Bloomberg Corporate Profile - SIG - Sourcing...

1

Bloomberg Corporate Profile

Bloomberg, the global business and financial information and news leader, gives influential decision makers a critical edge by connecting them to a dynamic network of information, people and ideas. The company’s strength – delivering data, news and analytics through innovative technology, quickly, and accurately – is the core of the Bloomberg Professional® service.

15,500+ employees

325,000

Subscribers Globally

192 locations around the world

5,000 new stories daily

Global circulation in 150 countries 980,000

150 bureaus in 73 countries

Real-time financial information

2

Bloombergs Source to Pay Transformation

This Project was about … Which is enabling us to …

Deliver Additional Value §  Eliminate non-value added

activities §  Become more proactive and

strategic §  Drive more value from supply

base

Resulting in …

A Sustainable Cost to Serve

§  Cost competitive; center of excellence

§  Focus on operational effectiveness

§  Automation of low value add service activities

§  Service levels aligned to business unit needs

Speed of Execution §  Ease of Use §  Better transparency §  Align to stakeholder and

Bloomberg business objectives

§  Provide operational agility to internal stakeholders

Support Future Growth §  Create more flexible and

scalable processes §  Prevent excessive workforce

and cost growth §  Maintain competitive service

levels in the future

Elevating Service Capabilities

through: §  Reviewing current work

processes to understand the current state

§  Identifying opportunities to close AP & Procurement service gaps

§  Understanding if there are any controls or compliance risks

§  Defining and prioritizing efficiency and effectiveness opportunities

§  Optimizing technology §  Performing spend analysis

and category profile of top commodities

§  Determine ideal organization design

§  Develop high level business case

§  Building transformation roadmap

Improve the Stakeholder experience

§  Convenient self-service §  Transparency and reporting §  Flexible processes aligned to

business needs; ease of use

Shifting from tactical reactive organization to proactive strategic partner

3

l  Category Management / Stakeholder Management —  Development of Category Plans —  Savings Validation Meetings —  Increase Management of Addressable

Spend —  Creating an eSourcing Program —  Supplier Relationship Management

(SRM) program

l  Purchasing Operations —  PO Processing / Buying Channel

Optimization —  P-Card Program —  Catalogs —  SAP Project, eRFX —  ARIBA

l  Spot Buying l  Catalogs l  eInvoicing

The S2P Transformation involved many projects …

l  Global Standards Project l  Procurement Policy and Procedures l  Spend Reporting/Analytics l  Auto Material Creation l  Technology Enhancements/Roadmap l  Reducing small $ invoices l  Payment Optimization l  Sustainability l  Organization Redesign l  Travel and Expense

—  Concur —  Travel Policy —  Corporate Card Program —  Receipts Management —  Expense Policy

l  Contract / Records Retention Policy

What about Third Party/Vendor Risk??

4

§  Financial Viability Assessment

§  Litigation Background Check

§  Security review (Infosec & DR/BCP)

Developing a Vendor Risk Management Program

In 2014, Procurement began efforts to establish a Vendor Risk Management (VRM) program for the selection, management and oversight of third party vendors to identify, measure and mitigate risks associated with vendor provided products and services. The framework will initially focus on business critical and high risk supplier engagements and consist of the following key activities: §  Assess business criticality and risk associated with vendor engagements §  Conduct vendor due diligence for business critical and/or high risk engagements §  Ensure contract compliance §  Conduct ongoing vendor oversight and monitoring §  Renew or terminate a vendor relationship

VENDOR ENGAGEMENT LIFECYCLE

§  Business impact, criticality & risk assessment: product / service impact to BLP

§  Use appropriate templates

§  Consult Legal §  Vendor on-

boarding procedures

Business Requirements,

Supplier Sourcing and

Selection

§  Business case §  Execute NDA §  RFx processes §  Supplier due

diligence and selection

§  OFAC compliance

§  Contract expiry management

§  Vendor extension/ off-boarding procedures

Engagement Level Risk / Criticality

Assessment

Contract Management &

Vendor Transition

Vendor Performance Monitoring

Termination or Renewal Due

Diligence

§  Manage and report on vendor engagement compliance and risk

§  SLA management

Vendor Level Risk

Assessment (High risk

engagements)

