Vrm Framework

Hans van Eck-Casteels //+1-416-931-5241 or [email protected]

Vendor Relationship Management Strategy and Execution

Corporate Services

May, 2013


Vendor Relationship Management

1. Definition and Objectives of VRM

2. VRM Process Description

3. Project Timeline

4. Next Steps


SRM….What Is It About

3

A discipline of working collaboratively with those suppliers that are vital to the success of the organisation, to maximize the potential value of those relationships

Vendor Relationship Management: What’s It All About?

For Strategic, Material, Designated and Outsourcing Vendors:

Develop a long term, strategic approach to managing the relationships of the organization’s key strategic suppliers (Relationship Management)

Develop jointly agreed upon relationship goals and objectives for targeted suppliers (Governance)

Develop KPIs that support and monitor progress toward achieving the overall joint relationship goals & objectives (Performance)

Create conditions for safe and reliable operations (Risk Mitigation)

Deliver value and managing costs (Performance)

Invest in processes,technology and innovation (Continuous Improvement)

Plan and implement onboarding, scorecarding and innovation (Performance)

VRM Actvity Clusters VRM Actvity Purpose

Strategic Sourcing

Contract Management

Performance Management

Strategic Relationship Management

Enhance value

Capture value

Assure value

Create New Value

Inform

Inform

Pre-award Post-Award

Vendor M

anagem

ent

Category Management

4

Vendor Relationship Management Objectives

CURRENT STATE OBJECTIVES

Vendor Relationship Management practices vary in quality and effectiveness across – no “source of truth”

No formal process of vendor stratification exists to ensure clear identification and oversight of ’s most critical / strategic or material vendors

Lack of training, information, processes and tools to guide consistency across LOBs and support vendor managers

Critical vendor management requirements such as business continuity, security management, risk management, compliance, governance are managed as separate silos and not integrated along with vendor management as core components of vendor management

Inconsistent, sporadic leverage of vendor capabilities and innovation / innovative practices that could leverage to create competitive differentiation

Maximize Return On Expense (investment) Maximize the value of vendor relationships relative to the expense to create, develop and maintain those relationships

Enhance Knowledge of Vendor Business Drivers

Impact on ’s revenue / revenue potential

Impact of market conditions on the vendor /

relationship

Impact of emerging capabilities on vendor

offering

Leverage Existing Vendor Relationships

Systematic, streamlined, sustainable process /

framework and toolsets to maximize the

strategic value of key CIVC / Vendor

relationships

Outsourced relationships to be viewed as assets

viewed by the vendor community as a

client of choice

Leverage Vendor Processes / Innovation

Shorten go-to-market cycle times and create

competitive differentiation / advantage

DRIVERS

Increased complexity of relationships Ever larger reliance on outsourcers

Increasing pressure from regulators, consumers and clients Leverage vendor innovation to create true business value - and shorten go-to-market cycle times A phenomenal increase in the volume of activity that is done outside the four walls of the organization Identify, Manage and reduce or mitigate risks

5

Vendor Relationship Management: Benefits

Vendor Relationship Management (VRM) is about developing two-way, mutually beneficial relationships with ’s most strategic partners that deliver effective risk management, greater levels of innovation and competitive advantage than could be achieved by operating independently. The VRM framework and supporting toolset is also used to manage High Risk and Material vendors, as well as Vendors providing outsourcing services

Business Continuity: Ensure the continuity

of services through early

warning systems and enhanced vendor

information

Relationships: Proactively address critical concerns by facilitating better

communication and relationships with

vendors

Risk Management: Control potential

disruptions in our services chain

and increase our ability to proactively

mitigate risk

Assurance Minimize or eliminate unplanned reactive

costs such as finding alternative vendors

at short notice

Governance: Provide stakeholders

with reassurance about the control

has over the risks in our supply

chain

Value Creation Leverage vendor

innovation to create commercial differentiation, optimize margin or shorten

the Go-to-Market cycle time


LOB and Corporate Services Sourcing Value

Creation

Different Types of Vendor Value Management

Vendor Collaboration to create new vendor value beyond what is in the contract

Vendor performance Management to maintain and gradually improve value

Not-So-Benign-Neglect

Without rigorous contract management, 75 percent of sourcing savings can

disappear within 18 months

Time

Vendor Performance Management to maintain and improve value

Vendor Scenarios Illustrative

Value Contract Signed

Value Capture from Sourcing Depends on How Well Manages Vendors

Vendor Relationship Management: Value Capture

7

Vendor relationship Management Program – Road Map

Right Work, Done Right

Satisfaction, Direction Setting

Validate and Manage Spend

Ensure Compliance

• Service Delivery Requirements • Service Level Reviews • Problem Management • Project Monitoring • Change Management • Work Prioritization • Risk Management

