Bloomberg Corporate Profile - SIG - Sourcing...
-
Upload
nguyendang -
Category
Documents
-
view
232 -
download
6
Transcript of Bloomberg Corporate Profile - SIG - Sourcing...
1
Bloomberg Corporate Profile
Bloomberg, the global business and financial information and news leader, gives influential decision makers a critical edge by connecting them to a dynamic network of information, people and ideas. The company’s strength – delivering data, news and analytics through innovative technology, quickly, and accurately – is the core of the Bloomberg Professional® service.
15,500+ employees
325,000
Subscribers Globally
192 locations around the world
5,000 new stories daily
Global circulation in 150 countries 980,000
150 bureaus in 73 countries
Real-time financial information
2
Bloombergs Source to Pay Transformation
This Project was about … Which is enabling us to …
Deliver Additional Value § Eliminate non-value added
activities § Become more proactive and
strategic § Drive more value from supply
base
Resulting in …
A Sustainable Cost to Serve
§ Cost competitive; center of excellence
§ Focus on operational effectiveness
§ Automation of low value add service activities
§ Service levels aligned to business unit needs
Speed of Execution § Ease of Use § Better transparency § Align to stakeholder and
Bloomberg business objectives
§ Provide operational agility to internal stakeholders
Support Future Growth § Create more flexible and
scalable processes § Prevent excessive workforce
and cost growth § Maintain competitive service
levels in the future
Elevating Service Capabilities
through: § Reviewing current work
processes to understand the current state
§ Identifying opportunities to close AP & Procurement service gaps
§ Understanding if there are any controls or compliance risks
§ Defining and prioritizing efficiency and effectiveness opportunities
§ Optimizing technology § Performing spend analysis
and category profile of top commodities
§ Determine ideal organization design
§ Develop high level business case
§ Building transformation roadmap
Improve the Stakeholder experience
§ Convenient self-service § Transparency and reporting § Flexible processes aligned to
business needs; ease of use
Shifting from tactical reactive organization to proactive strategic partner
3
l Category Management / Stakeholder Management — Development of Category Plans — Savings Validation Meetings — Increase Management of Addressable
Spend — Creating an eSourcing Program — Supplier Relationship Management
(SRM) program
l Purchasing Operations — PO Processing / Buying Channel
Optimization — P-Card Program — Catalogs — SAP Project, eRFX — ARIBA
l Spot Buying l Catalogs l eInvoicing
The S2P Transformation involved many projects …
l Global Standards Project l Procurement Policy and Procedures l Spend Reporting/Analytics l Auto Material Creation l Technology Enhancements/Roadmap l Reducing small $ invoices l Payment Optimization l Sustainability l Organization Redesign l Travel and Expense
— Concur — Travel Policy — Corporate Card Program — Receipts Management — Expense Policy
l Contract / Records Retention Policy
What about Third Party/Vendor Risk??
