, there is a requirement for proper accounting of purchase orders and validations of performance invoices. A transformational organization’s purchase order signifies proper budgeting has been assigned, and allows the service provider to initiate services. Services being performed without a purchase order can create legal and financial risks, as a purchase order serves as a legal bounding document. There are tendencies of service providers to work on projects before the contract is fully signed and/or the purchase order is issued. These tendencies can be due to pressure from the service provider, or even the organizational internal stakeholders to meet project deadlines.A potential pitfall in creating the Purchase Order is not defining clear and measurable project or performance metrics. Project managers tend to insert ambiguous “behavior” attributes as deliverables, without proper acceptance criteria. Prior to issuing a purchase order, a work order must be created. The combination of these two artifacts is jointly taken for execution and issuance to the vendor, as work and budget are continuously being defined.
Upon the transformation organization’s receipt of invoices, there must be processes in referring to the contract,and be cognizant of the Additional Resources Consumed (ARC) and Reduced Resources Consumed (RRC)calculations. Charges for additional resources (“ARC’s”) above the threshold are priced at rates to reflect the marginal cost of the additional production. Credits (“RRC’s”) granted for reduction in resources consumed or provided offer the enterprise customer some comfort, but the savings on credits tend not to be equivalent to the increased costs when paying for incremental resources in excess of the threshold1.
Once proper financial validation has been completed, a performance approval must be obtained. Without performance acceptance, there is a risk of payment for services not being performed up to the transformation organization’s standards. Some mitigating approaches to lessen delays in payment, is to better streamline the Purchase Order creation and Invoice approval process. Upon the receipt of the invoice, it should immediately be gain its approval by the project management to validate the satisfaction of services. In parallel, finance is to obtain approval of performance satisfaction and verify if the cumulative invoices do not exceed the original purchase order amount. Enterprises have a tendency of requiring a duplicative approval within finance to process the payment to Accounts Payable. This delay can result in the risk of late fees and possible performance disruption of services.
As the service provider and transitional organization relationship matures, there is a tendency to use Staff Augmentation/Time & Materials for projects in service delivery. The overuse of Staff Augmentations will lead
1 Outsourcing Law Global, LLC
9 | P a g e
“An ounce of performance is worth a pound of promises.”-Mae West
to runaway projects and costs, and difficulty in measuring the benefit of the services being provided. Staff Augmentation efforts should be moved to a defined project delivery to better account for progress of efforts and provide financial forecasting.
Financial Transactions Risks
ü Overuse of Staff Augmentation
ü Service Provider Financial Position
Financial Transactions Mitigations
ü Migration to Project Defined Delivery
ü Timely Issue of Purchase Orders
ü Monitor of Service Provider Footprint in the Organization
ü Performance Acceptance
ü Monitor Service Provider Financial Health
5.0 Performance Vendor Risk Management
Managing Service Providers performance service level agreements is essential in ensuring an organization is receiving true value from the relationship. These agreements must be aligned with the organizations corporate strategy, while taking account the impact to security during any changes in requirements.
5.1 Performance/Service Level Agreements
One of the key components of performance governance is to establish a fact-based reporting mechanism that goes beyond the tradition SLA agreement dashboards. A poor performance of a service provider in the transforming organization will result in a negative impact to its processes, systems, and will adversely affect the ongoing business operations. A Service Provider must ensure there are limited potential service disruptions, reduced level of risk of reputational hardship, diminishing potential of failure to perform, and the availability of a service credit.
A service credit regime should drive a value of penalty that is meaningful to the severity of the missed SLA, in order to encourage the correct behavior by the vendor to operate within the agreed service levels in the contract. However, the Service Credit Regime should not penalize a vendor in such a way it is a threat to the relationship. If a threat, the vendor could divert valuable resources from other aspects of the relationship in order to ensure service levels are met. This could result in a lack of innovation or other aspects of the contract being delivered late if they are not covered by SLA.
In the process of down selecting potential service providers, there must be consideration of the transformationorganization growth rate. A steep growth rate may lead to a service provider’s inability to adapt or use economies of scale in providing high level service performance. With a lack of defined performance measures, there is risk of the service provider running the transformation organization’s entire process without any proper governance.
