Having positive vendor relationships is essential to running a successful organization. But vendor management has a lot of moving parts, and you’ve got a lot to keep track of: who your third parties are, what services they provide, what sensitive information they have access to, which internal policies apply to them and so much more. Without having a foundation of vendor management best practices, truly excelling at your job is difficult and could even lead to vendor risks manifesting into failures in your business.
This guide aims to serve as an overview of best practices for vendor management and will illustrate the risks to consider when managing vendors, 6 key vendor management best practices, a vendor checklist, supplier management solutions, and more.
Did you know that over 80% of corporate scandals can be tied to failures in vendor management? Here at LogicManager, we often say that you can outsource processes, but you can’t outsource risk. Just because a vendor is completing a process for you doesn’t mean that at the end of the day, your organization doesn’t hold any of the risks associated with that process. In fact, it’s quite the opposite.
Your vendors’ risks should be considered risks of your very own. That’s why it’s critical when performing vendor management activities to take a risk-based approach. Take for example the risk your organization is up against when your vendors are customer-facing: if they are not meeting the standards you and your customers hold your business to, those potential or existing customers might take their business elsewhere.
This is just one example of how failure in vendor management can directly impact your bottom line. Customers don’t care if a mishap or scandal’s root cause lies with your vendor; at the end of the day, your organization allowed the risk to manifest and impact their experience. In 2013, Target fell victim to a security breach that gave hackers access to millions of customers’ sensitive information. On top of the $202 million they spent on legal fees, Target shelled out nearly $20 million in a multistate settlement. Their sales also decreased dramatically. The hackers gained access via a third party POS system, meaning that the entire scandal could have been prevented had Target practiced proper risk-based vendor management.
Table of Contents
6 Vendor Management Best Practices
This list of 6 vendor management best practices can be referenced as a comprehensive guide for taking a risk-based approach to vendor management:
1. Avoid negligence wherever possible.
Make sure you do not allow the negligence of your vendor to negatively impact your business operations. It is extremely critical that you ensure your critical vendors are as concerned about the safety of their employees as you are about the safety of your own.
2. Have a thorough understanding of geographic risk factors.
It helps you to know where your vendors, as well as your vendors’ vendors, are located. It keeps you plugged into external factors that may be interfering with their geographic area at any given time.
3. Know where their finances stand.
Assess your vendors’ financial implications. Are your vendors contributing to a positive ROI? Taking note of this will help you keep track of which relationships are most valuable to renew.
4. Avoid duplicative partnerships.
Before agreeing to a new vendor relationship, make sure that their value add is unique. Setting this standard helps you keep unnecessary business expenses to a minimum.
5. Work smarter, not harder.
Automate your vendor onboarding process and vendor contracts. Create a reusable but customizable vendor request profile for external contacts to submit. Use this form as a means to add any complex questions that may impact your vendor decision-making.
6. Gain a holistic picture of the relationship.
Enter all new partnerships with comprehensive risk data. Ask the hard-hitting questions early on; the wellness of your business depends on it.
Solutions to Manage Your Vendors
One way to ensure that you’re gaining a holistic view of your vendors is by completing regular due diligence. So what should you be looking for? Start by creating a vendor due diligence checklist to make sure you cover all your bases. Here are some areas to focus on:
Conditions of Facilities
Does the staff have effective cleaning measures in place?
Is the location exposed to hazardous matter?
Is the internal environment properly climate controlled?
Staff Training Policies
How comprehensive is their worker training program?
How are their employee retention rates?
Is there a clear and skilled leader?
How do they manage and protect their data?
Is access to sensitive information controlled and limited to specific users?
What is their maintenance schedule?
How easily can they identify key operational personnel?
What is their recovery point objective (RPO) and recovery time objective (RTO)?
Have they prioritized an off-site backup?
While it’s best practice to maintain robust, sustainable evaluations for vendors, many organizations fall short by failing to evaluate their vendors on a regular basis. Producing a periodic supplier due diligence report for each prospective and existing vendor enables you to confirm that all third parties are adapting appropriately with the changing risk environment.
At LogicManager, we understand that there are many different teams involved with managing crucial vendors; compliance, business continuity, IT and other departments all dedicate time and energy into helping ensure that your vendors are serving your organization to the best of their ability. By using our all-in-one centralized third party risk management platform, all stakeholders can access everyone’s work and easily bring it into their programs without duplicative efforts:
Plus, LogicManager is built on a foundation of best practices. We’re risk professionals at heart, and have over 15 years of experience in providing state-of-the-art software to other risk professionals like you. Our risk-based approach is what sets us apart from the rest.
Submit your Favorites List and our experts will reach out to you with more information. You will also receive this list as an e-mail which you can share with others. Here are the solutions you've added to your list so far: