need for action (gdpr risk mgmt) oct'16
TRANSCRIPT
Progressive IntelligencePartners in Achievement
USA • UK • INDIA
Private & Confidential
Independent Strategy & Operations Advisory3rd-Party Service Management ContractsManaging risks, mitigating exposure, and ensuring value delivery
Operations Risk ManagementResponding to General Data Protection Regulations (GDPR)
Need for Action
October 2016
Private & Confidential
www.piplinc.com
“An ably led, well defined, pragmatic, measured, and adequately
funded enterprise-wide Data Risk Management (DRM) program is not an executive prerogative; it is a tacit mandate from the shareholders for the very survival of a business in
today’s data-driven economy.”
GDPR compliance risks worrying you to distraction?
Recently introduced EU data protection regulations (GDPR) lay out
broad ranging sanctions in case of compliance failures. Articles 5, 32 and 83 are not just relevant for a
business, but also for its partners up and down the service delivery chain.
In all likelihood, inadvertent lapse or casualness in setting up adequate data protection provisions across your business poses high material risk of an adverse impact on its performance*.
* Financial consequences of non-compliance to data privacy regulations for some businesses have already been huge -"Between 2008 and 2012, the top ten banks globally lost close to $200 billion through litigation, compensation claims, and operational mishaps." (Nonfinancial risk: A growing challenge for the bank, McKinsey & Co, July 2016)
Private & Confidential
www.piplinc.com
Makings of a Perfect Storm - Confluence of Factors
Big Data
VolumeVelocity Variety
Veracity
Cloud
CompliancePrivatePublic
Mobility
TransportSourcesAccess
Management and operational complexity,
with gaps in delivery leading to risk creep
Several vendors working independently on different parts of a typical service
delivery chain
Risk
MonitorRespondStage
Prepare Plan
Cur
rent
Ubi
quito
us R
isk
Fact
ors
Adde
d C
ompl
exity
Ris
k Fa
ctor
s
Private & Confidential
www.piplinc.com
Mitigating Risk through Service Value Assurance
* The impact of sourcing trends on governance - Prof. dr. Erik Beulen, University of Tilburg, The Netherlands, Outsource Magazine, Jan 8, 2015
Must demarcate operational accountability and align liabilities for non-
compliance across the contracts.
Must put in place formal agreements for conflict resolution, proactively addressing risks through compliance monitoring and robust governance.
Private/HybridCloud Services
Must ensure balance between individual vendor performance and integrated solution delivery.
* Working across a matrix of contracts with unclear or misaligned mutual operating instructions creates disconnects and ambiguity, resulting in value erosion of investment
Private & Confidential
www.piplinc.com
Experience, Creativity, Practicality - Trusted Advice
Progressive Intelligence's Trusted Advisory Service Risk Management & Mitigation…
We offer a holistic approach to governance in multivendor scenarios, securing tangible incremental value.
We craft multitier T’s & C’s that are perfectly aligned to clients’ strategic objectives and business risk appetite.
We apply our extensive contract experience, domain expertise and know-how to identify opportunities.
We focus on performance, cost savings and risk reductionby converting legal T’s & C’s into operational mandates.
Unbiased - advice focuses solely on clients’ interests and well-being.
Cross-functional - approach addresses business, financial,
operational, legal & regulatory risks.
Insightful - quick audit identifies disconnects and establishes clear accountability across the full range
of service provision among vendors.
Value Preserving - “does no harm”; creates incremental value.
Great governance can manage a bad contract, but a great contract doesn’t guarantee success - you need good governance for that.
Don Flores, Partner - TPI
Private & Confidential
www.piplinc.com
The ChallengeManagement, control and coordination of service delivery in order to predictably achieve
strategic goals and minimize business risk.
Objectives
Unp
redi
ctab
le R
isks
Inte
grat
ed S
ervi
ce
Man
aged
Ris
ks
Stro
ng G
over
nanc
e
Outcomes
Value
Objectives
Private & Confidential
www.piplinc.com
Target Causal Factors
Strong Governance (aligned contracts)• Contracts legally sound but operationally weak• Contract drift - “gaps”, “overlaps”, “conflicts”, “changes”• Hub & spoke contracting model; SLAs unfit for purpose
Managed Risks (business, financial, operations, regulatory & legal)
• Incomplete risk scenarios and inadequate monitoring• Non-specific actions in response to risk events• Limited mitigation and reactive risk response
Integrated Service (multi-vendor seamless processes across Public/Pvt infrastructure)
• Helpless dependence on “big” vendors; sub-optimal utilization• Handicapped by vendors’ standard contracts• Lack of operational controls; unclear liabilities; termination limits
ProblemsDrifting contracts and expectations, evolving regulations, technology innovation, and proliferation of data - need clear operational accountability for business-as-usual and in handling exceptions.