4
§ Financial Viability Assessment
§ Litigation Background Check
§ Security review (Infosec & DR/BCP)
Developing a Vendor Risk Management Program
In 2014, Procurement began efforts to establish a Vendor Risk Management (VRM) program for the selection, management and oversight of third party vendors to identify, measure and mitigate risks associated with vendor provided products and services. The framework will initially focus on business critical and high risk supplier engagements and consist of the following key activities: § Assess business criticality and risk associated with vendor engagements § Conduct vendor due diligence for business critical and/or high risk engagements § Ensure contract compliance § Conduct ongoing vendor oversight and monitoring § Renew or terminate a vendor relationship
VENDOR ENGAGEMENT LIFECYCLE
§ Business impact, criticality & risk assessment: product / service impact to BLP
§ Use appropriate templates
§ Consult Legal § Vendor on-
boarding procedures
Business Requirements,
Supplier Sourcing and
Selection
§ Business case § Execute NDA § RFx processes § Supplier due
diligence and selection
§ OFAC compliance
§ Contract expiry management
§ Vendor extension/ off-boarding procedures
Engagement Level Risk / Criticality
Assessment
Contract Management &
Vendor Transition
Vendor Performance Monitoring
Termination or Renewal Due
Diligence
§ Manage and report on vendor engagement compliance and risk
§ SLA management
Vendor Level Risk
Assessment (High risk
engagements)
5
In our approach, we have to ensure we don’t ‘boil the ocean’ – we need to focus on business critical/high risk vendor engagements first
Focus on where we think the risks are and develop “right sized” approach and processes to mitigate • Risk ranked vendor product/services categories
to quickly identify business critical/high risk engagements
• e.g. Office Supplies=low risk, Business Application Software=high risk
• Segmented/risk assessed current active vendors using Accounts Payable data feed
• Using the category risk classifications we were able to quickly filter down vendors for the business to risk assess - resulting in ~500 suppliers with business critical/high risk engagements
Impact
Risk
Business Critical
High
High
High
Low
X Low
6
100%
While we need to support the business, we cannot impede the business
SUB-CATEGORY
• If engagement aligns to low or moderate risk category, end-user can proceed to contract
• Estimate ~65% vendor engagements eliminated from further VRM processing
2
To ensure we don’t negatively impact quality time-to-market for any Bloomberg products and services, we have applied a rule-based approach when establishing our risk models to allow for efficient processing and quick turnaround times while still maintaining an effective risk assessment process
New Vendor Engagement (or renewal with material change to scope/type of work, goods, or services)
1 3
ENGAGEMENT IMPACT ASSESSMENT
• End-user needs to complete a series of 8-24 simple yes/no questions to assess business criticality and engagement risk (e.g. access to client data)
• Estimate ~85% of remaining vendor engagements further eliminated from additional VRM processing
VENDOR RISK ASSESSMENT
• Conduct vendor risk assessments for high risk engagements only
• The vendor risk assessment is time-boxed to once year only
• The vendor level risk assessment includes a financial viability assessment and a litigation background check
• Business head has final approval authority for vendor engagement
• ‘Office Supplies’ is a low risk category, the end-user can proceed to contract
EXAMPLES 1. Facilities establishes a new
contract with Staples for office supplies
• End-user completes questionnaire & engagement assessed moderate risk - end user can proceed to contract
• Vendor not risk assessed in last 12 months, VRM team conducts FVA and litigation background check
• ‘IT Contingent Labor’ is a high risk category, the end-user need to complete a questionnaire
2. R&D engages new vendor for professional services
3. HR engages an existing
vendor for new employee benefits program
• End-user completes the questionnaire and engagement assessed high risk
• ‘Benefits Administration’ is a risk category, the end-user needs to complete a questionnaire
~35% ~15%
Steps 1 & 2 have been developed as a terminal function VRMA<GO> to allow end-user to quickly and easily enter questionnaire and have engagement risk ranked
7
Vendor Risk Key Considerations
1. Information / Physical Security
§ Confidential / sensitive client or employee data § Level of access to Bloomberg facilities § Hosting data/applications outside Bloomberg environment/firewall § Access to Bloomberg IP
2. Business Continuity § Outage impact to business § Revenue and/or cost impact to Bloomberg
3. Operational / Financial § Historical financial performance and credit rating of the vendor § Revenue concentration
4. Regulatory / Legal
§ Regulatory compliance requirements & history § Bribery or corruption § Personal health information (PHI) risk § Co-employment risk § Tax and trade compliance
5. Geographic
§ Govt./Political stability § Natural disaster risk § Country economic/ financial instability § Crime/corruption rate § IP protection/legislation
6. Reputational § Influenced by all other risk areas
Identified six risk categories and criteria allowing us to define and interpret vendor risk in a uniform and consistent manner across the enterprise.
Vendor Risk Management Assessment (VRMA) Categories
8
Sourcing & Selection
Due Diligence On-board Manage
& Monitor Exit/
Renew
Where does Bloomberg’s VRMA fit within the Vendor Engagement Life Cycle?
