1 © 2001 Deloitte & Touche. This presentation contains proprietary information and materials which are the property of Deloitte & Touche. All rights reserved.

Slides:



Advertisements
Similar presentations
Financial Statements Audit
Advertisements

Buying Better Outcomes Workshop 4 Equalities and Contract Management If you do not take it seriously, why should the supplier?
Outsourcing – Managing for Success Stuart Payne, Morgan Chambers Copyright © 1999 Morgan Chambers plc Copyright © 1999 Morgan.
Discussion on SA-500 – AUDIT EVIDENCE
Grow Your Business through Contact Centre Outsourcing Fanny Vaz Director, Personal Market Unit, CTM.
Dr. Julian Lo Consulting Director ITIL v3 Expert
AUDIT COMMITTEE FORUM TM ACF Roundtable IT Governance – what does it mean to you as an audit committee member July 2010 The AUDIT COMMITTEE FORUM TM is.
The Outsourcing Process
Understanding the Client and General Planning
IS Audit Function Knowledge
TEMPUS ME-TEMPUS-JPHES
Mª ANGELA JIMENEZ 1 UNIT 4. EXTERNAL AUDIT BASIS CONCEPTS.
1 Performance Auditing  In IT Environment  Evidence Gathering & Analysis Techniques  Computer Assisted Techniques  Use of IDEA.
THE PRINCIPLES OF QUALITY MANAGEMENT. DEFINING QUALITY Good Appearance? High Price? The Best? Particular Specification? Not necessarily, but always: Fitness.
Business Acquisition Process Implementation & transition Closing Negotiation of the transaction Due Diligence Engagement TargetIdentification.
Joint Business Plan Madhurjya K. Dutta 1mk_dutta Sept 2010.
Software Evolution Planning CIS 376 Bruce R. Maxim UM-Dearborn.
Vendor Risk: Effective Management is Essential
Chapter 4 Risk Assessment.
Internal Auditing and Outsourcing
1 Jon Whitfield Agency CEO Head of Government Internal Audit.
© 2010 Plexent – All rights reserved. 1 Change –The addition, modification or removal of approved, supported or baselined CIs Request for Change –Record.
Improving Corporate Governance in Malaysian Capital Markets – The Role of the Audit Committee Role of the Audit Committee in Assessing Audit Quality.
Outsourcing Louis P. Piergeti VP, IIROC March 29, 2011.
Audit objectives, Planning The Audit
Planning an Audit The Audit Process consists of the following phases:
CO2403 and CO3808 – Quality Management Systems Quality process definition, administration and accreditation.
Copyright © 2006 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill/Irwin 3-1 Chapter Three Risk Assessment and Materiality Chapter Three.
Chapter 07 Internal Control McGraw-Hill/IrwinCopyright © 2014 by The McGraw-Hill Companies, Inc. All rights reserved.
Chapter 16: Audit of Cash Balances
INTERNAL CONTROL OVER FINANCIAL REPORTING
CDS Operational Risk Management - October 28, 2005 Existing Methodologies for Operational Risk Mitigation - CDS’s ERM Program ACSDA Seminar - October 26.
Internal Control in a Financial Statement Audit
The Drivers of Audit Quality Culture within firm Skills and qualities of partners and staff Audit Quality External factors Reliability and usefulness of.
Alternative Service Delivery Models October
Chapter 8: Client Risk Profile and Documentation
S7: Audit Planning. Session Objectives To explain the need for planning To explain the need for planning To outline the essential elements of planning.
Strategic Alliances How to Structure, Negotiate, and Implement Successful Alliances February 11, 2003 Debra J. Dorfman Copyright © 2003 by Hale and Dorr.
1 Unit 1 Information for management. 2 Introduction Decision-making is the primary role of the management function. The manager’s decision will depend.
Audit Planning. Session Objectives To explain the need for planning To outline the essential elements of planning process To finalise the audit approach.
Private & Confidential1 (SIA) 13 Enterprise Risk Management The Standard should be read in the conjunction with the "Preface to the Standards on Internal.
© 2008 IBM Corporation Challenges for Infrastructure Outsourcing July 29, 2011 Atul Gupta Vice President, Strategic Outsourcing, IBM.
ISO 9001:2008 to ISO 9001:2015 Summary of Changes
© 2001 Change Function Ltd USER ACCEPTANCE TESTING Is user acceptance testing of technology and / or processes a task within the project? If ‘Yes’: Will.
1 Internal Audit. 2 Definition Is an independent activity established by management to examine and evaluate the organization’s risk management processes.
Copyright © 2007 Pearson Education Canada 1 Chapter 21: Completing the Audit.
ISSAI 400 Compliance Auditing
McGraw-Hill/Irwin © 2003 The McGraw-Hill Companies, Inc., All Rights Reserved. 6-1 Chapter 6 CHAPTER 6 INTERNAL CONTROL IN A FINANCIAL STATEMENT AUDIT.
Assurance service/engagement
Copyright © 2006 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill/Irwin 6-1 Chapter Six Internal Control in a Financial Statement Audit.
1 Kingsley Karunaratne, Department of Accounting, University of Sri Jayewardenepura, Colombo - Sri Lanka Practice Management.
International Security Management Standards. BS ISO/IEC 17799:2005 BS ISO/IEC 27001:2005 First edition – ISO/IEC 17799:2000 Second edition ISO/IEC 17799:2005.
The common structure and ISO 9001:2015 additions
Case 6.2 Waste Management Copyright © 2014 McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent.
Unit – I Presentation. Unit – 1 (Introduction to Software Project management) Definition:-  Software project management is the art and science of planning.
1 A Seminar On Pharmaceutical Outsourcing A Seminar On Pharmaceutical Outsourcing.
Continual Service Improvement Methods & Techniques.
Pertemuan 14 Matakuliah: A0214/Audit Sistem Informasi Tahun: 2007.
Quality & Regulatory Expectations of Outsourcing Oversight Nicky Dodsworth, VP Global Quality Assurance.
ICAJ/PAB - Improving Compliance with International Standards on Auditing Planning an audit of financial statements 19 July 2014.
©©2012 Pearson Education, Auditing 14/e, Arens/Elder/Beasley Considering Internal Control Chapter 10.
© 2005 Windelberg Consulting, LLC EDUCAUSE Mid-Atlantic Regional Conference January 12-14, 2005 Outsourcing: Look Before You Marjorie Windelberg, Ph.D.
ACCA/PAB/ICAJ/ICAC Practice Monitoring Reviews OVERVIEW OF FINDINGS 19 July 2014.
Improving Compliance with ISAs Presenters: Al Johnson & Pat Hayle.
AUDIT STAFF TRAINING WORKSHOP 13 TH – 14 TH NOVEMBER 2014, HILTON HOTEL NAIROBI AUDIT PLANNING 1.
Audit and Assurance Introduction. Requirement  Preview before class. Ask more, and discuss more. Ask more, and discuss more. Make notes. Make notes.
AUDIT EVIDENCE AND FINANCIAL STATEMENT ASSERTIONS 1.
Auditing & Investigations I
LATIHAN MID SEMINAR AUDIT hiday.
Neopay Practical Guides #2 PSD2 (Should I be worried?)
Presentation transcript:

1 © 2001 Deloitte & Touche. This presentation contains proprietary information and materials which are the property of Deloitte & Touche. All rights reserved. Outsourcing or Third Party Service Management Karen Sharpe Deloitte & Touche Enterprise Risk Services October 25, 2001 Presentation to ISACA

2 © 2001 Deloitte & Touche. This presentation contains proprietary information and materials which are the property of Deloitte & Touche. All rights reserved. Agenda  Introduction  Areas of risk to consider before outsourcing  The outsourcing project  Managing the relationship  Audit considerations  Why do outsourcing arrangements often fail?  Conclusions

3 © 2001 Deloitte & Touche. This presentation contains proprietary information and materials which are the property of Deloitte & Touche. All rights reserved. Introduction  A HIGH LEVEL DEFINITION OF OUTSOURCING:  When the management of a company decides for strategic, economic, technological or other reasons to cease managing a business function itself and to delegate the responsibility to a third party.  “Outsourcing” generally associated with IT management, but it could be any service  “Third Party Service Management” is a more accurate description

4 © 2001 Deloitte & Touche. This presentation contains proprietary information and materials which are the property of Deloitte & Touche. All rights reserved. Dominant Type of Outsourcing Source - report  Information and Communications Technology (ICT)  Business Process Outsourcing (BPO)

5 © 2001 Deloitte & Touche. This presentation contains proprietary information and materials which are the property of Deloitte & Touche. All rights reserved. Who are the big suppliers? Source - report

6 © 2001 Deloitte & Touche. This presentation contains proprietary information and materials which are the property of Deloitte & Touche. All rights reserved. Who are the big purchasers? Source - report

7 © 2001 Deloitte & Touche. This presentation contains proprietary information and materials which are the property of Deloitte & Touche. All rights reserved. Areas of risk to consider before outsourcing  The Business Case  Human Resources Risks  Legal Risks  Avoiding Disaster before you start

8 © 2001 Deloitte & Touche. This presentation contains proprietary information and materials which are the property of Deloitte & Touche. All rights reserved. The Business Case - why outsource?  Business Re-engineering  Cost Reduction  Access to new skills and technology  Delegation of “difficult” functions  Optimal use of scarce management resources  A sound business case is very important to the future success of the arrangement  Management must understand why they want to outsource and what the consequences will be