Private & Confidential
www.piplinc.com
Target Likely Consequences of Inaction
Strong Governance (aligned contracts)
• Unpredictable personal/business liabilities• Risk rests with client• Unexpected costs• Unmet needs• Poor performance• Vendor acrimony
Managed Risks (business, financial, operations, regulatory & legal)
• Unquantified risk exposure• Uncapped liabilities• Hidden risk scenarios• Ad hoc risk response; unpredictable outcomes
Integrated Service (multi-vendor seamless processes across Public/Pvt infrastructure)
• Hostage to fortune; vendors have client over a barrel• Acceptance of inadequate “norms”• Disconnected and inflexible contract terms• Insubstantial basis for litigation as an option• Excessive cumulative costs; sub-optimal value for money
ConcernsMust ensure security and data protection across a mix of public and private service
environments - need a tight integration of multi-party legal and operational obligations.
Private & Confidential
www.piplinc.com
Target Recommended Solutions
Strong Governance (aligned contracts)• Correct, complete & consistent legal and operational T’s & C’s• Standardized mechanisms and control of contract performance• Integrated contract governance model
Managed Risks (business, financial, operations, regulatory & legal)
• Comprehensive critical risks inventory• Structured risk event-mitigation-response framework• Executable, monitored and controlled risk management
Integrated Service (multi-vendor seamless processes across Public/Pvt infrastructure)
• Revisiting and realigning expectations across contracts• Restructure and renegotiate T’s & C’s (as necessary)• Re-engage with vendors• Effective mapping of legal T’s & C’s into operational actions
ApproachVerify legal robustness is backed by effective operational controls and mechanisms -
each contract needs to be an integral part of a streamlined service delivery.
Private & Confidential
www.piplinc.com
Target Benefits of Remediation
Strong Governance (aligned contracts)
• Clear accountability and effective risk reduction• Cost optimization and realized savings• Address business requirements• Performance assurance
Managed Risks (business, financial, operations, regulatory & legal)
• Delineation of liabilities• Pre-emptive risk mitigation• Rapid risk response model• Limits on financial exposure• Regulatory and security compliance
Integrated Service (multi-vendor seamless processes across Public/Pvt infrastructure)
• Service contracts aligned across varied vendors• Best-of-breed mix of disparate services and vendors• New vendors can be added seamlessly to the mix
OutcomesEveryone feels responsible but only designated people are accountable - need assured performance, minimum predictable risk and highest possible returns.
Private & Confidential
www.piplinc.com
Summary
Multivendor service contracts are complex to manage and mutual deliverables can get misaligned. If left unchecked,
diffused accountability introduces unpredictable risks, escalating costs, and non-performance.
Due diligence to ensure adequacy of the contract matrix, i.e., commercial flexibility, limits on risks and liabilities,
efficient operations management, and compliance to legal & regulatory constraints is a critical business imperative.
T‘s & C’s must be streamlined across the contract matrix and supported by operational controls and mechanisms
for effective execution and service delivery.
Ring-fenced “Cloud” provisions are operationally isolated from the other vendors, introducing
the risk of disconnects.
Contracts fragmented across multiple vendors without
“bridging” conditions, lead to poor performance and
increased exposure to risks & liabilities (business & personal).
The most in-elastic service component will define service, scale and spend elasticity; it may not justify the risk of a
heterogeneous environment.
vendor Client
vendor
Drift
DriftDrift
Private & Confidential
www.piplinc.com
Bottom-Line
Your in-house legal team and attorneys can do a great job managing your legal and contractual terms & conditions with 3rd-party providers
HOWEVER …
Business risk lies in the disconnects which creep over time and across multiple suppliers between the legal terms and operations implementation, of which both your
legal and operations team are largely unaware__________________________________________
Progressive Intelligence has 25+ years of business operations and trusted advisory experience, which uniquely qualifies us in risk management through
Service Value Assurance.
Private & Confidential
www.piplinc.com
Pinpointing Your Business Risks…
1. Are your service contracts aligned to support your business strategy?
2. Could your service contract be legally sound but operationally weak?
3. Do your service contracts quantify business goals and identify legal and operational risks for their potential impact, along with adequate mitigation mechanisms?