Performance Management

Relationship Management

• LOB / Customer Satisfaction • Business Unit Satisfaction • Communications and Forums • Escalation Management • Issue Tracking • Innovation • Vendor Councils

Financial Management

• Invoice Verification • Charge Back Management • KPI / SLA Management • Receipt of Service • Service Consumption Analysis • Demand / Affordability Mgmt.

• Contract Compliance • Amendments / Renegotiations • Benchmarking • Document Management • Document Repository • Policies and Procedures • Tools and Templates

Contract Administration

Pre-Award Post Award

Category Management

VALUE

Request newvendor

product / service

Complete strategicvendor riskassessment

Assess if vendor’srisk profile is

higher than legacy

If risk is highercomplete additional

due diligenceif judged required

Amend contract withappropriate terms

and conditions

Request newvendor

product / service

Complete strategicvendor riskassessment

Assess if vendor’srisk profile is

higher than legacy

If risk is highercomplete additional

due diligenceif judged required

Amend contract withappropriate terms

and conditions

8

VRM: High Level Process Introduction

Process Steps Objective Activities Potential Pitfall Key Consideration

Step 1\ Vendor

Segmentation

Step 2\ Vendor Risk Management

Step 3\ Performance Measurement

Step 4\ Continuous

Improvement

• Develop vision and create a prioritized roadmap for vendor relationship engagement • Use segmentation tool to assign vendor to one of three vendor tiers • Determine most appropriate plan of action with LOB and vendors • Choose suppliers and / or categories for active VRM management • Segmentation can be a major stall point due to over- complication • Use the VRM segmentation tool to quickly move through phase 1 with confidence

• Beyond an information security assessment (PIRT) – assess vendors for operational\ risk management • Understand risk factors associated with strategic / outsourcing or material vendors • Design and implement vendor management activities reflective of risk scores • Design / amend scorecards

• None known

• Use the VRM risk management tool to design a solid and focused vendor management approach / mitigate risks

• Deploy scorecards to measure performance for strategic / material and outsourcing vendors • Create a standardized process to measure vendor performance • Focus on past performance but also on improvement and process improvement opportunities • Administer scorecard collect responses and analyze results

• Scorecard data analysis can be very resource intensive

• Scorecard categories tied to the VRM governance framework components and performed as a collaborative LOB / VRM effort

• Drive continuous improvement through scheduled vendor reviews meetings and action plans • Communicate performance expectations and progress to vendors • Identify and execute on improvements • Coordinate supplier management activities across LOB’s to ensure “one voice” to the vendor • Manage innovation initiatives

• LOB time is limited but participation is critical to drive improvements • VRM / VMO acts as process facilitator while vendor and LOB own action to completion

Initial Timeline 2 Weeks 4 Weeks Ongoing Ongoing

9

VRM Application of Tools to Various Vendor Management Activities

Vendor Performance Scorecarding Vendor

Segmentation

Relationship / Stakeholder

Mapping

Holistic Vendor Performance

Management

Corporate Services Governance Board

Review

Vendor Segmentation

VRM / LOB Roles and

Responsibilities

Define Measures and

Hierarchies

Set Expectations

Measure and Report

Govern and Assure

Vendor Performance

Management Approach

Sourcing Process Implementation / Vendor Performance Onboarding Management

Enabling Tools

10

Vendor spend segmentation is a question driven tool that helps to identify which vendors are strategic to (and why), driving differentiated vendor management approaches and links to the sourcing playbook

Segmentation is Step One of the VRM process

•Defined segmentation criteria:

