need for action (gdpr risk mgmt) oct'16

Progressive IntelligencePartners in Achievement

USA • UK • INDIA

Private & Confidential

Independent Strategy & Operations Advisory3rd-Party Service Management ContractsManaging risks, mitigating exposure, and ensuring value delivery

Operations Risk ManagementResponding to General Data Protection Regulations (GDPR)

Need for Action

October 2016


www.piplinc.com

“An ably led, well defined, pragmatic, measured, and adequately

funded enterprise-wide Data Risk Management (DRM) program is not an executive prerogative; it is a tacit mandate from the shareholders for the very survival of a business in

today’s data-driven economy.”

GDPR compliance risks worrying you to distraction?

Recently introduced EU data protection regulations (GDPR) lay out

broad ranging sanctions in case of compliance failures. Articles 5, 32 and 83 are not just relevant for a

business, but also for its partners up and down the service delivery chain.

In all likelihood, inadvertent lapse or casualness in setting up adequate data protection provisions across your business poses high material risk of an adverse impact on its performance*.

* Financial consequences of non-compliance to data privacy regulations for some businesses have already been huge -"Between 2008 and 2012, the top ten banks globally lost close to $200 billion through litigation, compensation claims, and operational mishaps." (Nonfinancial risk: A growing challenge for the bank, McKinsey & Co, July 2016)


www.piplinc.com

2016 Data Breaches (US Only)


www.piplinc.com

Makings of a Perfect Storm - Confluence of Factors

Big Data

VolumeVelocity Variety

Veracity

Cloud

CompliancePrivatePublic

Mobility

TransportSourcesAccess

Management and operational complexity,

with gaps in delivery leading to risk creep

Several vendors working independently on different parts of a typical service

delivery chain

Risk

MonitorRespondStage

Prepare Plan

Cur

rent

Ubi

quito

us R

isk

Fact

ors

Adde

d C

ompl

exity

Ris

k Fa

ctor

s


www.piplinc.com

Mitigating Risk through Service Value Assurance

* The impact of sourcing trends on governance - Prof. dr. Erik Beulen, University of Tilburg, The Netherlands, Outsource Magazine, Jan 8, 2015

Must demarcate operational accountability and align liabilities for non-

compliance across the contracts.

Must put in place formal agreements for conflict resolution, proactively addressing risks through compliance monitoring and robust governance.

Private/HybridCloud Services

Must ensure balance between individual vendor performance and integrated solution delivery.

* Working across a matrix of contracts with unclear or misaligned mutual operating instructions creates disconnects and ambiguity, resulting in value erosion of investment


www.piplinc.com

Experience, Creativity, Practicality - Trusted Advice

Progressive Intelligence's Trusted Advisory Service Risk Management & Mitigation…

We offer a holistic approach to governance in multivendor scenarios, securing tangible incremental value.

We craft multitier T’s & C’s that are perfectly aligned to clients’ strategic objectives and business risk appetite.

We apply our extensive contract experience, domain expertise and know-how to identify opportunities.

We focus on performance, cost savings and risk reductionby converting legal T’s & C’s into operational mandates.

Unbiased - advice focuses solely on clients’ interests and well-being.

Cross-functional - approach addresses business, financial,

operational, legal & regulatory risks.

Insightful - quick audit identifies disconnects and establishes clear accountability across the full range

of service provision among vendors.

Value Preserving - “does no harm”; creates incremental value.

Great governance can manage a bad contract, but a great contract doesn’t guarantee success - you need good governance for that.

Don Flores, Partner - TPI


www.piplinc.com

The ChallengeManagement, control and coordination of service delivery in order to predictably achieve

strategic goals and minimize business risk.