4. Do your service contracts underpin operational characteristics such as service levels which actually support your business (as opposed to ticking boxes).
5. How much flexibility do you have in realigning your service contracts to changes in your business drivers or in the regulatory regime?
6. Have you become increasingly dependent on your vendors to the point where you cannot walk away?
7. What is the impact of a breakdown in your relationship with your vendors? Can your business afford the potential impact of litigation?
8. Do your vendors assure you optimal value for money? Is it on measured performance criteria?
9. Have your vendors executed to the letter of the contract but yet, fallen short of “common sense” expectations and your goals?
10. “To renew or not to renew” - is continuing with a current vendor and contract a risk to business? Is this an acceptable risk from commercial, operational, and legal perspectives?
Do your contracts need an overdue “Health-Check”?
Private & Confidential
www.piplinc.com
Where do we provide value?
• Progressive intelligence complements the skills of your legal services provider to address both legal, as well as operational, aspects of 3rd-party service contracts
• We are asked by clients to provide independent advice in the following areas:
1. Contract design
2. Contract audit
3. Contract re-design
4. Dispute avoidance and resolution
5. Operational audit and alignment
6. Operational governance
7. Program investment Decision and Governance
Private & Confidential
www.piplinc.com
Selected Credentials: Management Consulting & Executive Search
Context: £500M global partnership; £15M systems & operations costs; global VPN & Data Centre infrastructure provision; system integrationChallenge: Service disconnects (gaps, duplication, conflicts, failure); excessive cost; risk ofregulatory non-compliance Solution:
• prime contract accountability for end-to-end service delivery• responsibility for aligning service interfaces to local systems• 24x7 access to global application platform with failovers• management of consolidated and streamlined global data repository for regulatory compliance
Result:• instated joint governance to manage performance and optimize contractual spend• “infrastructure as a service” (IaaS) contract for elasticity in services, scale, and cost• streamlined multi-vendor legal and operational T’s & C’s• vendor compliance to data governance policies• $2.3M savings
Private & Confidential
www.piplinc.com
Context: £17B global partnership; £75M network & infrastructure costs; global VPN & Data Centreinfrastructure provisionChallenge: High fixed costs, custom architecture, sub-optimal asset utilizationSolution:
• network provision on a pay-per-use (variable) basis• global points-of-presence aligned to business needs• committed throughput for business applications• fully managed data centre hosting and delivery services
Result:• instated joint governance to manage performance and optimize contractual spend• “communications as a service” (CaaS) contract for elasticity in services, scale, and cost• data centre contract as a combination of services, and virtual and physical hardware assets• operations and performance monitoring mechanisms• KPI for capacity allocation and utilization• $9M savings
Selected Credentials: Global Audit, Tax and Advisory Services
Private & Confidential
www.piplinc.com
Context: £17B global partnership; “Business Insights” practice areaChallenge: Bespoke data analytics & business intelligence platform on a hybrid public/private cloud-based infrastructure provision with managed services; selection and systems integration of a mix of open-source and proprietary software components; total cost of ownership modelSolution:
• stakeholder obligations for cross-functional business requirements• project services for software development and integration• re-alignment of existing managed hosting outsource contract• Additional 3rd-party cloud-based services
Result:• selection of data analytics & business intelligence platform• governed enterprise solution (data, information, knowledge)• infrastructure costs lowered by 40% (relative to a fully managed data center provision)• competitive 3-year total cost of ownership for a turn-key solution
Selected Credentials: Global Audit, Tax and Advisory Services
Private & Confidential
www.piplinc.com
Context: £4.3B global start-up; systems integration; £1B 10-yr outsource contract for managing provisioning, billing and customer care processesChallenge: complex bespoke process flows; 000’M daily CDRs; real-time provisioning & billing;24x7 customer care; operational interfaces to > 120 fixed-line telcos around the globe; cross-border data privacy; multi-jurisdictional legal interceptsSolution:
• standardize master services agreement for operations support• custom SOWs for integration and data exchange with telcos’• preserve ITU agreements for access (ingress/egress), interconnect and legal intercept• platform (provisioning, billing, customer care, and fraud detection) and infrastructure as a service
Result:• business operations set-up as an independent profit centre• real-time SLAs for wholesale billing operations• pragmatic constraints and obligations for state-of-the-art fraud detection• simplified and clear delineation of liabilities
