An effective vendor monitoring process is a critical component of business continuity planning. This requires not only identifying who your key vendors are, but also ensuring you have an effective process in place to assess and evaluate their overall health and ongoing viability.
Vendor monitoring has always been a necessary component of a vendor management program, but its importance has been put in the spotlight due to the COVID-19 pandemic. Companies are concerned about both short and long-term effects the pandemic might have on their key vendors. While the impact to some vendors was immediate, the long-term impact to many companies won’t be known for months (possibly years) to come. Many vendors have had to:
- Reduce or eliminate services due to the need to shift to new lines of business
- Address new financial pressures resulting from new competitors, permanent loss of market share or difficulty obtaining working capital
- Address operational issues caused by some of their own key suppliers (your 4th parties) or, in the worst cases, replace them altogether
In order to manage business continuity with your most important vendors, you need to have a solid vendor monitoring process in place and, when issues arise, a documented plan for how you are going to remediate them. Here are seven pillars of a well-designed vendor monitoring process framework.
- Identify which vendors require monitoring. These should always include your critical and high-risk vendors, but can include lower risk (but other important) relationships as well.
- Define the indicators you want to monitor. They should include both quantitative indicators (numerical data that can be objectively captured and measured) and qualitative indicators (anecdotal observations and other contextual information).
Learn more about the importance of using both qualitative and quantitative indicators in this 90 second excerpt from our webinar “Monitoring Stability of Key Vendors During and After the Pandemic”.
- Organize your data sources. Monitoring information can be captured in a variety of ways including questionnaires, policy and procedure documents, SOC and audit reports, surveys and third-party data intelligence tools, to name a few. Make sure you have the necessary data sources to feed up into the types of indicators you want to track.
- Clarify roles & responsibilities. While the person that owns the vendor relationship should be primarily responsible for monitoring their vendors, many other subject matter experts are involved in the process. Be sure to clarify who will do what and when.
- Line up your subject matter experts. Speaking of subject matter experts, these are the folks with the specialized skills you’ll need to support certain aspects of monitoring. They frequently include experts from information security, business continuity, compliance, IT and legal.
- Establish escalation procedures. When issues come up during the vendor monitoring process (which they always do), it’s important to know which need to be escalated and what options you have for resolving them. This can include expanding your due diligence, updating contingency plans or even modifying (or terminating) the contract. Your framework should define the types of issues requiring escalation and the procedures you can follow.
- Leveraging technology. Lastly, the vendor monitoring process is way easier when you leverage technology. This includes your vendor management system and continuous monitoring solutions that give you access to external data sources.
A good vendor monitoring process strengthens your overall vendor management program. It is also one of your best tools for getting out in front of small problems before they become big ones.