•Strategic

•Operational

•Commodity

• Segmentation ensures optimal alignment

of resources, roles and responsibilities

• Eliminates unwarranted focus on non-value generating vendors

• Rules based program ensures segmentation

framework is adhered to consistently

• Enables management of different kinds of

relationships with the same vendor

• Guides strategy in deal structure, execution,

evaluation and management

VRM Benefits Beyond Economics

Strategic Strategic

Operational

Commodity

Defined Vendor Segments

11

Segmentation Operational Model and VRM Management Assignment

Strategic

Commodity

Operational

Business Impact

Vendor

Spend

Significance on either criterion, not just in combination, drives tier

Strategic

Operational

Commodity

• Vendors that are critical to ’s long term success • “Partnership” mindset – would allow to create succinct business value

• Key group of vendors, difficult to replace • Integrated involvement with process and activities

• Standard, most common relationship • Provides good and services that do not contribute to value creation

Business Impact

• Material, outsourced, or vendor integral

to business performance

• Uniqueness of services or product is evident

• Opportunities for asset / cost-effectiveness,

brand improvement, service improvement,

marketing advantage and profit growth

Vendor Spend

• Amount of money directly spent with the vendor

or through third parties

• Includes ancillary costs / benefits that impact

the value of the relationship

Axis Description

VRM / VMO Managed

LOB Managed / VMO Assistance

LOB Managed

12

Risk Identification for Strategic Vendors is Step Two of the VRM process

Proposed

Risk filtering VRM Risk Filtering

Segmentation process Leading to tailored VRM processes – scorecards weighted to risk mitigation, specific onboarding activities and innovation management

Segmentation Tool

Strategic vendors, specially selected Operational Vendors, designated vendors and all Material, ITO/BPO will be additionally risk and rank profiled

Tailored Processes

After filtering, scores will be matrixed,…

Risks are filtered for identification and categorization

Risks are measured according to business impact and possibility of occurrence

Results of aggregate risk, measurement determine Scorecard, contract and vendor engagement model

VRM Risk Filtering

Ris

k F

ilte

rs

Risk 1

1

2

1

2

3

Risk 4

Risk 1

Risk 2 Im

pact

Probability L H

Risk 5

Risk 6

Risk 3

Risk 2 Risk 3 Risk 4 Risk 5 Risk 6

H L

Risk 1

Risk 2

Risk 3

Risk 4

Risk 5

Risk 6

Environmental

Foreign Corrupt

Strategic

Operational

Financial

Regulatory

Mandato

ry

Optional

3

6 Change Management Value

6.1 is there a clearly defined change management process in

lace?

No

6.2 Are current processes modeled and serve as a baseline? No

6.3 Is there a change management / contract management

link in place?

No

6.4 Does the change management activity require updates to

SLA and KPI metrics / scorecards, and are they effectively

captured and managed?

No

Change Mgmt.

Problem Mgmt.

Delivery Mgmt.

Risk Mgmt.

Financial Mgmt.

Contract Mgmt.

Balanced Scorecard

Strategic

Busin

ess Im

pact

Vendor

Spend

Commodity

Strategic

Operational

Commodity

13

Step Three: Governance Framework Certification

Questionnaire

Governance Framework When certified “in compliance”, the framework components are supported by a robust set of tools and templates

Governance Framework

The Governance components need a certification of compliance

Day-to-Day Management Tools

Before the governance framework can be leveraged, visibility is required to acsertain that all components – where applicable – are in place, supported by tools and templates

Questionnaire based on the six VRM Governance Components

3 Financial Management Value Mitigation / Actions

3.1 Is a mechanism in place that monitors a vendor's financial health? no

3.2 Is a mechanism in place to benchmark the vendor against

competitors?

no

3.3 Is a process in place to ensure invoicing accuracy? Yes

3.4 Is a process in place to apply discounts (based on volume or time)? Yes

3.5 Is there a budget correlation mechanism in place? No

Contract Mgmt

Change Mgmt

Delibery Mgmt

Financial Mgmt

Risk Mgmt

Problem Mgmt

Thresholds for Determining Criteria Scores

4 Risk Management Value

4.1 Are vendor risk assessments performed and documented? No

4.2 Is there a clear understanding on who is responsible for

risk mitigation activity?

No

4.3 Are security risk issues identified for each vendor or

contract and are issues logged, tracked and reported until

resolved?

Yes

4.4 Is there an entity in place that monitors compliance with

government and industry regulations?

