Vendor Management Risk Mitigation · Sun Life Supplier Risk Management Framework The supplier risk...
Transcript of Vendor Management Risk Mitigation · Sun Life Supplier Risk Management Framework The supplier risk...
The Importance of Having a Formalized
Methodology
Vendor Management Risk
Mitigation:
Sun Life Financial
Laura WilliamsAVP, Procurement
Opus
Sam MeleVice President Sales
sig.org/summit
Case Study: Supplier Management
and Risk Mitigation
Laura WilliamsAVP, Procurement
Sam MeleVice President Sales
Today’s Speakers
About Hiperos 3PM
• The leading SaaS platform for managing third parties
• Purpose-built to minimize third party risk and maximize their value
• Manages third parties and third party relationships
• Accelerates / automates / enforces third party…
• Onboarding
• Risk Segmentation / Scoring
• Due Diligence
• Risk / Performance Monitoring
• Protects against reputational harm, regulatory exposure and revenue loss
• Reduces the cost of third party management
4
Financial Industry Challenges
• Low Margins from continued lower interest rates
• Increased cyber threat• Data Breaches• Ransomware• Malware etc.
• Increased Regulatory Costs• MRA, Board Resolution, Consent Orders, Fines, Censures etc.
• Increased competition from non traditional players• Startups, Fintechs, other established players
• Blurred lines between Vendors, Third Parties, Clients
• Prudent Risk Management practices across all risk domains
How do we manage risk and continue to create value?
6
Click to edit Master title style
SUN LIFE FINANCIAL IN 2016SUN LIFE FINANCIAL
A $32 billion(1) leading, international financial services provider… operating through a
balanced and diversified model… focused on creating shareholder value now and in the future
(1) Market capitalization (C$), as of December 31, 2016
Discussion Outline
7
• Drivers of Supplier Risk
• Key Challenges
• Supplier Risk & Performance Management Program
• Supplier Management Best Practices
• Leveraging Technology
• Lessons Learned
Drivers of Supplier Risk
8
• Change in use of technology
• Increased engagement of suppliers for non-traditional services/outsourcing
• Increase in threats to protection of data stored in technology or used by a supplier
• Increased and changing regulatory requirements
• Expectation of Clients / Customers
• Expectation of the Board and Enterprise Risk Committees
Supplier Risk Defined
Risk Description
The risk of financial loss, operations disruption and / or reputation harm as a result of inadequate performance or failure of suppliers.
Supplier risk is a composite of various operational risk elements including privacy, legal/regulatory, business continuity, information security, data/records management, IT currency and reputation.
External Drivers• Suppliers face similar technology threats (e.g. cyber security) that Sun Life does • Regulators (OCC, CFPB) have increased their focus and extended ‘bulletins’ to all third
parties • Sun Life customers are extending their focus beyond Sun Life controls to our controls over
our suppliers
Internal Drivers• Nature of supplier relationships is changing / more complex with increased technological
inter-dependence• Sun Life expects its suppliers to have adequate standards and controls, similar to its own to
address external factors / threats• Inconsistent supplier engagement and management practices / unclear supplier relationship
management responsibilities
Challenges
10
• Organizational size and geographies
• Dispersed ownership of supplier risk – Corporate/Operational Risk, Business, Individual SRMs, Legal, Privacy, Information Security, Enterprise Business Continuity, Strategic Sourcing
• Defining the Supplier Risk Landscape – what is in and out of scope
• Understanding who has access to what – both internally and externally
Sun Life Supplier Risk Management FrameworkThe supplier risk management framework for suppliers and outsourcers includes several inter-related elements including supplier lifecycle guidelines, policies and standards, organization roles and responsibilities, tools and templates. The framework embeds practices throughout the supplier lifecycle targeted to identify and reduce risk.
Establishes standards
and consistency in
supplier governance
process throughout the
supplier lifecycle;
defines relationships to
other control processes
Consistent practices
for supplier assessment,
engagement and
ongoing management
and monitoring
Supporting Infrastructure(People, Process, Tools)
Sourcing
methodology
and tools
Procurement /
Buying
guidelines
Supplier
Lifecycle
GuidelinesConsistent practices
for all supplier
sourcing and
procurement activityCommon tools ,
processes &
technology (e.g., P2P,
Contract
management, supplier
information
management, PIA)
Supplier Risk
Assessment
Supplier
Segmentation
Supplier
Relationship
Management
Report / Tools /
Scorecards
SLF Supplier Risk & Performance
Management Framework
Enterprise
supplier and
procurement
standards &
EOG
Outsourcing
Policy & EOG
SLF Roles &
Responsibilities
SLF Supplier Risk & Performance Management Program
12
• Program conception in 2014 with an goal to develop a framework to identify and manage supplier relationships throughout their lifecycle
• Objectives
• Define and assess supplier risk in a consistent, sustainable manner
• Incorporate current and emerging regulatory requirements
• Identify and incorporate existing practices (and Policies) – both those that work well and need improvement
• Identify roles and responsibilities throughout the organization
• Build a realistic implementation and transition plan
• Develop policy, standards and guidelines (tools, templates)
• Communicate and Educate
SRPM Implementation and Transition PlanningSun Life relies on suppliers to support our business process. The SRPM Standard and EOG provides a risk based approach to consistently assess and manage suppliers with supporting tools and infrastructure.
