November 21, 2017
Strategic Partnerships Group Recap: Risk of Rogue Sourcing
Last week during our Strategic Partnership Group meeting, we had a great open discussion on the risks of rogue sourcing and how to mitigate those risks. A huge thank you to Mart Mettert, Manager of IT Vendor Management at 3M, for facilitating this discussion.
We started off by defining what rogue sourcing is. Essentially, rogue sourcing is similar to Shadow IT in that standard agreements or types of sourcing and their processes are not used as defined by company policies and procedures. As mentioned in our discussion it includes things like, someone hitting “yes” on an agreement, acquisition of a service without a process in place, and bringing your favorite vendor along with you to a new company. With that being said, as a leader within IT, you are not the only person who is dealing with rogue sourcing and the difficulties it may bring.
Mark asked the group, “In your experience, what are some examples of things that went wrong?” They came up with examples such as a business department within their organization making purchases relating to a cloud service without the knowledge of the IT department. In another example, someone mentioned an experience where scorecard results were never shared with the IT department. It is important for the IT department to be involved in areas such as those mentioned above, especially, when it leads to risks like the ones mentioned below.
The focus of our meeting was based on the risks of rogue sourcing and how to mitigate them. Through a collaborative discussion, here’s what the group came up with.
Risks of Rogue Sourcing
|Loss of ownership or leverage||Contractual issues|
|Loss of buying power||Lack of due diligence|
|Security and data risks||No SLAs|
|Confidentiality risks||Inability to track assets|
|Data privacy/legal exposure||Support and maintenance terms|
|Agreements done after the fact||Decreased vendor competition|
|Non-compatible system sourcing||Not seeing the best technology for a given situation|
|Speed analytics and reporting issues||Increased cost|
How to Mitigate Rogue Sourcing
|Communication (reporting process)||Pro-active planning with business teams|
|Need formal documented process||Limit spending methods|
|Simplify processes||Limited admin rights|
|Build relationships (make it easy)||Develop mature purchasing with sourcing department|
|Champion team||Develop vendor management program|
|Consequences for “rogue” procurement||Executive sponsorship and buy-ins|
|Restrict signing authorities||Continuously do these steps|
|Define policy and procedures|
What consequences has your organization experienced as a result of rogue sourcing and did you work to mitigate those risks in the future?