Objectives

Unp

redi

ctab

le R

isks

Inte

grat

ed S

ervi

ce

Man

aged

Ris

ks

Stro

ng G

over

nanc

e

Outcomes

Value

Objectives


www.piplinc.com

Target Causal Factors

Strong Governance (aligned contracts)• Contracts legally sound but operationally weak• Contract drift - “gaps”, “overlaps”, “conflicts”, “changes”• Hub & spoke contracting model; SLAs unfit for purpose

Managed Risks (business, financial, operations, regulatory & legal)

• Incomplete risk scenarios and inadequate monitoring• Non-specific actions in response to risk events• Limited mitigation and reactive risk response

Integrated Service (multi-vendor seamless processes across Public/Pvt infrastructure)

• Helpless dependence on “big” vendors; sub-optimal utilization• Handicapped by vendors’ standard contracts• Lack of operational controls; unclear liabilities; termination limits

ProblemsDrifting contracts and expectations, evolving regulations, technology innovation, and proliferation of data - need clear operational accountability for business-as-usual and in handling exceptions.


www.piplinc.com

Target Likely Consequences of Inaction

Strong Governance (aligned contracts)

• Unpredictable personal/business liabilities• Risk rests with client• Unexpected costs• Unmet needs• Poor performance• Vendor acrimony


• Unquantified risk exposure• Uncapped liabilities• Hidden risk scenarios• Ad hoc risk response; unpredictable outcomes


• Hostage to fortune; vendors have client over a barrel• Acceptance of inadequate “norms”• Disconnected and inflexible contract terms• Insubstantial basis for litigation as an option• Excessive cumulative costs; sub-optimal value for money

ConcernsMust ensure security and data protection across a mix of public and private service

environments - need a tight integration of multi-party legal and operational obligations.


www.piplinc.com

Target Recommended Solutions

Strong Governance (aligned contracts)• Correct, complete & consistent legal and operational T’s & C’s• Standardized mechanisms and control of contract performance• Integrated contract governance model


• Comprehensive critical risks inventory• Structured risk event-mitigation-response framework• Executable, monitored and controlled risk management


• Revisiting and realigning expectations across contracts• Restructure and renegotiate T’s & C’s (as necessary)• Re-engage with vendors• Effective mapping of legal T’s & C’s into operational actions

ApproachVerify legal robustness is backed by effective operational controls and mechanisms -

each contract needs to be an integral part of a streamlined service delivery.


www.piplinc.com

Target Benefits of Remediation

Strong Governance (aligned contracts)

• Clear accountability and effective risk reduction• Cost optimization and realized savings• Address business requirements• Performance assurance


• Delineation of liabilities• Pre-emptive risk mitigation• Rapid risk response model• Limits on financial exposure• Regulatory and security compliance


• Service contracts aligned across varied vendors• Best-of-breed mix of disparate services and vendors• New vendors can be added seamlessly to the mix

OutcomesEveryone feels responsible but only designated people are accountable - need assured performance, minimum predictable risk and highest possible returns.


www.piplinc.com

Summary

Multivendor service contracts are complex to manage and mutual deliverables can get misaligned. If left unchecked,

diffused accountability introduces unpredictable risks, escalating costs, and non-performance.

Due diligence to ensure adequacy of the contract matrix, i.e., commercial flexibility, limits on risks and liabilities,

efficient operations management, and compliance to legal & regulatory constraints is a critical business imperative.

T‘s & C’s must be streamlined across the contract matrix and supported by operational controls and mechanisms

for effective execution and service delivery.

Ring-fenced “Cloud” provisions are operationally isolated from the other vendors, introducing

the risk of disconnects.

Contracts fragmented across multiple vendors without

“bridging” conditions, lead to poor performance and

increased exposure to risks & liabilities (business & personal).

The most in-elastic service component will define service, scale and spend elasticity; it may not justify the risk of a

heterogeneous environment.

vendor Client

vendor

Drift

DriftDrift


www.piplinc.com

Bottom-Line

Your in-house legal team and attorneys can do a great job managing your legal and contractual terms & conditions with 3rd-party providers

HOWEVER …

Business risk lies in the disconnects which creep over time and across multiple suppliers between the legal terms and operations implementation, of which both your

legal and operations team are largely unaware__________________________________________

Progressive Intelligence has 25+ years of business operations and trusted advisory experience, which uniquely qualifies us in risk management through

Service Value Assurance.


www.piplinc.com

Pinpointing Your Business Risks…

1. Are your service contracts aligned to support your business strategy?

2. Could your service contract be legally sound but operationally weak?

3. Do your service contracts quantify business goals and identify legal and operational risks for their potential impact, along with adequate mitigation mechanisms?

4. Do your service contracts underpin operational characteristics such as service levels which actually support your business (as opposed to ticking boxes).