No

4.5 Is there a mechanism in place to ensure that the vendor is

continually aligned with CIBC security and risk standards

and policies?

Yes

4.6 Are there business continuity plans in place, and is the BCP

plan tested with regular interval?

Yes

4.7 Is there a disaster recovery plan in place? No

2 Delivery Management Value

2.1 Are in-scope goods and services clearly defined and

accompanied by accountabilities to facilitate performance

management

Yes

2.2 Is there a mechanism in place to measure performance

against SLA and KPI's?

Yes

2.3 Is there clear understanding on who is responsible for

performance management?

Yes

2.4 Is there a mechanism in place to determine corrective

measurements against performance issues?

Yes

2.5 Has the vendor the capability to engage with CIBC in

collaborative innovation activities?

Yes

2.6 Is there clear understanding on whom is responsible for

identifying performance trends and issue identification?

No

2.7 Are performance scheduled with the vendors? No

2.8 Does the vendor have a mechanism in place to correct

performance issues if those issues are due to third party

vendors?

No

Delivery Management

Risk Management

Process In

Place No

Yes Apply Contractual

Clauses and Proceed

Put missing components in place

Deficiencies Remedied

No Yes

Change Mgmt

Contract Mgmt

Problem Mgmt

Financial Mgmt

Risk Mgmt

Delivery Mgmt

VRM Governance

Processes

Material Contracts Top 50 VendorsSRM “High” Risk_

Performance

& Management

Focus

Governance

& Control

Focus

Change Mgmt

Contract Mgmt

Problem Mgmt

Financial Mgmt

Risk Mgmt

Delivery Mgmt

VRM Governance

Processes

Material Contracts Top 50 VendorsTop 50 VendorsSRM “High” Risk_SRM “High” Risk_

Performance

& Management

Focus

Governance

& Control

Focus

Example

14

Step 4: Scorecarding

VRM/ LOB Scorecard Focus … Balanced, Risk-Weighted Scorecard Improves Management Focus….

Vendor / LOB Input LOB / VRM-VMO Requirements

Create relevant risk-weighted scorecard

Enter results into Hiperos

Collect transactional performance data

Conduct criteria-based assessment

Create Vendor Performance report

Vendor performance communications

Study Performance

Create Improvement Plan

Implement Improvement Plan

Monitor Improvements

Is Performance

Class- Leading?

N

Y

Quality, cost, delivery and responsiveness measurements are either solicited from the LOB or Businesses, or are extracted from the computer system

Conduct measurements, quality of service service delivery , development assessments. Measurements commensurate governance framework components

Auditable plans are required for assessment; SLA / KPI or class-leading performance may negate The need for repeat criteria-based assessments Complete balanced scorecard containing quality, risk, costs, delivery and responsiveness Measures Each period review (monthly / quarterly / semi-annually or annually) report prior to sending to vendor Implement business or services performance\ Improvement strategy, plans and activities As defined by VRM benchmarking

100% 0%

Targeted for Strategic Vendors

VRM Scorecard

Targeted for Operational

Vendors (Scorecard Light)

Ad-hoc measurement (Annual / as required)

Commodity Vendors

• Ensures overall scorecard framework remains relevant as score metrics are fine-tuned • Facilitates scorecard adoption, including numerous pre-set metrics • Enables comparability across vendors while capturing relationship-specific issues

Nudging Towards Standards

15

VRM Governance: Principles and Enabling Toolset

VRM governance will: • Outline the relationships between all internal and external groups involved with strategic /material / outsourcing vendors • Describe the proper flow of information regarding vendor management activities to all stakeholders • Ensure the appropriate review of issues encountered • Introduce a series of tools and templates allowing for the effective management of those components within the framework which were identified as “essential”

