Dear CEO - Mitigating IT Outsourcing...
Transcript of Dear CEO - Mitigating IT Outsourcing...
Alexander Brown – Technology Partner, Simmons & Simmons Ray Bricknell – Managing Director, Behind Every Cloud
Dear CEO - Mitigating IT Outsourcing Risk Choosing an Institutional Quality IT Vendor
• Context : IT Outsourcing within “Dear CEO” concerns • Is it “in Scope”? • Impact of growing trend toward “Cloud” • Operational IT Risk Mitigation – Local and Endemic
• What does a rigorous IT Vendor Selection Process look like?
• IT Vendor Selection Criteria
• Areas for Improvement: • Endemic Market Risk Mitigation – Cloud Vendor input? • Cloud Vendor selection: A better way?
• Panel Discussion – (Please hold questions until this session)
“What constitutes an Institutional Quality IT Vendor?”
Dear CEO - Choosing an Institutional Quality IT Vendor
• Concern driver: endemic risk through financial interdependence
• But – reading with IT Outsourcing and especially Cloud in mind
Surely Outsourced IT is a critical activity in the support of regulated activities?
Is IT Outsourcing “In Scope” for FCA “Dear CEO” Concerns?
• IT Outsourcing Operational Risk: Local versus Endemic
Local e.g. Infrastructure Platform Event i.e. Single Vendor, Single Fund
Endemic e.g. Major Vendor Liquidation or BCP Event i.e. Single Event affects Multiple Funds - and even Wider Markets
With CLOUD (vs. On Premise or Co-Lo/Mgd Service on own kit) these two risk exposures begin to grow and merge
• UK Asset Management IT Outsourcing Market: Small number of providers; Shared risks (e.g. E14 Flood)
Hundreds of funds: Shared Vendor exposure; Shared BCP exposure
So… BEC View: If it isn’t already in scope – it should be!!
Partially mitigated by thorough and ongoing Due Diligence
Is IT Outsourcing “In Scope” for FCA “Dear CEO” Concerns?
The typical IT Vendor Selection process:
• Internet
• Word of Mouth
• Expos &
• Conferences
• Events
• Webex’s
• Free trials
• Experience
• Provider Meetings
• CTO Discussions
• Technology Reviews
• Demo’s
• Follow-up Meetings
• 1000 .ppt slides
• Business Case
• Business Requirements
• RFI Development
• RFI’s Out / In / Review
• Data Capture
• RFP Creation
• Solutioning Workshops
• Reference Site Visits
• RFP Out / In / Review
• Solution Presentations
• Contract Negotiations
• Final Vendor Selection
The Good (hopefully)
The Bad
The Downright Ugly!
0
2
4
6
0
2
4
6
0
2
4
6
Formal RFI/RFP Identify
Vendors High-Level Assessmen
t
Highly prone to “Garbage In- Garbage Out”
Far too little “Open Market Feedback”
The Two Stage Formal RFI & RFP Process:
RFI/RFP Scope
Agreed - Approval to
Proceed
Identify Wide Range of Potential
Vendors
Desk Based Analysis of Vendors / Offerings
Select “Long List” Target
10 12 Vendors
Execute Non –Disclosure Agreements
Issue RFI
Multi-Vendor Briefing
Presentation and Open
Q&A
Develop RFI Content 1
Closed 1:1 Vendor Q&A
Sessions
Expect Approx. 2 “No-Bids”
Review Formal RFI Responses
Select Short List Target 4 to 6 Vendors
Release RFP to Short List
Vendor Q & A Cycle
Review RFP Submissions
Review Product
Collateral
Review Public
Domain Collateral
Review Indicative
Cost Models
Develop RFP Content
Develop RFP Response Template
Agree Selection
Criteria and Weightings
Develop Capture and Collection
System 1
2
RFI & RFP Process (cont.)
Client Side Q&A Cycle
Select “Internal Short List” for Presentations
and Due Diligence
Vendor Presentatio
ns (4-6)
Review, Analyse,
Score and Report
Reduce “Internal
Short List” to 2-3
Vendors
Legal Terms and
Conditions HL Review
Financial Due Diligence
Site Visits * 3 per Vendor (DC’s and
NOC)
Conduct Security
Audit
Conduct Technical
Due Diligence
Develop “Like-For-Like” Cost
Models
3
Commercial Negotiations
Contractual Negotiations
Review, Analyse, Score
and Report
Now 2 “Preferred Vendors”
High Level Design
Finalisation
Announce Final
Successful Vendor
Decision
3
Average Timeframe and Internal/Consultancy Cost: 4 – 6 Months £100k – £150k
IT and Cloud Outsourcing Vendor Selection Criteria e.g.:
Selection Criteria (for panel discussion later) • Regulation and Compliance • Clients Profile Breakdown incl.
• By Size • By Revenue
• Client References - ALL • Financial Viability
• Revenue and Profitability Profile • Business Model • Ownership
• Independent Accreditations • Contractuals i.e. T&C's • Flexibility and Scalability • Topology (Local / Global) • Sector Alignment • Risk Profile • Technical
• Teams (Support/Migration/Management) • Platform Components • “Onion Layers” • Vendor Relationships • “Active-Active” => “Always On” • Application Layer Support
Pre- Requisites • Assessment of Key Risks and
Issues • Internal Requirements Definition • Internal Cost Model (“Like for Like”)
• Strategy • Incl. Technical; Incl. Tactical • Incl. Timing and Resourcing
• Business Case Approval
Areas for Future Focus and Improvement
• Endemic Market Risk Mitigation • Cloud Vendor input to potential solutions? • Whole of Market Cloud Vendor Dependency Data
• Cloud Vendor selection: A better way?
• The Clovertm Cloud Vendor Rating Engine
Dear CEO - Choosing an Institutional Quality IT Vendor
Customer Confidential
Requirements Gathering & Service Catalogue
IT Strategy & Business Case
Multiple RFI’s & RFP’s
The CLOVER™ Cloud Vendor Rating
Engine
Constant Immersion in the Cloud Ecosystem Buying Cycle
50+ Suppliers Analysed (and counting…)
Data Ratified Bi-Annually
3 * Recommended:
- The Good - The Good - The Good
Client Specific Inputs
Detailed Client Output
Regular Vendor
Self- Updates
via Portal
“Qualified Leads”
Vendor Feedback
External Financial
s &
Media
Existing Asset Management Customer Feedback
+
-
Interactive Panel Discussion:
“What constitutes an Institutional Quality IT Vendor?”
Your Panellists:
Ian Bowell – CTO – Prologue Capital
Alex Brown, Technology Partner - Simmons and Simmons
Mark Fowle – CEO and co-Founder – Attenda
Jon Gasparini – Financial Services CTO – Fujitsu
Alex Parker – CTO – Commensus
Roy Wood – Sales and Marketing Director – Advanced 365
Chair:
Ray Bricknell – MD – Behind Every Cloud
Dear CEO - Choosing an Institutional Quality IT Vendor
Thank you for your time, please join us for coffee outside.
Contacts for any follow up questions:
Alex Brown, Technology Partner - Simmons and Simmons
Ray Bricknell – MD – Behind Every Cloud
Dear CEO - Choosing an Institutional Quality IT Vendor