Vendor Selection

When shopping for an IT solution for your enterprise, there are two things you should scrutinise: the product (or service) itself and its vendor. Many times, companies overlook the importance of the latter, giving the reason that “it’s only the product we need”.

Wrong.

What about after-sales technical support and training? Ok, so you have an in-house team with the required competency for that IT solution in question… not that I believe it’s reasonable basis to pass up on the expertise that the vendor can provide. How about upgrades, patches, and documentation?

Still unperturbed? Here’s one factor that you may not have started to consider – What happens to your product if the vendor goes bankrupt or gets swallowed by a merger and acquisition? Surely, you no longer believe this is far from possible, do you?

But how are you supposed to know the financial stability of each vendor or whether it is an acquisition target? Well, you can either conduct your own research or you can leave that up to us. Part of our job includes not only establishing linkages in the industry but also being in-the-know on such relevant information.

Evaluation of Business Needs

You can’t separate vendor selection from the process of choosing the desired IT tool. That’s why our vendor selection services starts by defining exactly what your business needs are.

Once we’ve pinned down your needs, we can then narrow down the list of possible IT solutions. Only then can we proceed with the main vendor selection process.

Have you ever been caught in a situation wherein you thought you knew what you wanted, only to end up realising it’s not what you were looking for after all? We’re here to make sure you don’t get caught in that kind of situation when choosing an enterprise-class IT solution.

With the TCO (total cost of ownership) of such solutions typically running up to hundreds of thousands of euros, you can’t afford to arrive at what you really want by way of trial and error.

These are the things you stand to benefit the moment we start working with you:

  • Thorough assessment of your IT needs. We’ll consult the people in your organisation who’ll be affected the most in order to obtain a clear picture of what your specific needs really are. Most IT solution purchases are made with very little consultation that, after installation, many of the end users don’t benefit at all.
  • Minimal interruption during assessment. As with all our other services, we see to it that the interruptions we make are absolutely necessary. So the moment we start with our work, you can still continue with yours.
  • Insightful suggestions of the required IT solution. You still know your business better. So even after we’ve gone through the assessment and given our recommendations, the decision as to what IT tool should be pursued will still be up to you. The difference now is, you’ll be making a decision based on expertly gathered information put forward in an insightful proposal.

Request and Evaluation of Vendor Proposals

With so many IT solutions companies mushrooming, it is becoming more difficult to keep track of them, their specialities, strengths, and weaknesses.

Companies selling best-of-breed products may be relatively easy to spot. But there are also other attributes that are equally important but not as well publicised. For instance, which companies offer better quality management philosophies? Which companies have strategic visions running parallel to yours? Which of them possess implementation capabilities that can cater to your rapidly growing IT requirements?

Vendors who answer positively to these queries need to be given the appropriate importance in the selection process. We see to it that these and other relevant attributes are factored into our scorecards and evaluation processes.

These are the things you can look forward to when you grant us the opportunity to serve you.

  • Experience is a vital item in our vendor selection criteria. Our vast knowledge of the reliable players in the industry will lead you to experienced vendors who can hit the ground running from day one and continue with the same vigour onward.
  • We can help you draw positive response for each of your Request For Proposals (RFPs) or Request For Information (RFIs). Did you expect these vendors to be enthusiastic in sending out proposals each time you asked them to? Think again. You’ll have to persuade them first of your sincerity to become a potential customer. With our help, your RFPs will make preferred vendors see “opportunity” written all over.
  • No need to go “Eany, meeny, miny, moe”. Deciding which vendors should move up in the selection process can take up a lot of time if you don’t know which criterion should be given more weight. Our scorecards are designed to collect the most relevant information and to generate results that will help you decide on these matters at a glance.

Interview, Negotiation, and Monitoring

As soon as you start getting positive response to your Request For Proposals, the interview process should be next. It’s at this point that vendors can present and highlight their strengths while we try to glean as much information of their true capabilities as well as their dedication to the project.

Some companies can provide proof-of-concepts and we may require them as part of the interview process. This will not only give us a better idea as with regards to their product’s capabilities, but also to their level of expertise on the solution in question.

  • We’ll help you set up the interview process and organise the evaluation committee. Members of the committee will typically include representatives from each department that will be affected by the new technology, which we would have already identified during our Evaluation of Business Needs.
  • Since our scorecards are designed to expedite the filtering and selection process, you may eventually be able to choose the finalists yourself. However, in the event that two or more vendors turn out evenly matched, we’ll help you identify the better company.
  • We’re very familiar with the price ranges of various IT solutions, including the effects on price of certain variables. As such, we can tell you whether a product’s price tag is justified or not.
  • Our exceptional familiarity on both the IT industry and the entire negotiation processes itself will give you the edge when it’s time for us to haggle for the best bang for the buck.
  • After the contract is awarded, we’ll even be on hand to monitor whether deliverables are handed over and milestones are achieved as promised.