• Supplier spend reviewed
• Ownership and SRMs confirmed
• Contracts filed and risk assessed
• Missing contract identified
• Supplier tier established
• Right-size management applied
• Contracts missing identified
• Risk-based gap analysis/reporting
2014
2015
2016
Risk-Based Analysis
Supplier Tiering
Supplier Management Guidance
Sustained Supplier Risk
& Performance Management Activities
• Risks identified, assessed &
mitigated
• Owners identified
• Suppliers managed
• Grow program support
• Reportable, defensible Supplier
information
Understand Supply Base
Setting the Stage for Framework Execution Phase I – Scope and Assess Risk Consistently
1. Define Roles & Responsibilities
2. Find the Right Stakeholders
Accountable Executive
Day to Day Supplier Manager
Procurement & Sourcing Services
SMEs
3. Set a manageable scope & focus measurement on the right subset
4. Allow for ad hoc inclusion
Review with SLF R&C, BUCO
Stakeholder Workshops
5. Prioritize & capture early wins Total Supplier Base Kick Off Review HighRisk/Outsourcing
Tier 1 &2
Initial SLFSupplier List
18,000+
Sort by Top 80%
Spend
BusinessAssess
Risk ProfileStart with Suppliers
that have the greatest impact
on Business
Focus on Areas of Greatest ImpactKey Principles
Setting the scope and aligning with current SLF Canada Supplier Management practices in partnership
• Segmenting the supply base will focus the resources
• Supplier performance management plans including scorecarding, SLA tracking, etc.
• Formalize SLF and Supplier operational and strategic meetings
15
Framework Execution: Phase II – Supplier Segmentation Phase III – Full Supplier Risk & Performance ManagementBased on the results from the first phase, SLF will have a focused approach to supplier management with suppliers.
ILLUSTRATIVE
SUPPLIER TIERING PROCESS
Supplier Value vs. Resource Effort
Val
ue Resource Effort
Supplier Value
Time vs. Supplier Risks
Sup
plie
r R
isks
Time
Supplier and resource value is maximized through the application of consistent supplier management tools and processes.
Supplier Risk Management Best Practices
16
• Know your universe – what is the starting point and focus on areas of greatest impact
• Define the Risk – both the risk drivers and the risk impact, what is considered a high risk supplier and why
• Consistency in assessment and terminology is Key – critical, material, not-material, key, important, significant….
• Find the WIIFM for the business and make it easy to do business with you – from resource capacity to risk mitigation
• Have a plan and spell it out with clear roles and accountabilities
• Integrate with processes that already work – don’t try to fix what isn’t broken as a starting point
• Build upon processes that work well and continuously improve
Leveraging Technology
17
• Technology will be your hero
• Consistency in data capture means consistency in reporting
• Technology as ‘evidence’ – both direct and indirect, directly embed in technology and the technology itself is a form of evidence
• Phased and integrated approach to technology – it does not have to launch with full functionality all at once and can integrate with existing platforms
• Regulators love technology
Supplier Life Cycle and Technology
Lesson Learned
19
• Find your supporters early and consider a pilot
• Make it easy to comply
• Leverage existing risk committees and subject matter experts
• Tap into existing controls and technology processes
• Establish and document realistic and measureable targets
• Cast a wide net - talk to industry experts, colleagues and consultants
• Report often and don’t get discouraged
Wrap-up
• Third party management/Supplier Risk Management is about good business practices enforcing good business results.
• The only constant is change – flexibility is key to success
• This is bigger than just your suppliers or vendors. (Define your universe)
• Automation enables you to drive consistency, execution and auditability across the entire portfolio
• Third party management is about transforming data into actionable intelligence
• Information from technology provides continuous oversight through a closed loop process
• Effective third party management is not an “option” – it is a must –driven straight from the Board
20
Thank you
Laura Williams Sun Life Financial AVP, Procurement [email protected]
Sam MeleVice President Sales [email protected]
Evaluation How-to:
Your feedback drives
SIG Event content
By signing and
submitting your
evaluation, you are
automatically entered
into a prize drawing
Why?
Option 1: App
1. Select Schedule2. Select Schedule by Day3. Select Day4. Select Session5. Scroll to Description 6. Click on the Evaluation link
Option 2: Browser
1. Go to www.sig.org/eval2. Select Session (#03)
How?
COMPLETE &SUBMIT EVAL
Tweet: #SIGspring17
Session #3
Vendor Management Risk Mitigation: The Importance of
Having a Formalized Methodology
www.sig.org/eval
Download the App: bit.ly/SIGAmelia
Laura Williams
Sun Life Financial
AVP, Procurement [email protected]
Sam Mele
Vice President Sales
Opus