Contact Us

These 3 Words Are the Key to Effective Vendor Management

Picture of Tom Rogers
Picture of Tom Rogers

Tom Rogers - CEO & Founder, CPA , CCMP

Tom is a trusted advisor on procurement and third-party management to organizations across the United States. Having worked with over 120 organizations over his 30-year career, he has a unique ability to bring creativity and discipline to finding solutions for even the most complex challenges his clients face.

Tom Rogers - CEO & Founder, CPA, CCMP

One of the fundamentals to effective vendor management is recognizing that not all vendors are created equal when it comes to how they need to be managed. Some relationships are large and complex, while others are small and transactional.

That’s why these three words need to be baked into the core of your vendor management program: Risk-Based Approach

Taking a risk-based approach to vendor management allows you to categorize your vendors by risk, and focus your time and energy on the vendors that are riskiest – and oftentimes most important – to your organization. Let me explain what I mean.

When you enter into a new relationship with a vendor, they bring a variety of risks into your organization. Risks such as:

  • Operational & business continuity risk
  • Information security risk
  • Financial risk
  • Legal and compliance risk
  • And sometimes most important – reputational risk

Identifying these risks BEFORE you sign the contract (and during the procurement process) is the key to risk-based vendor management. Doing so enables you to properly vet the vendor, mitigate risks contractually or through alternative controls, and establish a risk-based plan for monitoring the relationship post-contract.

This won’t work though if your approach to risk identification is ad hoc. You need to follow a standard process, that starts with an inherent risk assessment.

The inherent risk assessment allows you to ask risk-related questions about the prospective vendor relationship in order to identify risks and determine the type of due diligence and risk oversight that is needed. Questions like:

  • Are any key activities being outsourced to this vendor?
  • Will the vendor be supporting one or more critical areas of operations?
  • Will the vendor have access to confidential information? What type and how much?
  • Will the vendor be interfacing directly with clients or customers?
  • Will the vendor have unsupervised access to our offices and our employees?
  • Does the vendor play a role in our own compliance with laws and regulations?

Answers to these and similar questions are the only way to understand risks with the vendor, and to employ a risk-based approach to managing the relationship.

Learn more about risk-based vendor management by downloading our eBook, How to Kick Start Your Vendor Management Program.

Share This Article

Picture of Tom Rogers

Tom Rogers

Tom is a trusted advisor on procurement and third-party management to organizations across the United States. Having worked with over 120 organizations over his 30-year career, he has a unique ability to bring both creativity and discipline to finding solutions for even the most complex challenges his clients face.
Picture of Tom Rogers

Tom Rogers

Tom is a trusted advisor on procurement and third-party management to organizations across the United States. Having worked with over 120 organizations over his 30-year career, he has a unique ability to bring both creativity and discipline to finding solutions for even the most complex challenges his clients face.

Stay Connected

Level Up Your Game
Build stronger vendor relationships, reduce risk, and improve your bottom line.
Free eBook

More on This Topic

Related Posts

Inventory of your vendors
The Do_s and Donts of presenting procurement data
Which type of vendor management software is right for you_
How to Perform a Procurement Excellence Assessment