|
Main
Page by Topic |
||
C. Statistics |
Vendor
Risk Management (VRM)
See Also: Vendor Risk Audit
Checklist
See Also: Vendor
Risk Mitigation
Overview
Provides an
introduction to Vendor Risk Management in the context of CTRM Software,
including observations and considerations on how the rise of Big CTRM impacted the
Vendor Risk profile of impacted firms.
Figure Thumbnails
Figure
1 |
Figure
2 |
Figure
3 |
1) Different Kinds of Risk Firms Face
2) What Is Vendor Risk And Why Has It Become
Important Again?
3) Vendor Risk: Perceived versus Actual
4) Vendor Risk Mitigation – What Can Be Done To Reduce Vendor Risk?
1) Different Kinds of Risk Firms Face
Firms that
trade in commodities, hedgers, market makers, speculators are very well aware
of the following three main types of Risk:
Market Risk – the risk that market prices move
against, i.e., that you lose money due to price changes
Credit Risk – the risk that your counterparty does
not pay you back in full for money they owe you
Operational Risk – the risk that one of a myriad of
operational items is not done as it should.
For example, an invoice does not get send out that should, or a payment
due is overpaid, or an option that should have been exercised was not.
For those
risks, they are given a lot of visibility within a firm, with daily reporting,
and often a person or team in a role, e.g., ‘Credit Risk Department’.
Vendor risk is
another category of risk that should also be of concern for commodities firms
that use a vendor, especially a Big CTRM vendor, for their CTRM solution. See Figure #1.
2) What Is Vendor Risk And Why Has It
Become Important Again?
2.1) Vendor Risk encompasses all of these
items:
1) The risk
that your CTRM Vendor goes out of business. Leaving you with a ‘stranded’ system, i.e.,
one that won’t be getting future upgrades.
2) The risk
that your CTRM vendor stops supporting your particular Software Package. For example, if a Big CTRM vendor buys up
several software companies, each with similar offerings, and then decides that
it will maintain just one of them. If
your firm is on the wrong one, you might have the unexpected costs of needing
to switch systems, even if it they are both from the same vendor.
3) There is
also the risk that your CTRM vendor materially reduced their annual investment
into the software. For example, what if
they used to have 100+ developers and then reduce down to just 10.
4) As a
variation… it is not just the number of developers that counts… it is also how
much of a working knowledge they have.
There could be a ‘brain drain’.
For example, if 40 people with a vast working knowledge of the software
leave and are replaced with new people.
E.g., the original creators are gone and the new people can’t develop
nearly as quickly. The effective number
of people has been reduced, to your detriment.
5) The risk
that the level of service drops in other areas, such as the support desk. i..e, the technical help desk.
Perhaps you have
5.1) Longer
waits
5.2) Lower
qualified people. E.g., maybe you used
to be able to get an actual product manager or developer on the phone. And maybe that changes to where you are just
getting a generic call center.
5.3) Nickle and diming. Perhaps you used to get a
certain number of system-training questions answered for free, as a courtesy
given that your firm pays a lot in maintenance.
The vendor may require that ever minute be billable work to their
services group.
6) Increased
costs for add on and additional licenses.
E.g., adding new ‘engines’ maybe used to cost $10k and now cost
$25k.
7) Switching
from the customer-friendly perpetual licensing approach to the restrictive approach
of forcing users to pay each year to use the software. With a perpetual license, if a firm decides
to stop paying the vendor maintenance, they are still legally able to use the
software forever, i.e., in perpetuity.
Not so with the more restrictive license.
8) Less
frequent user conferences and/or, in the case of Big CTRM, combining many
software packages into one User Conference instead of having a higher value-add
dedicated user conference for each.
2.2) And why it
is important again…
This section
specifically describes the relationship of firms to Big CTRM.
As recently as
a few years ago, firms that used a Big all-in-one CTRM
system had a somewhat equal relationship with their vendor. There was stability over time.
More recently,
industry consolidation and the rise of Big CTRM has
undermined that stability.
3) Vendor Risk: Perceived versus Actual
The important thing
to remember is that in an industry as diverse and widespread as the CTRM
industry, the perceived Vendor Risk, i.e., the perception of trouble,
can lag well behind the actual risk.
For example,
many commodity trading firms are several versions back with regard to the
version of the software that they use.
E.g., the most recent big upgrade may be 3 to 5 years prior. How would they know if a Big CTRM firm
dramatically scaled back on their enhancements to the software.
Or perhaps a
firm only asks for additional licenses every 18 months or so as they slowly
grow. They won’t necessarily be aware of
a dramatic price change or a detrimental switch away from Perpetual Licensing
until the next time they ask for some additional licensing, which may be not for
a year.
4) Vendor Risk Mitigation – What Can Be Done To Reduce Vendor Risk?
The good news
is… there is plenty that a firm can to do mitigate, to reduce their Vendor Risk. Click on the link for the details:
Link: Vendor Risk Mitigation Opportunities
5) Vendor Risk
Audit and Audit-assist Checklist
Click on the link
below for recommended practices for a firm using a Big CTRM system around the
concept of a ‘Vendor Risk Audit’ and provides a useful checklist to help with
the process.
Link: Vendor Risk Audit and
Checklist
Introduction to
CTRM
Click on this
link for a great introduction to CTRM software: Introduction to CTRM Software