Guide Complete Set of Residential Architectural Drawings PDF
Techserv's Outsourcing Assurance Methodology
1. Outsourced
Business Process
Techserv’s Assurance Methodology
2. Use of service providers doesn’t reduce the
responsibility of corporate executives
from maintaining effective internal
controls
- Public Company Accounting Oversight Board
3. THIS IS MEANT FOR THOSE WHO HAVE CONCERNS ON THE
FOLLOWING …………
DO YOU WISH TO OUTSOURCE / OFFSHORE IT SERVICES?
ARE YOU NOT SURE ABOUT SELECTING THE RIGHT IT SUPPLIER?
DO YOU FEEL THE NEED TO CONSIDER EXTERNAL DUE DILIGENCE COMPETENCE?
WOULD YOU LIKE TO BE INDEPENDENT IN SUPPLIER SELECTION?
ARE YOU NOT SURE ABOUT LOCAL REALITIES AND SUPPLIER FACTS?
ARE YOU NOT ABLE TO ASSURE YOURSELF THAT SUPPLIER BILLING IS ACCURATE?
HAVE YOU REGULARLY OBSERVED THAT SLAs ARE NOT COMPLIED WITH?
ARE YOU NOT SURE THAT SUPPLIER IS FOLLOWING THE PROCESSES AS AGREED?
ARE YOUR DELIVERABLES BECOME UNPREDICTABLE?
DO YOU FIND SUPPLIER’S PRODUCT QUALITY IS NOT ACCEPTABLE?
ARE YOU FEELING MISALIGNED WITH THE SUPPLIER ?
ARE YOU NOT SURE THAT YOUR IT / IS SECURITY WILL NOT BE COMPROMISED?
4. Techserv’s Outsourcing / Off-shoring Assurance Services
Development
Contractual Information Project Project
Process
Requirements Security Staffing Billing
Compliance
Assurance Assurance Assurance Assurance
Assurance
Risk Contractual Results / deliveries Loss of IP Poor Quality of Revenue
Obligation are not are not in alignment Compromise on Interactions Leakage
met standard Confidentiality, Poor quality of
expectations Integrity deliveries
Assurance • Review of • Assessment of • Assessment of • Audit of Project • Audit of Billing
Activities Contract Process Definition Information staffing data
• Review of SLAs • Audit of Process Security Controls • Audit of Staffing • Audit of Time
• Review of implementation definition records sheets
Conformance to • Assessment of
Contractual Information
Obligations Security Controls
implementation
Frequency • Quarterly / Half – • Quarterly / Half – • Quarterly Half – • Quarterly / Half – • Quarterly / Half –
yearly / Yearly yearly / Yearly yearly / Yearly yearly / Yearly yearly / Yearly
Purpose • Provide inputs for • Provide • Provide • Provide • To provide
Contract Process independent assurance on assurance on assurance to the
• To identify any assurance on information Project is staffed effect that it is
deviations, if any software security adequate as per contractual accurate and
development and working obligation to complete
Processes both in • Provide ensure
terms of definition assurance on effectiveness and
and security is efficiency
implementation compromised
3
5. Potential Weaknesses likely to occur in absence of controls . . . . .
Contracting. Knowledge Transfer Execution
Wrong Selection of Supplier KT not planned Lack of processes
Contract clauses incomplete Insufficient Budget on KT Inadequate processes
Contract clauses not Staffing of KT inappropriate Processes are not
understood implemented as claimed
Lack of defined and
Contract Clauses are approved processes Lack of training on
overlooked processes
Expectation Mismatch
SLAs are not defined Information Security
adequately Cultural Mismatch overlooked
Contents of the contract not Competency Mismatch Controls weaknesses are
understood by all material
stakeholders uniformly Pilot project not planned to
validate processes, culture Inaccurate reporting of
alignment, competency project progress
alignment
Billing inaccuracies
Staffing not as per contract
Performance Mismatch
4
6. If potential Weaknesses materialize . . . . .
Contracting. Knowledge Transfer Execution
Termination of contract Huge lead time for ‘business Low Productivity
early and restart the whole as usual’ condition
selection process again Poor Product quality
Erosion in faith in
Result in legal disputes Outsourcing as a strategy Lack of alignment
Supplier likely to take Productivity will be low Compromise on Information
advantage of the situation security
Lack of alignment in
Leads to reactive situations expectations Billing may be overstated
SUMMARY Early contract termination
Poor returns on investment due to variance in skill set deployment
Poor product quality
Unpredictability
Very long lead time to reach ‘business as usual’ situation
Revenue leakage due to overstated billing
Compromise on Information confidentiality, integrity and availability
5
7. Techserv’s Assurance Methodology
Assurance
on
Documentation
Review
Stakeholders
Typical Artifacts Interviews
Observation
• Contract of Operations
• Governance • Project
Framework Managers • Project
• Process • Project Execution • Effectiveness
definitions Leaders • Management • Efficiency
• Project Artifacts • Team oversight • Confidentiality
• SLAs Members • Software • Integrity
• Project Plans • CISO Development • Availability
• Metrics • Quality Team • Validation • Compliance
• Internal Audit • Project • Assurance • Accuracy
reports Director • Project • Completeness
• External Audit • Management Billing
reports
• NDAs
• Billing data
• Etc.,
It is expected that resorting to this control would provide:
• Improve the probability of success to the extent of > 50% as envisaged in Outsourcing / off-shoring strategy
• Improve the value realization by > 20%
• Improve the Product Quality by > 30%
• Improve the confidence to you on information security concerns by > 50%
6