When I started Vendor Centric back in 2012, the concept of vendor management as a business discipline was still relatively new. So when I tried to explain “What is vendor management” to friends and colleagues, I generally got a lot of blank stares looking back at me.
But vendor management has evolved since then. And so has my answer to the question:
What is vendor management?
Here is how I explain vendor management in 2022.
“Vendor management is a business discipline along the lines of human resource management, only for your vendors instead of your employees. The purpose of vendor management is to maximize the value of vendor relationships by taking a holistic, risk-based approach to the process – from beginning to end.”
Since vendor management is still emerging operationally, it oftentimes looks very different from human resource management and other, more mature business disciplines. While HR is positioned clearly on the org chart, that’s not always the case with vendor management.
In many organizations, vendor management is a coordinated effort between the three operational areas that span the lifecycle of the vendor relationship.
- Procurement – finding and sourcing vendors
- Contract Management – executing and managing contracts with vendors
- Third-Party Risk – risk assessing and risk monitoring vendors
Coordination across all three operational areas is necessary to holistically manage vendor relationships. The ‘glue’ to holding everything together, and enabling the coordination to happen, is the adoption of a vendor management framework. Here’s how it works.
Vendor Management Framework
A key vendor management concept is the need to adopt an underlying framework. Like with any business discipline, there are fundamentals you need to follow – you can’t make them up as you go along. A framework provides a structure for bringing all vendor management fundamentals together.
Vendor Centric’s Vendor Management Framework is comprised of two main sections. The first section (the outer ring) defines the six stages of the vendor lifecycle that need to be managed over the course of your relationship.
The second section (the inner ring) outlines the fundamentals you need to have in place to align your people, processes, and systems to effectively manage your vendors.
The scope of your vendor management function should always scale to your organization’s requirements, size, and overall risk appetite. But all components of the framework need to be in place for your vendor management function to be effective.
Risk-Based Approach to Vendor Management
Another key vendor management concept is recognizing that not all vendors are created equal when it comes to how they need to be managed. Some relationships are large and complex, while others are small and transactional.
That’s why the best practice is to employ a risk-based approach to vendor management.
Taking a risk-based approach allows you to focus your time and energy on the riskiest – and oftentimes most important – vendors to your organization. Let me explain what I mean.
When you enter a new relationship with a vendor, they bring a variety of potential risks into your organization such as:
- Operational & business continuity risk
- Information security risk
- Financial risk
- Legal and compliance risk
- Reputational risk
- And lots of others
Identifying and mitigating these risks BEFORE you sign a contract, and monitoring (mitigating) them throughout the life of the relationship, is the key to risk-based vendor management. Doing so enables you to properly vet the vendor, mitigate risks contractually or through alternative controls, and establish a risk-based plan for monitoring the relationship post-contract.
Following a standard process for identifying inherent risks and performing risk-based due diligence is best practice.
Operationalizing Vendor Management
Vendor management is an evolving business discipline, and implementing a vendor management function within your organization doesn’t happen overnight. But you can get traction quickly by taking a practical, risk-based approach to building your vendor management program. This requires getting your fundamentals in place and starting with your riskiest vendors – then evolving from there.
Here are three phases you can follow.
Start by establishing your fundamentals with support from senior leadership. This ensures alignment and the right tone from the top.
- Develop your policy
- Inventory your vendors
- Clarify roles and responsibilities
- Create your core assessment tools
With your fundamentals in place, get traction by beginning to assess your most critical and riskiest vendors.
- Risk assess and categorize vendors into risk tiers
- Start conducting due diligence with your highest-risk vendors
- Begin tracking and remediating issues you identify
- Start with some basic monitoring activities around performance, cybersecurity,
financial health and negative news
- Rinse and repeat with the rest of your vendors, starting with the next riskiest group and working
your way down
Finally, once you are consistently doing the basics, create a path for enhancing and maturing your
program. These can include:
- Automate business processes with technology
- Identify and assess 4th parties
- Enhance standards for contracting, termination and offboarding
- Audit contracts and consolidate spend with fewer vendor
- Assess concentration and geographic risk
- Plan for new products
If you’re looking to get a new vendor management program up and running, download our free Kick-Start Guide which includes a playbook for getting your program up and running in 90 days.
Author: Tom Rogers
Job Title: CEO
Organization: Vendor Centric