Welcome » IT Booklets » Outsourcing Technology Services » Risk Management » Risk Assessment and Requirements » Requirements Definition
The definition of business requirements sets the stage for all outsourcing actions and forms the basis for subsequent management of the outsourced activity. The requirements are developed through a process that identifies the functions or activities to be outsourced, assesses the risk of outsourcing those functions or activities, and establishes a baseline from which appropriate control measures can be identified. These requirements provide a basis for an understanding between the financial institution and the service provider as to what the risks are and how they will be managed and controlled.
Key Practices Sound practices for the development of requirements include:
Components The requirements definition phase should result in a detailed document containing descriptions of the institution's expectations relative to the outsourced service. The requirements document may consider, but is not limited by, the following high level topical components:
When outsourcing to a subsidiary or affiliate is considered, management must assure that the components outlined above evidence an arms-length transaction. An arrangement between a financial institution and an affiliate or subsidiary should be on terms that are substantially the same, or at least as favorable to the institution, as those prevailing at the time for comparable transactions with a non-affiliated third party.