CLASSIFICATION CATEGORIESVRM

CONTROLS

Management Structure

Change Management


CONTROLS

Relationship management

Contract Management

Financial management

Risk Management

Delivery Management

Problem Management

Change Management

Strategic

Supplier

Service

Supplier

Commodity

SupplierAuxiliary

CS Led Activity

Business-Led activity

High Risk

As-is process – no change other than linkage to sourcing approach

database

CS – Led all-phase VRMProcess plus extended\



CONTROLS


Change Management


CONTROLS


Contract Management


Risk Management

Delivery Management

Problem Management

Change Management

Strategic

Supplier

Service

Supplier

Commodity

SupplierAuxiliary

CS Led Activity


High Risk


database




CONTROLS


Change Management


CONTROLS


Contract Management


Risk Management

Delivery Management

Problem Management

Change Management

Strategic

Supplier

Service

Supplier

Commodity

SupplierAuxiliary

CS Led Activity


High Risk


database



VRM Value And

Alignment

VRM Performance Measurement

VRM Risk

Management

VRM Accountability

VRM Governance

VRM Governance Principles VRM Enabling Toolset

16

Current Process Versus Proposed Process - CONCEPTUAL

Current VRM Process Possible VRM Process

Enabled by NNN

An on-demand (SaaS) solution to measure, monitor,

and manage the collection of relationships (e.g. suppliers,

partners, outsourcers, re-sellers, brokers, and affiliates)

that contribute to a company’s value chain.

Breadth

Registration pre-award post-award

Depth

Performance Risk

Compliance/CR Information Mgmt

No defined vendor segmentation model

Entirely manual process, with information dispersed in various process components within , not always readily accessible

Current focus on a selected few vendors that have no clearly defined spend owner Continual manual input – no data-driven prompts

Vendor management ad-hoc

No clear view of vendor risk, other than information security risk management (PIRT) No formal onboarding process Governance framework components are defined, but not supported by tools and templates Some components are “common process” within the sourcing cycle, but the activities are not coordinated,\ accessible or measured Holistic reliance on vendor self assessment, making the scores suspect Only 1 resource currently dedicated to VRM – no common-accessible database

17

Proposed Organizational Structure: Corporate Services Governance Board and VMO

Corporate ServicesGovernance Board

Vendor Management Office

Governance andCompliance

VendorRelationshipManagement

Information Security

Management

18

VRM: A Multi-level View of Performance (Scorecard)

VR

M

LO

B

Ven

dor

Revie

w

Co

mm

itte

e

Start

End

Is the Relationship

VRM managed?

Create relationship and allow access to everyone who will

create scorecard for this supplier

Create and build LBO standard

KPI and SLA groups and advise

contract management and Legal

Agree on KPI / SLA

measurements

Relationship created

and access managed at

this level

Create scorecard template

For vendor

Create LOB specific

KPI / SLA and import

into card

Adjust targets

with specific

measures

If required, add

locations to card

Input Sections

weighings

Agree card

If Hiperos – Access site

If manual

Fill out Vendor card Components

manually

Complete card

Submit card

Receive rejcted Card and

Complete further

See Performance

report

Solicit Performance

Input And send Card to vendor

Review card

Reject Card?

Approve Scores

Review With

Vendor

No

Yes

Yes

No

19

VRM Governance Toolset Workflow Diagrams

Delivery Management

Risk Management

Contract Management

Problem Management

Financial Management

Change Management

LOB or VRM conducts Root Cause

analysis

LOB or VRM contact Vendor to report

Incident

VRM Logs and tracks Incident

and Assigns identifyer

Conduct Regular Service Reviews

Update incident tracking Report and check if refunds are due

Execute Root Cause Analysis Document

and log results

Periodically conduct Financial Health check

Use financial data contract date and match with invoice

Approve Invoice for processing

Ensure discounts are Taken when due

Review vendor Spend against

contract

Conduct quarterly Team meeting (scorecarding)

Conduct vendor Review meetings as

scheduled

Formally submit Change request

Determine impact of proposed

change

Review change request to determine trends

Approve or Denie Change request and illustarte reasoning

Determine contract SLA / KPI impact

potential and adjust accordingly

Implement / roll out approved request

Assess completion effectiveness

and update final status

Vendor and LOB / category manager to

review business requirements

Log and track issues with the agreement

Determine what contract amendmends are

required

Determine if the changes require a formal\ change contract

procedure

Draft amendmends to the applicable

contract

Advise reuestor of the changes

Escalate if agreement is unlikely

Fiollow usual contract

management procedures for

sign-off

Evaluate the 6 VRM risk

components

Tailor VRM management and scorecard focus

To “high risk” components

Communicate risk concerns and

mitigation strategies to vendor

Indicate risk compliance status

Review incoming Reports and escalate

issues

Design and implement a risk mitigation

program

- Different than the PIRT process, which is focused on information security risk management