NDA Contract Management MA SOW
Bloomberg’s VRMA
Engagement Business Impact & Risk Assessment • Physical Access • Critical Services/Technology • Personal/Confidential
Information • Systems Access • Interaction with Government
Officials • Activities subject to specific
laws and regulations • Nature of customer interaction • Subcontractor Usage • Geographic Locations • Cloud Services
Vendor Engagement Life Cycle
Business Criticality & Risk Ranking
Tier 1: HIGH
Tier 2: MODERATE
Tier 3: LOW
9
End User Performs Survey: Vendor engagement questions
Mandatory questions for either net new engagements or material changes to existing engagements in high risk sub-categories
For this engagement, will this vendor be subject to regulatory or compliance requirements based on the product or service provided in this engagement?
Will vendor personnel have regular physical access to Bloomberg facilities?
Where will this product/service be provided? (by country)
For this engagement, will the vendor engage in activities that will have direct contact with Bloomberg ’s customers, such as phone calls, personal interaction, etc.?
For this engagement, will the vendor utilize Bloomberg's name as it relates to the product or service provided?
For this engagement, will the vendor provide or execute critical processes /technology to / for Bloomberg(i.e., incur material profit loss or Bloomberg/Business Unit potential shutdown)?
For this engagement, will the vendor have access to or handle employee/customer personal information (SSN, PHI, etc.) or Bloomberg confidential data, Intellectual Property data?
If Yes
If Yes
1 2
43
5
7 8
With regards to the services / products the vendor provides to the firm, does the vendor use subcontractors?
6
► Does this engagement provide critical processes/ technologies to
more than one primary Bloomberg Business Unit?
► Provide the number of end users (e.g. Clients / Employees) who
will potentially consume or receive products or services from this
engagement?
► Are there competing vendors in the marketplace for the product or
service that can handle the current scope and scale?
► What's the minimum amount of time it will take to EITHER
transition to another vendor to deliver the needed product/service
OR develop internal capability to deliver the needed product/
service?
► Will the previously mentioned data cross country borders in this
product or service?
► What is the volume of Personal Information (PI) / Confidential
Information handled by this engagement?
► How will data be sent, provided, or accessed by this vendor?
► For this engagement, will the vendor have access to the
Bloomberg systems?
► Will this engagement store / host data or applications outside of
Bloomberg’s firewall?
► Will any such application be Internet-facing?
► Will the vendor develop/build any applications or products
containing Bloomberg Intellectual Property?
10
Sourcing & Selection
Due Diligence On-board Manage
& Monitor Exit/
Renew
Supporting Organizations are engaged for high-risk engagements to perform due dilligence
NDA Contract Management MA SOW
Bloomberg’s VRMA
Engagement Business Impact & Risk Assessment • Physical Access • Critical Services/Technology • Personal/Confidential
Information • Systems Access • Interaction with Government
Officials • Activities subject to specific
laws and regulations • Nature of customer interaction • Subcontractor Usage • Geographic Locations • Cloud Services
Vendor Engagement Life Cycle
Business Criticality & Risk Ranking
Tier 1: HIGH
Tier 2: MODERATE
Tier 3: LOW
Risk Assessment Leverage Bloomberg’s Terminal functions to provide forward looking insights into risks by scanning and assessing a wide variety of vendor risk related data and predictive analytics • Financial Viability Assessment • Litigation Review • Information Security Review • Penetration Test Assessment • DR/BCP Review • Vendor Concentration Analysis
(revenue /geography) • Reputational Risk
11
Sourcing & Selection
Due Diligence On-board Manage
& Monitor Exit/
Renew
Risks are Assessed, Mitigated and Tracked on a Risk Register
NDA Contract Management MA SOW
Bloomberg’s VRMA
Engagement Business Impact & Risk Assessment • Physical Access • Critical Services/Technology • Personal/Confidential
Information • Systems Access • Interaction with Government
Officials • Activities subject to specific
laws and regulations • Nature of customer interaction • Subcontractor Usage • Geographic Locations • Cloud Services
Vendor Engagement Life Cycle
Business Criticality & Risk Ranking
Tier 1: HIGH
Tier 2: MODERATE
Tier 3: LOW
