While traditionally a low priority for CIOs, effective vendor management and governance capabilities are becoming increasingly important. For one thing, executives seek better tools to manage today’s complex multi-vendor sourcing arrangements. Governance discipline is also necessary to address growing risks around cyber security, and to comply with increasingly stringent regulatory requirements.
However, evidence suggests that many ANZ enterprises are falling short on governance. For example, we’ve observed very few cases of effective multi-vendor management. In many instances customers hire multiple vendors without a coherent strategy, so they end up not actually knowing what they’ve bought, let alone how to manage it. Service integration maturity is low, moreover, and the critical functions of transition and change management are often poorly planned or downright ignored. More specifically, confusion often reigns regarding what type of model to apply, or what the role of centralized procurement should be relative to the IT organization. Lines of accountability and responsibility are often blurred, and power struggles are not uncommon.
Ineffective governance exposes any business to risks such as lost value, security breaches and regulatory non-compliance. The stakes are especially high for ANZ financial services organizations. The Australian Prudential Regulation Authority (APRA) has recently raised the bar in terms of its requirements for third-party oversight from financial services organizations. Once services are outsourced, APRA requires banks to continuously monitor their providers and manage their performance. Evidence suggests that ANZ finance companies are struggling to adhere to these regulatory standards. Existing challenges of provider oversight are now being compounded by the introduction of disruptive technologies, and banks are struggling to integrate these new technologies into existing service delivery models and contracts, which are still aligned to conventional managed service types of arrangements.
Banks that violate APRA’s regulatory standards face the prospect of fines and penalties, as well as damaged reputations.
How can ANZ banks address this situation? Globally, the concept of a dedicated Vendor Management Organization (VMO) is emerging as an accepted best practice. As an independent entity outside the purview of IT, procurement or other business unit, and as an objective party with no vendor bias, the VMO is uniquely positioned to facilitate communication and transparency among myriad entities. More specifically, the VMO can play a critical role in addressing the challenges of regulatory compliance. By providing visibility across multiple vendors and business lines, the VMO can help establish a sound compliance framework and ensure process discipline over the long term.
An effective VMO requires executives with particular skill sets, and in mature enterprises the role of “vendor management executive” is emerging as a distinct function. Requirements include contractual knowledge, data collection and analysis skills and the ability to assess metrics. People skills, specifically the ability to work across multiple teams in a variety of functions, is imperative.
In terms of VMO implementation strategies, many progressive enterprises are turning to third-party providers under an “as-a-service” model. This approach leverages expertise without adding more work to already constrained staff, and circumvents the necessity to invest in pricey tool sets. While the responsibility for managing the strategic aspects of the relationship remain with the provider, many of the tactical and monitoring functions performed by a VMO can certainly be effectively sourced.
Ultimately, vendor management combines a high-level perspective on governance and oversight, coupled with rigorous attention to detail; indeed, granular analysis and knowledge of contracts is a prerequisite to effectively managing the big picture.
ANZ enterprises, and financial services organizations in particular, can reap considerable benefits by taking a more strategic and holistic view of vendor management, one that extends across business units and focuses on risk mitigation and achievement of business value from sourcing.
About the author
David has more than 25 years of experience in IT and business, working with world-class IT advisory firms and service providers. His areas of expertise include transformation, cost reduction and risk mitigation.