5

In our approach, we have to ensure we don’t ‘boil the ocean’ – we need to focus on business critical/high risk vendor engagements first

Focus on where we think the risks are and develop “right sized” approach and processes to mitigate •  Risk ranked vendor product/services categories

to quickly identify business critical/high risk engagements

•  e.g. Office Supplies=low risk, Business Application Software=high risk

•  Segmented/risk assessed current active vendors using Accounts Payable data feed

•  Using the category risk classifications we were able to quickly filter down vendors for the business to risk assess - resulting in ~500 suppliers with business critical/high risk engagements

Impact

Risk

Business Critical

High

High

High

Low

X Low

6

100%

While we need to support the business, we cannot impede the business

SUB-CATEGORY

•  If engagement aligns to low or moderate risk category, end-user can proceed to contract

•  Estimate ~65% vendor engagements eliminated from further VRM processing

2

To ensure we don’t negatively impact quality time-to-market for any Bloomberg products and services, we have applied a rule-based approach when establishing our risk models to allow for efficient processing and quick turnaround times while still maintaining an effective risk assessment process

New Vendor Engagement (or renewal with material change to scope/type of work, goods, or services)

1 3

ENGAGEMENT IMPACT ASSESSMENT

•  End-user needs to complete a series of 8-24 simple yes/no questions to assess business criticality and engagement risk (e.g. access to client data)

•  Estimate ~85% of remaining vendor engagements further eliminated from additional VRM processing

VENDOR RISK ASSESSMENT

•  Conduct vendor risk assessments for high risk engagements only

•  The vendor risk assessment is time-boxed to once year only

•  The vendor level risk assessment includes a financial viability assessment and a litigation background check

•  Business head has final approval authority for vendor engagement

•  ‘Office Supplies’ is a low risk category, the end-user can proceed to contract

EXAMPLES 1. Facilities establishes a new

contract with Staples for office supplies

•  End-user completes questionnaire & engagement assessed moderate risk - end user can proceed to contract

•  Vendor not risk assessed in last 12 months, VRM team conducts FVA and litigation background check

•  ‘IT Contingent Labor’ is a high risk category, the end-user need to complete a questionnaire

2. R&D engages new vendor for professional services

3. HR engages an existing

vendor for new employee benefits program

•  End-user completes the questionnaire and engagement assessed high risk

•  ‘Benefits Administration’ is a risk category, the end-user needs to complete a questionnaire

~35% ~15%

Steps 1 & 2 have been developed as a terminal function VRMA<GO> to allow end-user to quickly and easily enter questionnaire and have engagement risk ranked

7

Vendor Risk Key Considerations

1. Information / Physical Security

§  Confidential / sensitive client or employee data §  Level of access to Bloomberg facilities §  Hosting data/applications outside Bloomberg environment/firewall §  Access to Bloomberg IP

2. Business Continuity §  Outage impact to business §  Revenue and/or cost impact to Bloomberg

3. Operational / Financial §  Historical financial performance and credit rating of the vendor §  Revenue concentration

4. Regulatory / Legal

§  Regulatory compliance requirements & history §  Bribery or corruption §  Personal health information (PHI) risk §  Co-employment risk §  Tax and trade compliance

5. Geographic

§  Govt./Political stability §  Natural disaster risk §  Country economic/ financial instability §  Crime/corruption rate §  IP protection/legislation

6. Reputational §  Influenced by all other risk areas

Identified six risk categories and criteria allowing us to define and interpret vendor risk in a uniform and consistent manner across the enterprise.

Vendor Risk Management Assessment (VRMA) Categories

8

Sourcing & Selection

Due Diligence On-board Manage

& Monitor Exit/

Renew

Where does Bloomberg’s VRMA fit within the Vendor Engagement Life Cycle?

