Enabling Processes
Enabling Processes
Enabling Processes
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
CHAPTER 5<br />
COBIT 5 PROCESS REFERENCE GUIDE CONTENTS<br />
APO10 Process Practices, Inputs/Outputs and Activities (cont.)<br />
Management Practice Inputs Outputs<br />
APO10.03 Manage supplier relationships<br />
From Description Description To<br />
and contracts.<br />
Formalise and manage the supplier relationship for<br />
each supplier. Manage, maintain and monitor contracts<br />
BAI03.04 Approved acquisition plans Supplier roles<br />
and responsibilities<br />
Internal<br />
and service delivery. Ensure that new or changed<br />
Communication and Internal<br />
contracts conform to enterprise standards and legal and<br />
review process<br />
regulatory requirements. Deal with contractual disputes.<br />
Activities<br />
Results and suggested<br />
improvements<br />
Internal<br />
1. Assign relationship owners for all suppliers and make them accountable for the quality of service(s) provided.<br />
2. Specify a formal communication and review process, including supplier interactions and schedules.<br />
3. Agree on, manage, maintain and renew formal contracts with the supplier. Ensure that contracts conform to enterprise standards and legal and<br />
regulatory requirements.<br />
4. Within contracts with key service suppliers include provisions for the review of supplier site and internal practices and controls by management or<br />
independent third parties.<br />
5. Evaluate the effectiveness of the relationship and identify necessary improvements.<br />
6. Define, communicate and agree on ways to implement required improvements to the relationship.<br />
7. Use established procedures to deal with contract disputes, first using, wherever possible, effective relationships and communications to overcome<br />
service problems.<br />
8. Define and formalise roles and responsibilities for each service supplier. Where several suppliers combine to provide a service, consider allocating a<br />
lead contractor role to one of the suppliers to take responsibility for an overall contract.<br />
Management Practice Inputs Outputs<br />
APO10.04 Manage supplier risk.<br />
From Description Description To<br />
�������� ��� ������ ���� �������� �� ���������� �������<br />
to continually provide secure, efficient and effective<br />
service delivery.<br />
APO12.04 � ������� �� �����������<br />
risk assessments<br />
� ���� �������� ��� ����<br />
Identified supplier<br />
delivery risk<br />
APO12.01<br />
APO12.03<br />
BAI01.01<br />
profile reports<br />
for stakeholders<br />
Activities<br />
Identified contract<br />
requirements to<br />
minimise risk<br />
Internal<br />
�� ��������� ������� ���� ����� ������������ ������ ���� �������� �� ��� ���������� ������� �� ������� ������� ������������ ������������ ��������� ��������<br />
and continually.<br />
2. When defining the contract, provide for potential service risk by clearly defining service requirements, including software escrow agreements,<br />
alternative suppliers or standby agreements to mitigate possible supplier failure; security and protection of intellectual property (IP); and any legal<br />
or regulatory requirements.<br />
Management Practice Inputs Outputs<br />
APO10.05 Monitor supplier performance<br />
From Description Description To<br />
and compliance.<br />
Periodically review the overall performance of suppliers,<br />
compliance to contract requirements, and value for<br />
Supplier compliance<br />
monitoring criteria<br />
Internal<br />
money, and address identified issues.<br />
Activities<br />
Supplier compliance<br />
monitoring review results<br />
MEA01.03<br />
1. Define and document criteria to monitor supplier performance aligned with service level agreements and ensure that the supplier regularly and<br />
transparently reports on agreed-on criteria.<br />
2. Monitor and review service delivery to ensure that the supplier is providing an acceptable quality of service, meeting requirements and adhering to<br />
contract conditions.<br />
3. Review supplier performance and value for money to ensure that they are reliable and competitive, compared with alternative suppliers and<br />
market conditions.<br />
4. Request independent reviews of supplier internal practices and controls, if necessary.<br />
5. Record and assess review results periodically and discuss them with the supplier to identify needs and opportunities for improvement.<br />
6. Monitor and evaluate externally available information about the supplier.<br />
Personal Copy of: Mr. Dong Hong Wang<br />
99<br />
Align, Plan and Organise