Tom is a trusted advisor on procurement and third-party management to organizations across the United States. Having worked with over 120 organizations over his 30-year career, he has a unique ability to bring creativity and discipline to finding solutions for even the most complex challenges his clients face.Table of Contents
I’ve been reading a lot on LinkedIn and in industry surveys about how organizations are suddenly taking a more holistic approach to vendor management.
Everyone’s treating this like breakthrough thinking. Like moving beyond transactional activities buried in functional silos is some kind of innovation. Like getting departments to actually work together on lifecycle management is revolutionary.
It’s not.
I built Vendor Centric’s first framework back in 2018 on a simple premise: vendors are business partners, not departmental problems to solve in isolation. They need to be managed holistically from a relationship perspective, from start to end—not from a task or departmental perspective. That means lifecycle management coordinated and organized to optimize those relationships.
What’s actually new isn’t the concept of holistic vendor management. It’s that AI tools are finally making it operationally feasible to manage the complete relationship lifecycle with real visibility at scale.
The Problem Nobody Wants to Admit
Here’s what’s really happening. The current state of third-party management is still primarily focused on risk and compliance—trying to prevent bad things from happening with vendors.
Don’t get me wrong. That’s important.
But it’s not the purpose of working with vendors. You work with vendors to provide goods and services and scale. To access new markets. To gain flexibility and innovation.
That’s why you hire vendors. Not to avoid risk, but to extract value from the relationship to help your business operate and grow.
The data tells the story. 98% of organizations have a relationship with a third party that has been breached. The average company now works with 286 vendors—up 21% year-over-year.
Yet 61% of survey respondents believe their organization’s TPRM program is undervalued.
Organizations know they’re not getting it right. The gap between what these new platforms enable and what organizations actually do remains enormous.
Why Organizations Can’t Break Through
I’ve watched this pattern repeat across industries. The barriers aren’t technical. They’re strategic and structural.
First, there’s the strategy problem. Most organizations don’t think about managing vendors from an ecosystem perspective at the top. They’re viewed as costs to manage, software to enable, outsourcing to facilitate.
They’re not viewed as part of the overall operating strategy for the organization. No company could operate without their vendors, yet most still don’t think about managing vendor relationships as a strategic thing they need to do.
Second, organizational structure creates massive friction. Everybody’s isolated in their own silos.
Third-party risk teams focus on compliance and regulatory risk—primarily cybersecurity and resilience. Compliance operates in a silo where all they care about is that vendors comply with policies and procedures. Legal cares that contracts have the right clauses and terms are negotiated properly, but they don’t always think about the types of service level agreements or performance management provisions that should be in there.
Procurement tries to find the vendor, then hands it off to the business owner. These functions operate in different places with no internal quarterback to bring them together.
Organizations that foster smooth collaboration between teams can be up to 25% more productive than those working in silos. That’s not a small gap.
Third, skill sets remain myopically focused. Everyone’s set within their own functional areas. Business owners aren’t trained on how to find vendors the best way, how to put proper performance requirements in contracts, or how to monitor and manage them.
They’re just trying to do their day-to-day job. They’re not trained to make sure their vendors are optimized and working to the best extent possible.
How Successful Organizations Actually Break Through
I’ve seen organizations successfully navigate this transformation. They don’t do it with better tools alone. They do it with better structure.
They establish an enterprise-level framework. Policies and procedures for managing vendors holistically across the organization from start to finish—from the initial need to procure goods and services all the way through onboarding, working with the vendor, and offboarding.
When they set that overarching framework and strategy, they create the infrastructure to do all of that properly.
They install a central quarterback. A central vendor management function—somebody or a team whose sole responsibility is making sure vendors get managed properly and holistically across the organization.
They coordinate all the different business functions. They serve as a center of excellence to help everyone do the right things and help business owners be successful.
They leverage data and reporting. They step back and look at how everything flows through reporting and data. They make smart decisions around ways to improve how the organization works with vendors—whether it’s speeding up selection and onboarding or putting better processes in place to monitor and manage performance with vendors, especially the most important ones.
They’re putting all of that in place to make the business more successful overall.
The Industry Paradox
Here’s something interesting I’ve observed. The industries that have been doing this the longest aren’t necessarily the most advanced.
Financial services—banks, credit unions, insurance companies—have been doing this for a while because regulations required it. But most of their programs are focused around regulatory compliance with a heavy dose of cybersecurity.
They’re making sure they comply with cybersecurity regulations. Some are more forward-thinking and mature, but many remain mired in compliance with regulations.
Meanwhile, emerging industries are thinking differently. Pharmaceuticals, energy, transportation—they’re thinking about vendor management the way it should be thought about. Holistic end-to-end relationship management.