NDA Contract Management MA SOW

Bloomberg’s VRMA

Engagement Business Impact & Risk Assessment •  Physical Access •  Critical Services/Technology •  Personal/Confidential

Information •  Systems Access •  Interaction with Government

Officials •  Activities subject to specific

laws and regulations •  Nature of customer interaction •  Subcontractor Usage •  Geographic Locations •  Cloud Services

Vendor Engagement Life Cycle

Business Criticality & Risk Ranking

Tier 1: HIGH

Tier 2: MODERATE

Tier 3: LOW

9

End User Performs Survey: Vendor engagement questions

Mandatory questions for either net new engagements or material changes to existing engagements in high risk sub-categories

For this engagement, will this vendor be subject to regulatory or compliance requirements based on the product or service provided in this engagement?

Will vendor personnel have regular physical access to Bloomberg facilities?

Where will this product/service be provided? (by country)

For this engagement, will the vendor engage in activities that will have direct contact with Bloomberg ’s customers, such as phone calls, personal interaction, etc.?

For this engagement, will the vendor utilize Bloomberg's name as it relates to the product or service provided?

For this engagement, will the vendor provide or execute critical processes /technology to / for Bloomberg(i.e., incur material profit loss or Bloomberg/Business Unit potential shutdown)?

For this engagement, will the vendor have access to or handle employee/customer personal information (SSN, PHI, etc.) or Bloomberg confidential data, Intellectual Property data?

If Yes

If Yes

1 2

43

5

7 8

With regards to the services / products the vendor provides to the firm, does the vendor use subcontractors?

6

►  Does this engagement provide critical processes/ technologies to

more than one primary Bloomberg Business Unit?

►  Provide the number of end users (e.g. Clients / Employees) who

will potentially consume or receive products or services from this

engagement?

►  Are there competing vendors in the marketplace for the product or

service that can handle the current scope and scale?

►  What's the minimum amount of time it will take to EITHER

transition to another vendor to deliver the needed product/service

OR develop internal capability to deliver the needed product/

service?

►  Will the previously mentioned data cross country borders in this

product or service?

►  What is the volume of Personal Information (PI) / Confidential

Information handled by this engagement?

►  How will data be sent, provided, or accessed by this vendor?

►  For this engagement, will the vendor have access to the

Bloomberg systems?

►  Will this engagement store / host data or applications outside of

Bloomberg’s firewall?

►  Will any such application be Internet-facing?

►  Will the vendor develop/build any applications or products

containing Bloomberg Intellectual Property?

10



& Monitor Exit/

Renew

Supporting Organizations are engaged for high-risk engagements to perform due dilligence


Bloomberg’s VRMA







Tier 1: HIGH

Tier 2: MODERATE

Tier 3: LOW

Risk Assessment Leverage Bloomberg’s Terminal functions to provide forward looking insights into risks by scanning and assessing a wide variety of vendor risk related data and predictive analytics •  Financial Viability Assessment •  Litigation Review •  Information Security Review •  Penetration Test Assessment •  DR/BCP Review •  Vendor Concentration Analysis

(revenue /geography) •  Reputational Risk

11



& Monitor Exit/

Renew

Risks are Assessed, Mitigated and Tracked on a Risk Register


Bloomberg’s VRMA







Tier 1: HIGH

Tier 2: MODERATE

Tier 3: LOW

Risk Register Track identified risks on risk register and work with business to: •  Assess impact across

the enterprise •  Identify mitigating

actions and controls •  Evaluate and sign-off

on residual risk

Risk Assessment Leverage Bloomberg’s Terminal functions to provide forward looking insights into risks by scanning and assessing a wide variety of vendor risk related data and predictive analytics •  Financial Viability Assessment •  Litigation Review •  Information Security Review •  Penetration Test Assessment •  DR/BCP Review •  Vendor Concentration Analysis

(revenue /geography) •  Reputational Risk

12

How do we monitor suppliers

on an on-going basis?