Risk Register Track identified risks on risk register and work with business to: • Assess impact across
the enterprise • Identify mitigating
actions and controls • Evaluate and sign-off
on residual risk
Risk Assessment Leverage Bloomberg’s Terminal functions to provide forward looking insights into risks by scanning and assessing a wide variety of vendor risk related data and predictive analytics • Financial Viability Assessment • Litigation Review • Information Security Review • Penetration Test Assessment • DR/BCP Review • Vendor Concentration Analysis
(revenue /geography) • Reputational Risk
14
We own the leading tools needed to monitor Companies using ‘investment grade’ data along with a platform and predictive analytics
VRMA
DRSK
RELS
SPLC
NEWS/BSVC
BMAP
DRSK Financial Viability assessments RELS Corporate Relationships SPLC Supply Chain analytics, 4th party revenue CL BLAW litigation reports NEWS News alerts & Social Media Velocity BMAP Dynamic geographical supplier analysis
• ‘One Stop Shopping’ - eliminates need for multiple vendor feeds by harnessing a broad range of supplier data, assessment capabilities, and analytics
• Push technology of forward-looking, quantitative estimates of supplier default probabilities
• Proper identification of active suppliers through rationalization of supply base with unique Bloomberg IDs
• Comprehensive view of supplier relationships and parent/child lineage
• Defines tiered supplier and customer relationships and revenue concentration
• Eliminates manual, prescriptive activities leading to proactive management of supplier risk
Bloomberg’s VRM integrated solution Bloomberg Terminal enables:
CL
15
Category Managers and the Vendor Risk Team use a Real-time Supplier Monitor – Fully customizable with ability to sort & filter on any column
New Company News # bars reflect new news
volume
Major News
Corporate Actions This icon is triggered by new
corporate actions
Social Velocity This icon is triggered by an
unusually high # of social media postings on a company
Credit Ratings Agencies An icon will appear in
second column if there is a ratings change for this
company
Financial Viability Assessments (FVA) pass/fail criteria are based of Default Credit Risk Probabilities – this is easily customizable by client based on risk tolerance thresholds Altman Z-
Score
News and Twitter sentiment
Private Company
Company Legal Name
Parent Company
Ultimate Parent Company
Environment, Social, Governance score
Day Sales Outstanding
We color code suppliers that are borderline FVA pass (customizable to client requirements)
By clicking on ticker name and using tabs on top right, client
has the ability to drill down into detailed Company Profile
information, Financials, Legal and Supply Chain Analytics
(see subsequent slides)
All News Event alerts/icons (listed below) are clickable for
details
16
Company Profile with additional drill down capabilities, from people profiles and subsidiaries, to company news
ESG Tab (Environment, Social, Governance)
Related Securities Tab (People, Subsidiaries, Affiliates)
Ownership Tab Company News Tab
Social Media Tab
17
Financials (customizable) – Default Credit Risk, multi-year Financial Statements, Credit Ratings & Altman Z-Score
Financials Tab Credit Rating Agencies Tab
Altman Z-Score Tab
Tabs for additional drill down
capabilities
18
Legal Profile with ability to search dockets and related legal news
Altman Z-Score Tab
Insight to the total number of federal court cases involving the company Breakdown of cases by case type and time period Direct access to the docket sheets and underlying filings
19
Supply Chain Analytics, identifying a companies suppliers, clients and peers
Thermo Fisher Scientific Vendors (chart view) with associated revenue/COGS concentration
Thermo Fisher Scientific Clients with associated revenue concentration
Thermo Fisher Scientific Vendors (table view) sorted by revenue concentration high to low
All suppliers are clickable to easily
identify 4th party relationships
All clients are clickable to easily identify their SPLC relationships
Thermo Fisher Scientific Peers
21
BLOOMBERG MAP – supplier geographic footprint with the ability to assess impact of natural disasters
Hurricane Sandy
Mapping capability identifies business critical and high risk vendors by geography, based on location products/services are delivered from. Additional capabilities include (1) filters by product/services category (2) ability to overlay natural disasters (currently available), Geo/Political risks and Pandemics (planned development)
Site Satellite Image