Performance mitigating approaches can be conducted by monitoring service level agreement compliance while educating stakeholders of the scope of services. The scope of services should be clearly defined, consolidated,and not fragmented. The transforming organization must build a performance contract structure with service
10 | P a g e
“If they want what you got, don’t give it to them.”-Unknown
level agreements that are measurable, with reportable non-compliance. These service level agreements must be clear and defined SLAs, while being measurable and tracked for trend analysis.
Performance Risks
ü Negative Impact to Operations
ü Service Provider Inability to be Nimble
ü Fragmented Scope of Services.
Performance Risk Mitigations
ü Build Performance Contract Structure
ü Clear Defined Service Level Agreements
ü Define Performance Penalties
5.2 Security
Vendor security can relate to both information security and physical security. Service providers will maintain the transforming organization’s vital data in remote locations. Inadequate data privacy, physical security, and disaster recovery can all lead to a major disruption in services and brand management.
During the selection process, it must be validated that potential service providers has extensive set of experiences in complex environments, and their policies and procedures are aligned with the organization’s enterprise risk strategy. The transformational organization must build extensive audit rights for aspects of security services that the vendor is expected to provide as a part of in-scope services. The transforming organization and service provider works closely with security leads in building-specific security requirements of service delivery, while continuing to be engaging during work order changes.
Capturing these risk and mitigation strategies, using a fully defined Risk Register, should focus on potential unauthorized access to enterprise data, disclosure of data, service disruption, modification, and recording or destruction of information.
In managing risk, related to service delivery from remote and underdeveloped areas of the world, the service provider must have the same delivery maturity across the globe. This delivery maturity should contain mitigating risk strategies for geopolitical challenges, natural disasters, volatile infrastructure, and security of intellectual property. The transformational organization should remain continuously aware of the political landscape of countries relating to the service provider headquarters and location of services being performed.
A service provider may be responsible for much of the transformational organization’s enterprise data.Therefore, documentation and procedures surrounding access controls would be a necessity. During the sourcing vendor assessment phase, these documents are to be understood at the vendor site, while processes for disaster recovery and past trial runs must be reviewed. Within the Master Service Agreement, there must be verbiage about on/off boarding of personnel with viewable background checks. This includes a robust Operations Manual, and periodic review of the service provider employee’s access to sensitive information.
Security Risks
ü Information Security Risk
ü Physical Risk
ü Data Disclosure
11 | P a g e
Security Risk Mitigations
ü Enterprise Risk Management
ü Risk Register
6.0 Summary
As the upward trend line for new Sourcing initiatives continue, there are increased risks organizations must consider. The establishment of an IT Vendor Management Office helps with assessing and mitigates many of these risks, but only with the establishment of formal standard processes and procedures. These procedures must account and operate in areas of uncertainty that comes along with developing new relationships for sourced products or services. As the organizational IT VMO does mature, addressing risks will result in a greater value in engagements and create a mutually beneficial relationship.
About the Authors
Deepak is currently serving as a Director Level of Technology Vendor Management, for a global multinational risk management, and insurance brokerage in developing the VMO from a start up to a Managed Governance Services Steady State. Deepak has significant consulting experience in developing and managing approaches for strategic outsourcing and vendor relationship management. As Director, Deepak currently manages service level agreements to exceed standards, creates accountability with IT partners, and designs operational metrics and dashboards. He coordinates with each technology functional area of their sourcing requirements and expectations, and has significant interactions with all of the key leaders in the organization and key vendor executives. Deepak completed his undergraduate from University of Maryland in Accounting, and graduate education in Information Technology at The George Washington University. He was appointed by Governor Martin O’Malley to the Business Economic Development Commission, and is a Member of the Academy of Magical Arts.
Deepak Bansal, CPA, CISSPDirector of Vendor Relationship & Performance Management (U.S.)
Richard is currently serving as the Director of Vendor Relationship & Performance Management for a global risk management, insurance brokerage and developing the IT VMO to full steady state governance function. Richard has an IT carreer spanning 3 decades ranging from IT Operations and Infrastructure, IT Service Management, Procurement, and Supplier Performance Management, exercised predominantly in the UK with some exposure to North America.The day to day activities of Richard’s role sees him create strategic partnership with IT Vendor, their key stakeholders/consumers ensuring optimal value delivery from all aspects of the commercial agreements in place. Richard’s role within the IT VMO ensure the vendors are well governed, contracts and performance delivered as designed whilst assisting key stakeholders with further requirements definition for contract renewals, changes ro requirements to the support a tender process
Richard OliverDirector of Vendor Relationship & Performance Management (U.K.)