And how do we automate it?

13

We want to ‘monitor’ and be ‘alerted’ to many categories of events that increase vendor risk

14

We own the leading tools needed to monitor Companies using ‘investment grade’ data along with a platform and predictive analytics

VRMA

DRSK

RELS

SPLC

NEWS/BSVC

BMAP

DRSK Financial Viability assessments RELS Corporate Relationships SPLC Supply Chain analytics, 4th party revenue CL BLAW litigation reports NEWS News alerts & Social Media Velocity BMAP Dynamic geographical supplier analysis

•  ‘One Stop Shopping’ - eliminates need for multiple vendor feeds by harnessing a broad range of supplier data, assessment capabilities, and analytics

•  Push technology of forward-looking, quantitative estimates of supplier default probabilities

•  Proper identification of active suppliers through rationalization of supply base with unique Bloomberg IDs

•  Comprehensive view of supplier relationships and parent/child lineage

•  Defines tiered supplier and customer relationships and revenue concentration

•  Eliminates manual, prescriptive activities leading to proactive management of supplier risk

Bloomberg’s VRM integrated solution Bloomberg Terminal enables:

CL

15

Category Managers and the Vendor Risk Team use a Real-time Supplier Monitor – Fully customizable with ability to sort & filter on any column

New Company News # bars reflect new news

volume

Major News

Corporate Actions This icon is triggered by new

corporate actions

Social Velocity This icon is triggered by an

unusually high # of social media postings on a company

Credit Ratings Agencies An icon will appear in

second column if there is a ratings change for this

company

Financial Viability Assessments (FVA) pass/fail criteria are based of Default Credit Risk Probabilities – this is easily customizable by client based on risk tolerance thresholds Altman Z-

Score

News and Twitter sentiment

Private Company

Company Legal Name

Parent Company

Ultimate Parent Company

Environment, Social, Governance score

Day Sales Outstanding

We color code suppliers that are borderline FVA pass (customizable to client requirements)

By clicking on ticker name and using tabs on top right, client

has the ability to drill down into detailed Company Profile

information, Financials, Legal and Supply Chain Analytics

(see subsequent slides)

All News Event alerts/icons (listed below) are clickable for

details

16

Company Profile with additional drill down capabilities, from people profiles and subsidiaries, to company news

ESG Tab (Environment, Social, Governance)

Related Securities Tab (People, Subsidiaries, Affiliates)

Ownership Tab Company News Tab

Social Media Tab

17

Financials (customizable) – Default Credit Risk, multi-year Financial Statements, Credit Ratings & Altman Z-Score

Financials Tab Credit Rating Agencies Tab

Altman Z-Score Tab

Tabs for additional drill down

capabilities

18

Legal Profile with ability to search dockets and related legal news

Altman Z-Score Tab

Insight to the total number of federal court cases involving the company Breakdown of cases by case type and time period Direct access to the docket sheets and underlying filings

19

Supply Chain Analytics, identifying a companies suppliers, clients and peers

Thermo Fisher Scientific Vendors (chart view) with associated revenue/COGS concentration

Thermo Fisher Scientific Clients with associated revenue concentration

Thermo Fisher Scientific Vendors (table view) sorted by revenue concentration high to low

All suppliers are clickable to easily

identify 4th party relationships

All clients are clickable to easily identify their SPLC relationships

Thermo Fisher Scientific Peers

20

Supply Chain Level News

21

BLOOMBERG MAP – supplier geographic footprint with the ability to assess impact of natural disasters

Hurricane Sandy

Mapping capability identifies business critical and high risk vendors by geography, based on location products/services are delivered from. Additional capabilities include (1) filters by product/services category (2) ability to overlay natural disasters (currently available), Geo/Political risks and Pandemics (planned development)

Site Satellite Image

22

THANK YOU

Chris Berger (646)324-3301 [email protected]

Bloomberg Corporate Profile - SIG - Sourcing...

Documents

Transcript of Bloomberg Corporate Profile - SIG - Sourcing...