Alexander Brown – Technology Partner, Simmons & Simmons Ray Bricknell – Managing Director, Behind Every Cloud
Dear CEO - Mitigating IT Outsourcing Risk
• Context : IT Outsourcing within “Dear CEO” concerns
• Is it “in Scope”?
• Impact of growing trend toward “Cloud”
• Operational IT Risk Mitigation – Local and Endemic
• What does a rigorous IT Vendor Selection Process look like?
• IT Vendor Selection Criteria
• Areas for Improvement:
• Endemic Market Risk Mitigation – Cloud Vendor input?
• Cloud Vendor selection: A better way?
• Panel Discussion – (Please hold questions until this
session)
“What constitutes an Institutional Quality IT Vendor?” Dear CEO - Choosing an Institutional Quality IT Vendor
• Concern driver: endemic risk through financial interdependence
• But – reading with IT Outsourcing and especially Cloud in mind
Surely Outsourced IT is a critical activity in the support of regulated activities?
• IT Outsourcing Operational Risk: Local versus Endemic
Local e.g. Infrastructure Platform Event i.e. Single Vendor, Single Fund
Endemic e.g. Major Vendor Liquidation or BCP Event
i.e. Single Event affects Multiple Funds - and even Wider Markets With CLOUD (vs. On Premise or Co-Lo/Mgd Service on own kit)
these two risk exposures begin to grow and merge • UK Asset Management IT Outsourcing Market:
Small number of providers; Shared risks (e.g. E14 Flood)
Hundreds of funds: Shared Vendor exposure; Shared BCP exposure
So
…
BEC View: If it isn’t already in scope – it should be!!
Partially mitigated by thorough and ongoing Due Diligence Is IT Outsourcing “In Scope” for FCA “Dear CEO” Concerns?
The typical IT Vendor Selection process: • Internet • Word of Mouth • Expos & • Conferences • Events • Webex’s • Free trials • Experience • Provider Meetings • CTO Discussions • Technology Reviews • Demo’s • Follow-up Meetings • 1000 .ppt slides • Business Case • Business Requirements • RFI Development • RFI’s Out / In / Review
• Data Capture • RFP Creation
• Solutioning Workshops
• Reference Site Visits • RFP Out / In / Review
• Solution Presentations • Contract Negotiations
• Final Vendor Selection
The Good (hopefully)
The Bad
The Downright Ugly!
0 2 4 6 0 2 4 6 0 2 4 6
Formal
RFI/
RFP
Identify
Vendors
High-Level
Assessmen
t
Highly prone to “Garbage In- Garbage Out” Far too little “Open Market Feedback”
The Two Stage Formal
RFI & RFP Process:
RFI/RFP Scope Agreed - Approval to Proceed Identify Wide Range of Potential Vendors Desk Based Analysis of Vendors / Offerings Select “Long List” Target 10 12 Vendors Execute Non –Disclosure
Agreements Issue RFI
Multi-Vendor Briefing Presentation and Open Q&A Develop RFI Content 1 Closed 1:1 Vendor Q&A Sessions Expect Approx. 2 “No-Bids” Review Formal RFI Responses Select Short List Target 4 to 6 Vendors Release RFP
to Short List Vendor Q & A Cycle Submissions Review RFP
Review Product Collateral Review Public Domain Collateral Review Indicative Cost Models Develop RFP Content Develop RFP Response Template Agree Selection Criteria and Weightings Develop Capture and Collection System 1 2
RFI & RFP Process (cont.)
Client Side Q&A Cycle
Select “Internal Short List” for
Presentations and Due Diligence Vendor Presentatio ns (4-6) Review, Analyse, Score and Report Reduce “Internal Short List” to 2-3 Vendors Legal Terms and Conditions HL Review Financial Due Diligence Site Visits * 3 per Vendor (DC’s and NOC) Conduct Security Audit Conduct Technical Due Diligence Develop “Like-For-Like” Cost Models 3 Commercial Negotiations Contractual Negotiations Review, Analyse, Score and Report Now 2 “Preferred Vendors” High Level Design Finalisation Announce Final Successful Vendor Decision 3
IT and Cloud Outsourcing Vendor Selection Criteria e.g.:
Selection Criteria (for panel discussion later)
• Regulation and Compliance
• Clients Profile Breakdown incl.
• By Size • By Revenue
• Client References - ALL
• Financial Viability
• Revenue and Profitability Profile
• Business Model
• Ownership
• Independent Accreditations
• Contractuals i.e. T&C's
• Flexibility and Scalability
• Topology (Local / Global)
• Sector Alignment • Risk Profile • Technical • Teams (Support/Migration/Management) • Platform Components • “Onion Layers” • Vendor Relationships
• “Active-Active” => “Always On”
• Application Layer Support
Pre- Requisites
• Assessment of Key Risks and
Issues
• Internal Requirements Definition
• Internal Cost Model (“Like for Like”)
• Strategy
• Incl. Technical; Incl. Tactical
• Incl. Timing and Resourcing
Areas for Future Focus and Improvement • Endemic Market Risk Mitigation
• Cloud Vendor input to potential solutions?
• Whole of Market Cloud Vendor Dependency Data
• Cloud Vendor selection: A better way?
• The Clovertm Cloud Vendor Rating Engine
Customer Confidential Requirements Gathering & Service Catalogue IT Strategy & Business Case Multiple RFI’s & RFP’s The CLOVER™ Cloud Vendor Rating
Engine
Constant Immersion in the Cloud Ecosystem Buying Cycle
50+ Suppliers Analysed (and counting…)
Data Ratified Bi-Annually
3 * Recommended: - The Good - The Good - The Good Client Specific Inputs Detailed Client Output Regular Vendor Self- Updates via Portal “Qualified Leads” Vendor Feedback External Financial s & Media Existing Asset Management
Customer Feedback
+
-
Interactive Panel Discussion:
“What constitutes an Institutional Quality IT Vendor?” Your Panellists:
Ian Bowell – CTO – Prologue Capital
Alex Brown, Technology Partner - Simmons and Simmons Mark Fowle – CEO and co-Founder – Attenda
Jon Gasparini – Financial Services CTO – Fujitsu Alex Parker – CTO – Commensus
Roy Wood – Sales and Marketing Director – Advanced 365 Chair:
Ray Bricknell – MD – Behind Every Cloud
Thank you for your time, please join us for coffee outside. Contacts for any follow up questions:
Alex Brown, Technology Partner - Simmons and Simmons
Ray Bricknell – MD – Behind Every Cloud