9 © 2001 Deloitte & Touche. This presentation contains proprietary information and materials which are the property of Deloitte & Touche. All rights reserved. Common Pros and Cons of Outsourcing Pros:  increased focus on strategic issues and core competencies  improved use of management resources  predictable, reduced (?) and controllable costs  access to improved services because of supplier size and functional focus  access to improved technology and staff resources

10 © 2001 Deloitte & Touche. This presentation contains proprietary information and materials which are the property of Deloitte & Touche. All rights reserved. Common Pros and Cons of Outsourcing Cons:  loss of control/influence coupled with increased management time re disputes  poorer service quality  higher than expected costs  poorer relationships with staff and customers  lack of integration with corporate infrastructure and culture  loss of skills

11 © 2001 Deloitte & Touche. This presentation contains proprietary information and materials which are the property of Deloitte & Touche. All rights reserved. Human Resources Risks  What are the current and future staffing numbers and skills?  What concerns will existing staff have? - Communication is important.  Who will carry out the function after outsourcing?  Staff currently employed by the contractor; or  Staff currently employed by the company.  Will the contract be subject to the 1981 Transfer of Undertakings Regulations (TUPE)?  The contract must include appropriate warranties and indemnities in relation to the parties liability for the transferred staff.  Management and the third party must be aware of the potential cost.

12 © 2001 Deloitte & Touche. This presentation contains proprietary information and materials which are the property of Deloitte & Touche. All rights reserved. Legal Risks  Confidentiality agreements  Structure of contracts and schedules  Financial considerations (e.g. flexibility, VAT issues)  Property & Assets  Defining respective responsibilities  Exit plan - expiry and termination  Regulatory requirements (e.g. FSA)  Legal requirements (e.g. Data Protection Act)

13 © 2001 Deloitte & Touche. This presentation contains proprietary information and materials which are the property of Deloitte & Touche. All rights reserved. Avoiding disaster before you start  Companies need to be prepared to do plenty of pre-work  Technically - know and understand existing processes and what services the third party is expected to provide  Commercially - know and understand your cost base and the understand the pricing model proposed by the service provider  Legally - be prepared to negotiate the finer details of the deal

14 © 2001 Deloitte & Touche. This presentation contains proprietary information and materials which are the property of Deloitte & Touche. All rights reserved. The Outsourcing Project  The outsourcing project is subject to the same risks as any other major project  Failure to deliver and cost overruns could arise from a number of directions, including:  lack of commitment from senior staff  failure to engage all parts of the business in the process  poor project governance  lack of detailed plans  failure to monitor and manage adequately

15 © 2001 Deloitte & Touche. This presentation contains proprietary information and materials which are the property of Deloitte & Touche. All rights reserved. Proposed Methodology for Outsourcing Phase 0 Initiate Phase 1 Assess Phase 2 Plan Phase 3 Contract Phase 4 Transition Phase 5 Manage & Review USER ORGANISATIONTransition ofCONTRACTOR Responsibility Key Documents Feasibility Study Service Definition Service Level Agreement Transition Plan Review Procedures Source: Oracle Corporation

16 © 2001 Deloitte & Touche. This presentation contains proprietary information and materials which are the property of Deloitte & Touche. All rights reserved. The Outsourcing Project  Ensure that there is full commitment at the most senior level  Appoint the appropriate Project Manager  Devise and agree the project methodology that is going to be applied  Draft the project plan  Implement the assessment study  Report findings / proposal for specific projects  Select and plan specific projects  Migration of control

17 © 2001 Deloitte & Touche. This presentation contains proprietary information and materials which are the property of Deloitte & Touche. All rights reserved. Managing the Relationship  The SLA is the key to success in the ongoing relationship  It should be considered as a “living document”, to be changed when supplier or customer circumstances change  The SLA should clarify the expectations of both sides but should not be overly prescriptive or used as something to wave at the other party  Possible Service Level parameters:  Availability  System specific metrics (engineer response times, mean time between failures etc.)  Turnaround or delivery times  Levels of customer satisfaction  Minimum security standards

18 © 2001 Deloitte & Touche. This presentation contains proprietary information and materials which are the property of Deloitte & Touche. All rights reserved. Suggested structure of an SLA  There is no standard format - the SLA should be tailored to the particular circumstances of the arrangements to be made. A suggested structure could be:  Introduction  Service Definition and Responsibilities  Service Expectations and Future Targets  Reporting arrangements  Customer Responsibilities  Procedures for Customer / Service Provider Liaison  Cost of services  Exit arrangements  Appendices - Services and Service Levels / Definitions

