New department’s mission and objectives
Different companies incorporate various business interactions with the third-party providers to a different extent. In such a way, depending on the level, at which a particular company functions, the scope of its projects, and the area or industry, in which it is involved, there are different nuances regarding the cooperation with the third-party providers. In the modern business environment, there is a growing need for a new institution in the corporate architecture that would provide a service of constant monitoring and control over the cooperation with the third-party providers (Fowler, 2002).
It is important to note that for larger organizations, such as Netflix, Inc. which is the subject of this design inquiry, there are a number of crucial functions that a new department dealing with interactions with the third-party providers should administer. First of all, it would enhance the effectiveness of “customer service function, where customers with warranted or defective products would return them to their supplier” (Meade & Sarkis, 2002, p. 283).
The mission is that the commercial value of a particular service should not be largely affected by the third-party providers since the company “will want to recover the cost of setting up the service from their customers” (Jefferies, Mitchell, & Walker, 1996, p. 99). Overall, the main objective of the new department is to oversee the third-party providers both in terms of the quality of goods and services they offer and in relation to the cost-effectiveness of their services to the company.
Critical activities to ensure the continuous monitoring of risks
One of the key activities that the new department will implement is to incorporate CobIT Framework that would help to maintain the regulatory aspect of risks monitoring at the level of the entire company (Whitman & Mattord, 2011). The second activity is to align the third-party oversight program with all the other major company’s objectives and goals. The third activity is to improve the overall data warehousing and information exchange at the corporate level.
In addition to that, it is also important to make an account of all the risks that may be associated with the respective technology that is used in data warehousing, which is the fourth critical activity. The fifth step concerns the intermediate stage of the governance implementations, at which the goals of the department are already aligned with those of the organization on the whole. It relates to monitoring the response of the users and customers to the new modes of services, namely user testing (Abelson et al., 1997).
The sixth activity also attends to the response of the users, and it is the pilot and parallel deployment activities that ensure monitoring of the working processes related to the third-party oversight program. Another important stage is to use all the necessary resources for preventing data loss and eschewing security within inner departments. The eighth step is to conduct a validation of all the monitoring processes, as well as users, personnel, and everyone who has access to data.
Finally, the last two activities that the new department should incorporate are to make sure that the ownership of oversight responsibilities internal is internal but also to be able to cooperate with other external agents as well, including various auditors and consultants. In such a way, the required outsourced practices and services will be obtained with minimized risks.
Suggestions for three additional metrics
One of the metrics that should be considered in order to ensure a safer cooperation with third-party providers is the assessment of their liability and volatility in the context of overall performance (Ale & Piers, 2000). According to Ale and Piers (2000), such metric should be based on the quantitative analysis of the financial performance of a particular third-party provider (p. 10). Another metric that can improve and widen the perspective is the estimation of to how many other partners a particular third-party provider offers its services.
The more companies are involved in cooperation with such provider, and the bigger are the risks. Finally, in relation to the second metric, it is important to consider the level and periods of how often and how professional each third-party provider estimates its risks and the safety of its systems. In such a way, the more frequent the evaluation is, the safer it is to interact with such third-party provider.
Corporate governance functions, including the periodic reporting of status
The new department will control the quality of the service the customers receive through various regional providers, namely, in the case of Netflix, Inc., the department is to make sure that the quality of video streaming and other online services is not negatively affected by the regional partners. Another important function of the new department is to monitor whether third-party partners and their resources, as well as the outsourced services, are cost-effective. The new department is to report to the corporate governance regularly on those two aspects. However, regarding the other specifications, the new department is to align its policies with the major corporate goals.
References
Abelson, H., Anderson, R. N., Bellovin, S. M., Benaloh, J., Blaze, M., Diffie, W.,… & Schneier, B. (1997). The risks of key recovery, key escrow, and trusted third-party encryption. New York: Columbia University Press.
Ale, B. J. M., & Piers, M. (2000). The assessment and management of third-party risk around a major airport. Journal of Hazardous Materials, 71(1), 1-16.
Fowler, M. (2002). Patterns of enterprise application architecture. New York: Addison-Wesley Longman Publishing Co.
Jefferies, N., Mitchell, C., & Walker, M. (1996). A proposed architecture for trusted third-party services. In Cryptography: Policy and Algorithms (pp. 98-104). Berlin: Springer.
Meade, L., & Sarkis, J. (2002). A conceptual model for selecting and evaluating third-party reverse logistics providers. Supply Chain Management: An International Journal, 7(5), 283-295.
Whitman, M., & Mattord, H. (2011). Roadmap to Information Security: For IT and Infosec Managers. New York: Cengage Learning.