Check our similar posts

Network Security

The easiest way for an external threat to get to your private data is through your network. The easiest way to eliminate that threat? Get your data out of the network. Of course, we know you wouldn’t want to do that. We also know that while you may want to sniff every packet for anything suspicious, you wouldn’t want your network to crawl either.

That’s why we’re offering to put up the most efficient checkpoints on every route that leads into and out of your system.

So what can you expect from our brand of network security?

  • Review of your policies and processes for weaknesses – If we see a loophole, we’ll recommend modifications wherever necessary.
  • Protection for your applications and infrastructure – Since we’re familiar with both software and hardware-based protection systems, we can recommend which type is best suited for your setup.
  • Automated identification of business and mission critical applications – They’ll be given priority in your network to ensure bandwidth allocation is optimised.
  • Automated network audits and vulnerability management – Tired of getting prompted by pesky vulnerability notices and don’t know what to do with them? Well, that’s why we’re here.
  • Customisable security reports that contain only relevant and accurate data.

We can also help you with the following:

How the Dodd-Frank Act affects Investment Banking

The regulatory reform known as the Dodd-Frank Act has been hailed as the most revolutionary, comprehensive financial policy implemented in the United States since the years of the Great Depression. Created to protect consumers and investors, the Dodd-Frank Act is made up of a set of regulations and restrictions overseen by a number of specific government departments. As a result of this continuous scrutiny, banks and financial institutions are now subject to more-stringent accountability and full-disclosure transparency in all transactions.

The Dodd-Frank Act was also created to keep checks and balances on mega-giant financial firms that were considered too big to crash or default. This was especially deemed crucial after the collapse of the powerhouse financial institution Lehman Brothers in 2008. The intended result is to bring an end to the recent rash of bailouts that have plagued the U.S. financial system.

Additionally, the Dodd-Frank Act was created to protect consumers from unethical, abusive practices in the financial services industry. In recent years, reports of many of these abuses have centered around unethical lending practices and astronomically-high interest rates from mortgage lenders and banks.

Originally created by Representative Barney Frank, Senator Chris Dodd and Senator Dick Durbin, the Dodd-Frank Wall Street Reform and Consumer Protection Act, as it is officially called, originated as a response to the problems and financial abuses that had been exposed during the nation’s economic recession, which began to worsen in 2008. The bill was signed into law and enacted by President Obama on July 21, 2010.

Although it may seem complicated, the Dodd-Frank Act can be more easily comprehended if broken down to its most essential points, especially the points that most affect investment banking. Here are some of the component acts within the Dodd-Frank Act that directly involve regulation for investment banks and lending institutions:

* Financial Stability Oversight Council (FSOC): The FSOC is a committee of nine member departments, including the Securities and Exchange Commission, the Federal Reserve and the Consumer Financial Protection Bureau. With the Treasury Secretary as chairman, the FSOC determines whether or not a bank is getting too big. If it is, the Federal Reserve can request that a bank increase its reserve requirement, which is made up of funds in reserve that aren’t being used for business or lending costs. The FSOC also has contingencies for banks in case they become insolvent in any way.

? The Volcker Rule: The Volcker Rule bans banks from investing, owning or trading any funds for their own profit. This includes sponsoring hedge funds, maintaining private equity funds, and any other sort of similar trading or investing. As an exception, banks will still be allowed to do trading under certain conditions, such as currency trading to circulate and offset their own foreign currency holdings. The primary purpose of the Volcker Rule is to prohibit banks from trading for their own financial gain, rather than trading for the benefit of their clients. The Volcker Rule also serves to prohibit banks from putting their own capital in high-risk investments, particularly since the government is guaranteeing all of their deposits. For the next two years, the government has given banks a grace period to restructure their own funding system so as to comply with this rule.

? Commodity Futures Trading Commission (CFTC): The CFTC regulates derivative trades and requires them to be made in public. Derivative trades, such as credit default swaps, are regularly transacted among financial institutions, but the new regulation insures that all such trades must now be done under full disclosure.

? Consumer Financial Protection Bureau (CFPB): The CFPB was created to protect customers and consumers from unscrupulous, unethical business practices by banks and other financial institutions. One way the CFPB works is by providing a toll-free hotline for consumers with questions about mortgage loans and other credit and lending issues. The 24- hour hotline also allows consumers to report any problems they have with specific financial services and institutions.

? Whistle-Blowing Provision: As part of its plan to eradicate corrupt insider trading practices, the Dodd-Frank Act has a proviso allowing anyone with information about these types of violations to come forward. Consumers can report these irregularities directly to the government, and may be eligible to receive a financial reward for doing so.

Critics of the Dodd-Frank Act feel that these regulations are too harsh, and speculate that the enactment of these restrictions will only serve to send more business to European investment banks. Nevertheless, there is general agreement that the Dodd-Frank Act became necessary because of the unscrupulous behaviour of the financial institutions themselves. Although these irregular and ultimately unethical practices resulted in the downfall of some institutions, others survived or were bailed out at the government’s expense.