19 © 2001 Deloitte & Touche. This presentation contains proprietary information and materials which are the property of Deloitte & Touche. All rights reserved. Why SLAs fail  Document not sufficiently business oriented  Document too brief  Document too detailed  Lack of commitment to the outsourcing process, which may include:  resources  finance  monitoring tools  support tools  management  control

20 © 2001 Deloitte & Touche. This presentation contains proprietary information and materials which are the property of Deloitte & Touche. All rights reserved. Customer/Supplier versus Partnership  Research from Compass suggests that while less than 5% of outsourcing contracts are taken back in house, another 50% of contracts fail to deliver initial expectations.  Average length of a contract is between 5 and 10 years - this is a long term business commitment!  Choosing the right partner is essential - look for cultural and business fit before you start  Outsourcing does not involve a shift of power from the organisation to the outsourcer - management is still responsible for the outsourced functions and assets  More than 80% of contracts fail because of poor governance  Governance resource costs should be around % of the total contract value (source: Compass)  A balance must be created between micromanagement and abdication of responsibility  The arrangement must be beneficial to BOTH parties - in general, low costs will mean reduced service

21 © 2001 Deloitte & Touche. This presentation contains proprietary information and materials which are the property of Deloitte & Touche. All rights reserved. Audit considerations Statement of auditing standard, SAS 480 “Service Organisations” states:  “Auditors should identify whether a reporting entity uses service organisations and assess the effect of any such use on the procedures necessary to obtain sufficient appropriate audit evidence to determine with reasonable assurance whether the user entity’s financial statements are free of material misstatement (SAS 480.1)”

22 © 2001 Deloitte & Touche. This presentation contains proprietary information and materials which are the property of Deloitte & Touche. All rights reserved. Audit considerations On obtaining audit evidence, the standard is clear: “Based on their understanding of the aspects of the user entity’s accounting system and control environment relating to relevant activities, user entity auditors should: a) assess whether sufficient appropriate audit evidence concerning the relevant financial statement assertions is available from records held at the user entity; and if not, b) determine effective procedures to obtain evidence necessary for the audit, either by direct access to records kept by service organisations or through information obtained from the service organisations or their auditors. (SAS 480.6)”

23 © 2001 Deloitte & Touche. This presentation contains proprietary information and materials which are the property of Deloitte & Touche. All rights reserved. Audit considerations Internal and external auditors cannot ignore the outsourced operations when providing assurances to management and shareholders

24 © 2001 Deloitte & Touche. This presentation contains proprietary information and materials which are the property of Deloitte & Touche. All rights reserved. Auditing considerations Effectively, auditors have 3 alternatives:  1) Rely on a Service Auditor’s report from the outsourcer;  2) Carry out audit procedures directly with the outsourcer as if the processes were still in-house; or  3) Consider whether evidence from the user entity, together with independent confirmations from the service organisation, amount to sufficient evidence.  Not always feasible if the evidence is not independent, e.g. where the service organisation can initiate transactions on the user entity’s behalf without prior agreement or approval.  If the external auditors cannot obtain adequate evidence, they must qualify or issue a disclaimer of the audit opinion on the basis of scope limitation (SAS 480.8)

25 © 2001 Deloitte & Touche. This presentation contains proprietary information and materials which are the property of Deloitte & Touche. All rights reserved. Service Auditor’s reports  Reports carried out by the service organisation’s auditors which can be provided to the auditors of customers;  Subject to separate terms of engagement from the external audit opinion (if carried out by the external auditors);  Must be independent;  Customers’ external auditors must verify that the scope of the audit is sufficient and appropriate for its intended use (SAS 480.7).  There are 2 standards in place which define the work to be carried out:  SAS 70 (a US standard); and  FIT 1/94 (an ICAEW standard).  Both standards cover IT audit work only, but provide a good benchmark for the extent of work and the opinion required.

26 © 2001 Deloitte & Touche. This presentation contains proprietary information and materials which are the property of Deloitte & Touche. All rights reserved. What are the most common reasons for Outsourcing arrangements to fail?  Unrealistic or politically motivated business case  Inadequate matching of requirements against supplier capabilities  Poor management and governance  Personnel motivational issues  Inadequately drafted service level agreement(s)  Lack of partnership / trust in relationship

27 © 2001 Deloitte & Touche. This presentation contains proprietary information and materials which are the property of Deloitte & Touche. All rights reserved. High Level Conclusions  Remember that the reason for outsourcing is to benefit the Business  Look forward, not backwards - retrospection is negative  The supplier has to make a profit  a partnership works, a basic commercial arrangement doesn’t  The outsourcing arrangement is “living” and must be constantly reviewed and refined  An outsourcing arrangement makes little or no difference to the auditors’ responsibility

28 © 2001 Deloitte & Touche. This presentation contains proprietary information and materials which are the property of Deloitte & Touche. All rights reserved.

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.