Selected Credentials: Global Mobile Satellite Telecom Services
Private & Confidential
www.piplinc.com
Context: 5-year, $600M ITO/BPO services contractChallenge: Compliance, verification and validation audit to gather irrefutable forensic evidence of persistent failure by the vendor in delivering to the contract; while maintaining business-as-usualSolution:
• mediate the dispute with the help of an independent 3rd-party audit committee• identify significant disconnects in mutual expectations and material failures• standardized master services agreement for support• specific statements of work focused at measurably achieving each objective
Result:• simplified and clearly delineated key client/vendor responsibilities• instated joint governance to manage performance against a set of shared KPI’s• avoided disruptive litigation• reduced ongoing costs by 10% ($12M)
Selected Credentials: Global Travel and Leisure Services
Private & Confidential
www.piplinc.com
Context: £5B Regional P&L Centre (Europe)Challenge: Governance framework for service support of a $500M SAP-based CRM/ERP system, aligning national business units on processes, data, infrastructure, and operations with a center-led knowledge management functionSolution:
• service lines and SLAs for a SAP Centre of Excellence• critical operational components, e.g., process integration across service delivery organization and its
strategic suppliersResult:
• end-to-end service levels supported by back-to-back OLAs along service delivery chain• resource cost reduction of 30%
Selected Credentials: Global Audit, Tax and Advisory Services
Private & Confidential
www.piplinc.com
Progressive Intelligence
• Progressive Intelligence is a strategy and operations consultancy for executive and management boards with 3 core practice areas covering:
• Independent Advisory
• Program Governance
• Leadership Development
• We are 18 partners across US and Europe with soild expertise in business operations, telecoms, IT, and knowledge and information (Big-Data/BI) management
• Each partner has a minimum of 25 years of experience and significant past tenures in C-level roles
• We offer a range of operations and IT transformation services addressing strategy, consolidation, sourcing, risk management, planning and implementation
Perspicuity and deep domain knowledge of technical issues;
able to roll-up sleeves and deep-dive into project activities.
Shipowners’ Protection Ltd.
Very wide and deep understanding of business
concepts; enthusiasm matched by knowledge - greatest strength is an ability to impart knowledge
to others on the team.
TUI Travels, plc.
Private & Confidential
www.piplinc.com
Advisors’ Biography
Dr. Sanjeev B. AhujaManaging Partner+44 7785 336 497
Sanjeev is the Managing Director of Progressive Intelligence, abusiness strategy and operations consultancy with offices in the US,UK and India. He launched its trusted Advisory practice in 2004, toassist investors and management boards of his clients to addressbusiness transformation challenges.
Over the last 25+ years, Sanjeev has worked and invested acrossdiverse industry sectors. He serves on the Boards of hi-tech start-ups and takes on CxO roles to lead large-scale business andoperational transformation programs. Sanjeev also conductsoperations due diligence on behalf of VC and PE firms, assessingthe risk and upside of acquiring under-performing businesses. He isexperienced at post-merger consolidation and roadmaps to re-vectora business and its value proposition.
He has vast experience and know-how in the telecom sector, havingpreviously served as CIO and VP Operations for a $4.3B mobilesatellite communications firm.
“Progressive Intelligence is a management consultancy for SME
and large-sized firms. They are adept at identifying the critical business issues - commercially astute and pragmatic, providing timely and
specific advice that is both objective and constructive.”
KPMG International
Private & Confidential
www.piplinc.com
Advisors’ Biography
Grant A. RossSenior Partner
+1 303 885 [email protected]
“Progressive Intelligence’s expertise with early stage and mid-sized
companies, in leadership roles, brings 20+ years of successful business
growth contribution, along with working-knowledge of risk mitigation, effective operational processes, and
the ability to enable a company to realize the value of change.”
THIS TECHNOLOGY, Inc.
Grant is the Senior Partner and Program Governance ConsultancyHead for Progressive Intelligence and manages its US office. Hedelivers value through a focused and measurable approach, treatingprojects as corporate investments. Portfolio management,stakeholder communications, and change management are his forte.
Grant has extensive experience working across telecommunications,software/high-tech, professional services, recruitment, healthcare,and hospitality sectors, as well as for the US Federal government.
As VP of Professional Services at This Technology, Inc., Grantdefined and led international and domestic sales support activities -scoping, pricing, proposal participation, meetings, contracting, etc.The processes and procedures implemented by Grant resulted in a$6M growth of services revenues & 60% - 65% margin contribution.