Decision-making aid when choosing tools for outsourcing management

Important criteria for choosing an outsourcing management tool

The new regulatory requirements increase the complexity of outsourcing management. A compliance-compliant and effective management of service provider risks in accordance with MaRisk, BAIT, EBA/GL/2019/02 and DORA is no longer possible with conventional tools. This makes the use of a standard solution that represents the entire outsourcing management out-of-the-box, offers automated workflows and is user-friendly.

Experience has shown that when selecting tools, a company should pay attention to the following important criteria in order to choose the right tool and, above all, the right provider.

Compliance & functionality
- The solution meets applicable regulatory requirements such as MaRisk, BAIT, EBA/GL/2019/02 and DORA out of the box
- During the contract phase, the provider implements the regulatory changes independently
- The tool maps the entire outsourcing process (classification, contract management, materiality & risk analysis, contract review, due diligence, exit strategy) for all types of external procurement (outsourcing & other outsourcing IT and non-IT) and onward transfers
- The tool includes a scenario analysis that is as automated as possible to determine the risk capital for OpRisk (Third Party Risk)
- The dependencies between services, service providers, sub-services and sub-service providers are automatically mapped
- The tool offers standard-defined KPIs/Kris to assess the risks and quality of service providers as well as standard reports (ad-hoc and regular)
- Audit-proof regular and ad-hoc update of outsourcing behavior including reminder function included
- The control functions are integrated in compliance with compliance and their approvals are documented in an audit-proof manner
- Contracts can be assigned to individual issues in an audit-proof manner and stored in a structured manner
- The outsourcing and action register and task management are fully automated

Professional competence of the provider
‍- The provider has the technical and methodological know-how to successfully introduce the tool
- The provider is able to professionally design and implement new regulatory changes during the contract period
- The provider offers consulting services and training
- The provider has the necessary expertise to continuously develop the tool
- Support is provided by the provider's professionally qualified personnel during the contract period

‍Technology & usability
‍- The tool is developed with independent technologies such as Java and offers maximum flexibility
- There are no critical dependencies on sub-providers such as low-code or platform solutions
- The tool offers all common options for connecting to internal authorization management
- The tool ensures consistent data, user centricity and clear feedback and is clear, efficient and easy to use
- The solution can be used both for sole proprietorships and for a corporation with group-wide outsourcing management

Price & contract
‍- The provider offers software and advice from a single source
- The implementation of regulatory changes is carried out by the provider throughout the contract period
- The costs can be planned and do not change or change slightly during the contract period
- The provider or its sub-providers meet the relevant data protection and information security requirements
- The level of compliance with the above requirements justifies the price.

A number of things should therefore be considered when choosing a suitable tool, especially as compliance issues are affected. The fact that the solution is developed and supported by specialist experts should not be ignored, because this is the only way your company benefits from a practical tool.