Because of these factors, there was more than the usual bi-partisan support for the Dodd-Frank Act. As a means of checks and balances, the hope is that the new regulations will make the world of investment banking a safer place for the consumer.

Contact Us

  • (+353)(0)1-443-3807 – IRL
  • (+44)(0)20-7193-9751 – UK
How COBIT helps you achieve SOX Compliance

First released way back in 1996, COBIT has already been around for quite a while. One reason why it never took off was because companies were never compelled to use it ? until now. Today, many CEOs and CIOs are finding it to be a vital tool for achieving SOX compliance in IT.

Thanks to SOX, COBIT (Control Objectives for Information and related Technology) is now one of the most widely accepted source of guidance among companies who have IT integrated with their accounting/financial systems. It has also gained general acceptability with third parties and regulators. But how did this happen?

Role of control frameworks in SOX compliance

You see, the Sarbanes-Oxley Act, despite having clearly manifested the urgency of establishing effective internal controls, does not provide a road map for you to follow nor does it specify a yardstick to help you determine whether an acceptable mileage in the right direction has already been achieved.

In other words, if you were a CIO and you wanted to find guidance on what steps you had to take to achieve compliance, you wouldn’t be able to find the answers in the legislation itself.

That can be a big problem. Two of your main SOX compliance obligations as a CEO or CIO is to assume responsibility in establishing internal controls over financial reporting and to certify their effectiveness. After that, the external auditors are supposed to attest to your assertions. Obviously, there has to be a well-defined basis before you can make such assertions and auditors can attest to anything.

In the language of auditors, this ?well-defined basis? is known as a control framework. Simply put, once you certify the presence of adequate internal controls in your organisation, the external auditor will ask, ?What control framework did you use??

Knowing what control framework you employed will help external auditors determine how to proceed with their evaluations and tests. For your part, a control framework can serve as a guide to help you work towards specific objectives for achieving compliance. Both of you can use it as a common reference point before drawing any conclusions regarding your controls.

But there are many control frameworks out there. What should you use?

How SOX, COSO, and COBIT fit together

Fortunately, despite SOX?s silence regarding control frameworks, you aren’t left entirely to your own devices. You could actually take a hint from the SEC and PCAOB, two of the lead organisations responsible for implementing SOX. SEC and PCAOB point to the adoption of any widely accepted control framework.

In this regard, they both highly endorse COSO, a well-established internal control framework formulated by the Committee of Sponsoring Organisations of the Treadway Commission (COSO). Now, I must tell you, if you’re looking specifically for instructions pertaining to IT controls, you won’t find those in COSO either.

Although COSO is the most established control framework for enterprise governance and risk management you’ll ever find (and in fact, it’s what we recommend for your general accounting processes), it lacks many IT-related details. What is therefore needed for your IT processes is a framework that, in addition to being highly aligned with COSO, also provides more detailed considerations for IT.

This is where COBIT fits the bill.

How COBIT can contribute to your regulatory compliance endeavors

COBIT builds upon and adheres with COSO while providing a finer grain of detail focused on IT. You can even find a mapping between COBIT IT processes and COSO components within the COBIT document itself.

Designed with regulatory compliance in mind, COBIT lays down a clear path for developing policies and good practice for IT control, thus enabling you to bridge the gap between control requirements, technical issues, and business risks.

Some of the components you’ll find in COBIT include:

IT control objectives

These are statements defining specific desired results that, as a whole, characterise a well-managed IT process. They come in two forms for each COBIT-defined IT process: a high-level control objective and a number of detailed control objectives. These objectives will enable you to have a sense of direction by telling you exactly what you need to aim for.

Maturity models

These are used as benchmarks that give you a relative measurement stating where your level of management or control over an IT process or high-level control objective stands. It serves as a basis for setting as-is and to-be positions and enables support for gap analysis, which determines what needs to be done to achieve a chosen level. Basically, if a control objective points you to a direction, then its corresponding maturity model tells you how far in that direction you’ve gone.

RACI charts

These charts tell you who (e.g. CEO, CFO, Head of Operations, Head of IT Administration) should be Responsible, Accountable, Consulted, and Informed for each activity.

Goals and Metrics

These are sets of goals along with the corresponding metrics that allow you to measure against those goals. Goals and metrics are defined in three levels: IT goals and metrics, which define what business expects from IT; process goals and metrics, which define what the IT process should deliver to support It’s objectives; and activity goals and metrics, which measure how well the process is performing.

In addition to those, you’ll also find mappings of each process to the information criteria involved, IT resources that need to be leveraged, and the governance focus areas that are affected.

Everything is presented in a logical and manageable structure, so that you can easily draw connections between IT processes and business goals, which will in turn help you decide what appropriate governance and control is needed. Ultimately, COBIT can equip you with the right tools to maintain a cost-benefit balance as you work towards achieving SOX compliance.

Ready to work with Denizon?

Contact Us Today