They’re not being driven and mired by regulatory compliance, although they have regulations to comply with. They’re thinking about it strategically and approaching management from that perspective.
They’re actually ahead of the game, even though they’re newer to formalizing vendor management functions like a vendor management office or program.
The AI Moment That Changes the Game
AI tools are absolutely enabling the more holistic view. That’s what they’re designed to do.
They’re closing the gap between all these different systems operating autonomously. They bring everything together into one central intake when you’re looking for a new vendor and one central source of data.
You get clean, organized data. One single source of truth about your vendor master file that talks to and pulls data from other systems.
But here’s the critical part. Like anything, they’re tools. There’s still organizational strategy and frameworks and change management required.
People need to learn new ways of working using these tools and optimizing them. The tool itself doesn’t fix the problem. It provides an avenue to fix it.
The vendor management software market is valued at approximately $2.77 billion in 2025 and projected to grow at a 12.3% CAGR through 2030. 94% of procurement teams now use generative AI tools at least once weekly.
Technology is shifting quickly. Organizations will adopt these newer AI-driven technologies faster because they’ve got pressure from the market, customers, boards, and management to leverage these tools.
But they really need to step back and look at what they’re doing and how they’re doing it strategically so they can tie it all together.
Where Organizations Push Back
The biggest pushback comes from those siloed functional areas that already have their own ways of doing things. They have very specific task-related responsibilities.
Information security’s role is to secure information for the entire organization, including data shared with third parties. Their primary focus is ensuring they’re comfortable with information security controls of third parties.
They don’t care as much about whether the third party performs well, has good SLAs in their contract, or if costs were negotiated properly.
Legal wants to make sure they have a good contract that gets executed. But they don’t have visibility into whether the vendor performs according to those contractual expectations. They often don’t have visibility into whether the vendor has the appropriate policies and controls in place to comply with contractual expectations.
It’s not specific to any one department. They’ve got their own workflows, their own way of doing things, their own tasks they’re trying to get across the finish line.
They want to make sure those don’t get messed with. They don’t have visibility into the end-to-end relationship, and sometimes they don’t care—even though they may want to contribute to better vendor management across the organization.
That established workflow creates territorial mindset. People guard their piece of the process. Territorial behavior becomes inevitable when people only see their part and have metrics tied to their narrow objectives.
What You Should Actually Measure
The metrics you track reveal whether you’re managing vendors holistically or just checking compliance boxes.
Focus on metrics that show how addressing vendors holistically enables the business:
Speed to finding and selecting a vendor. How quickly can you identify and onboard the right partner?
Speed to onboard and integrate. How fast can you get a new vendor integrated into operations?
Risk reduction across the portfolio. Are you working with fewer vendors that have access to sensitive information? Are you using preferred vendors who’ve already gone through risk assessments and have good controls, rather than letting business units work with any vendor they want?
Vendor resilience. Can your organization operate and stay resilient when something happens with a vendor? If you lose a critical vendor or their system goes down, can you get back to normal operations quickly?
Improved performance across the portfolio. Are vendors getting their work done faster, more accurately, with better outcomes? Can the business actually use what vendors are doing for them to help the business succeed?
The traditional metrics still matter—no regulatory findings, compliance with regulations. But those are what people are already doing. The new metrics focus on speed, resilience, and enabling the business.
The One Thing That Makes Everything Else Possible
If you’re just starting to think about this more holistic approach, here’s my one piece of advice.
Get leadership buy-in and support for going about this as a strategic approach.
This needs to be a strategic initiative or transformation, not a siloed third-party risk project or procurement project. It’s a transformation to enable the business to manage vendors more holistically and create all the value we’ve been talking about.
It all starts with leadership buy-in and support so it’s a strategic initiative rather than a tactical one.
Without that top-level support, you’ll always end up with siloed approaches where each department works on their piece. True transformation requires leadership that sees vendor management as a strategic enabler for the entire business, not just a compliance checkbox.
Why You Can’t Wait Anymore
This transformation will follow the typical adoption curve. Some organizations are already on the front end, seeing the opportunity and value. They’re adopting new platforms and new ways of thinking to extract all the value they can.
Others will move incrementally. Some will lag at the end.
But this is probably going to go faster than any previous transformation. Technology is shifting quickly. The gap between what technology enables and organizational capability is widening.
Organizations that don’t close this gap will find themselves at a competitive disadvantage. They’ll spend more time assessing vendors while gaining less clarity. They’ll face more breaches. They’ll miss opportunities for innovation and market access that their vendors could provide.
The tools are here. The framework exists. The question is whether you’ll position this as a strategic transformation or just another tactical project that gets absorbed into existing silos.
The choice determines whether your vendor ecosystem becomes a liability or a multiplier for your business.