5. How much flexibility do you have in realigning your service contracts to changes in your business drivers or in the regulatory regime?

6. Have you become increasingly dependent on your vendors to the point where you cannot walk away?

7. What is the impact of a breakdown in your relationship with your vendors? Can your business afford the potential impact of litigation?

8. Do your vendors assure you optimal value for money? Is it on measured performance criteria?

9. Have your vendors executed to the letter of the contract but yet, fallen short of “common sense” expectations and your goals?

10. “To renew or not to renew” - is continuing with a current vendor and contract a risk to business? Is this an acceptable risk from commercial, operational, and legal perspectives?

Do your contracts need an overdue “Health-Check”?


www.piplinc.com

Where do we provide value?

• Progressive intelligence complements the skills of your legal services provider to address both legal, as well as operational, aspects of 3rd-party service contracts

• We are asked by clients to provide independent advice in the following areas:

1. Contract design

2. Contract audit

3. Contract re-design

4. Dispute avoidance and resolution

5. Operational audit and alignment

6. Operational governance

7. Program investment Decision and Governance


www.piplinc.com

Selected Credentials: Management Consulting & Executive Search

Context: £500M global partnership; £15M systems & operations costs; global VPN & Data Centre infrastructure provision; system integrationChallenge: Service disconnects (gaps, duplication, conflicts, failure); excessive cost; risk ofregulatory non-compliance Solution:

• prime contract accountability for end-to-end service delivery• responsibility for aligning service interfaces to local systems• 24x7 access to global application platform with failovers• management of consolidated and streamlined global data repository for regulatory compliance

Result:• instated joint governance to manage performance and optimize contractual spend• “infrastructure as a service” (IaaS) contract for elasticity in services, scale, and cost• streamlined multi-vendor legal and operational T’s & C’s• vendor compliance to data governance policies• $2.3M savings


www.piplinc.com

Context: £17B global partnership; £75M network & infrastructure costs; global VPN & Data Centreinfrastructure provisionChallenge: High fixed costs, custom architecture, sub-optimal asset utilizationSolution:

• network provision on a pay-per-use (variable) basis• global points-of-presence aligned to business needs• committed throughput for business applications• fully managed data centre hosting and delivery services

Result:• instated joint governance to manage performance and optimize contractual spend• “communications as a service” (CaaS) contract for elasticity in services, scale, and cost• data centre contract as a combination of services, and virtual and physical hardware assets• operations and performance monitoring mechanisms• KPI for capacity allocation and utilization• $9M savings

Selected Credentials: Global Audit, Tax and Advisory Services


www.piplinc.com

Context: £17B global partnership; “Business Insights” practice areaChallenge: Bespoke data analytics & business intelligence platform on a hybrid public/private cloud-based infrastructure provision with managed services; selection and systems integration of a mix of open-source and proprietary software components; total cost of ownership modelSolution:

• stakeholder obligations for cross-functional business requirements• project services for software development and integration• re-alignment of existing managed hosting outsource contract• Additional 3rd-party cloud-based services

Result:• selection of data analytics & business intelligence platform• governed enterprise solution (data, information, knowledge)• infrastructure costs lowered by 40% (relative to a fully managed data center provision)• competitive 3-year total cost of ownership for a turn-key solution



www.piplinc.com

Context: £4.3B global start-up; systems integration; £1B 10-yr outsource contract for managing provisioning, billing and customer care processesChallenge: complex bespoke process flows; 000’M daily CDRs; real-time provisioning & billing;24x7 customer care; operational interfaces to > 120 fixed-line telcos around the globe; cross-border data privacy; multi-jurisdictional legal interceptsSolution:

• standardize master services agreement for operations support• custom SOWs for integration and data exchange with telcos’• preserve ITU agreements for access (ingress/egress), interconnect and legal intercept• platform (provisioning, billing, customer care, and fraud detection) and infrastructure as a service

Result:• business operations set-up as an independent profit centre• real-time SLAs for wholesale billing operations• pragmatic constraints and obligations for state-of-the-art fraud detection• simplified and clear delineation of liabilities

Selected Credentials: Global Mobile Satellite Telecom Services


www.piplinc.com

Context: 5-year, $600M ITO/BPO services contractChallenge: Compliance, verification and validation audit to gather irrefutable forensic evidence of persistent failure by the vendor in delivering to the contract; while maintaining business-as-usualSolution:

• mediate the dispute with the help of an independent 3rd-party audit committee• identify significant disconnects in mutual expectations and material failures• standardized master services agreement for support• specific statements of work focused at measurably achieving each objective

Result:• simplified and clearly delineated key client/vendor responsibilities• instated joint governance to manage performance against a set of shared KPI’s• avoided disruptive litigation• reduced ongoing costs by 10% ($12M)

Selected Credentials: Global Travel and Leisure Services


www.piplinc.com

Context: £5B Regional P&L Centre (Europe)Challenge: Governance framework for service support of a $500M SAP-based CRM/ERP system, aligning national business units on processes, data, infrastructure, and operations with a center-led knowledge management functionSolution:

• service lines and SLAs for a SAP Centre of Excellence• critical operational components, e.g., process integration across service delivery organization and its

strategic suppliersResult:

• end-to-end service levels supported by back-to-back OLAs along service delivery chain• resource cost reduction of 30%



www.piplinc.com

Progressive Intelligence

• Progressive Intelligence is a strategy and operations consultancy for executive and management boards with 3 core practice areas covering:

• Independent Advisory

• Program Governance

• Leadership Development

• We are 18 partners across US and Europe with soild expertise in business operations, telecoms, IT, and knowledge and information (Big-Data/BI) management

• Each partner has a minimum of 25 years of experience and significant past tenures in C-level roles

• We offer a range of operations and IT transformation services addressing strategy, consolidation, sourcing, risk management, planning and implementation

Perspicuity and deep domain knowledge of technical issues;

able to roll-up sleeves and deep-dive into project activities.

Shipowners’ Protection Ltd.

Very wide and deep understanding of business

concepts; enthusiasm matched by knowledge - greatest strength is an ability to impart knowledge

to others on the team.

TUI Travels, plc.


www.piplinc.com

Advisors’ Biography

Dr. Sanjeev B. AhujaManaging Partner+44 7785 336 497

[email protected]

Sanjeev is the Managing Director of Progressive Intelligence, abusiness strategy and operations consultancy with offices in the US,UK and India. He launched its trusted Advisory practice in 2004, toassist investors and management boards of his clients to addressbusiness transformation challenges.

Over the last 25+ years, Sanjeev has worked and invested acrossdiverse industry sectors. He serves on the Boards of hi-tech start-ups and takes on CxO roles to lead large-scale business andoperational transformation programs. Sanjeev also conductsoperations due diligence on behalf of VC and PE firms, assessingthe risk and upside of acquiring under-performing businesses. He isexperienced at post-merger consolidation and roadmaps to re-vectora business and its value proposition.

He has vast experience and know-how in the telecom sector, havingpreviously served as CIO and VP Operations for a $4.3B mobilesatellite communications firm.

“Progressive Intelligence is a management consultancy for SME

and large-sized firms. They are adept at identifying the critical business issues - commercially astute and pragmatic, providing timely and

specific advice that is both objective and constructive.”

KPMG International


www.piplinc.com

Advisors’ Biography

Grant A. RossSenior Partner

+1 303 885 [email protected]

“Progressive Intelligence’s expertise with early stage and mid-sized

companies, in leadership roles, brings 20+ years of successful business

growth contribution, along with working-knowledge of risk mitigation, effective operational processes, and

the ability to enable a company to realize the value of change.”

THIS TECHNOLOGY, Inc.

Grant is the Senior Partner and Program Governance ConsultancyHead for Progressive Intelligence and manages its US office. Hedelivers value through a focused and measurable approach, treatingprojects as corporate investments. Portfolio management,stakeholder communications, and change management are his forte.

Grant has extensive experience working across telecommunications,software/high-tech, professional services, recruitment, healthcare,and hospitality sectors, as well as for the US Federal government.

As VP of Professional Services at This Technology, Inc., Grantdefined and led international and domestic sales support activities -scoping, pricing, proposal participation, meetings, contracting, etc.The processes and procedures implemented by Grant resulted in a$6M growth of services revenues & 60% - 65% margin contribution.


To Contact Us

need for action (gdpr risk mgmt) oct'16

Data & Analytics