|
Main
Page by Topic |
||
C. Statistics |
Vendor
Risk Mitigation Strategies
See Also: Vendor
Risk Management
See Also: Vendor Risk Audit
Checklist
Overview
This page
provides suggestions for strategies that do two things:
1) Mitigate,
i.e., reduce, Vendor Risk and
2) Decrease
TCO (Total Cost of Ownership) or otherwise help a firm.
It is
important that the items do both.
Why? It would be a hard sell for
an IT firm to spend money on a project that only reduced CTRM Vendor Risk with
no other benefits.
Also, consider
for each of the below, most if not all of the items will make Upgrades easier. In other words, where appropriate, rather than
spend some Upgrade budget on a like-for-like upgrade for some particular system
functionality, maybe instead redirect that budget to a better solution with
lower Vendor Risk and lower TCO.
CTRM Vendor Risk
Mitigation Strategies, Tips and Techniques
Note: This is a starter list. Look for additional items to be added, as
well as additional clarifying descriptions to be added by November 2020. In the meantime, make sure to check out the
links above, especially the Vendor Risk Audit
Checklist.
1) Where
practical, create an abstraction layer between your systems and the
vendor-supplied CTRM system. Such that there are no or minimal direct links/interfaces to/from
the CTRM system and the rest of the systems in the organization. Web Services can be a tool to use to help
achieve this.
2) Own your
data
e.g., keep
relevant data in a system you built and own, sometimes called a ‘Datamart’ or a
‘Data Warehouse’. E.g., consider a
future state as to what things would look like if you were to stop using your
legacy CTRM system.
3) For end of
day reporting and extracts/interfaces, instead of creating them directly from
the CTRM system, create them from a Datamart/data warehouse. Send the rawest of raw data each day to the datamart.
4) In
particular, consider that a Big CTRM system may have a ‘Scripting Language’ or
‘Extensibility Language’ that allows for firms to code, sometimes into the 10s
of thousands of lines of code, customizations and reports.
Firms have
historically put their custom business logic for extracts/reports directly into
the CTRM systems, using the CTRM systems as development environments for new
code. That can offer a convenience and
is less of a worry in a low Vendor Risk environment.
In a high Vendor
Risk environment, firms should consider halting or extremely limiting new code
being written ‘behind the firewall’ of a CTRM’s proprietary APIs. And instead try to do as much as possible,
i.e., in terms of reporting especially, outside of the CTRM system, using more
open tools.
5) Limit your
usage of the CTRM systems front end for trade entry. Build your own or use off-the-shelf tool,
e.g., OMS Order Management Systems.
Introduction to
CTRM
Click on this
link for a great introduction to CTRM software: Introduction to CTRM Software