The adoption of technology to better manage vendors and third-party risk is growing. A simple search for ‘vendor management software’ on Capterra brings back 135 results. Just two years ago that number was closer to 90.
The growth in software solutions to help manage vendors and other third parties isn’t surprising. Third-parties play important, strategic roles in most organizations of any size. And they bring a ton of risk. In Deloitte’s 2019 Third Party Governance and Risk Management Survey, 83% of respondents said their organizations experienced a third-part incident in the last three years.
A similar 2018 study by Opus & Ponemon Institute reported that 59% of companies experienced a third-6% of them said that they effectively mitigate third-party risks.
Managing risk (along with costs, compliance and performance) is clearly driving this growth in vendor management software. However, not all platforms are created equal. While a few have been developed from the ground up as a “true vendor management system,” many applications are actually add-on modules to other types of platforms.
At Vendor Centric, we’ve done a lot of research into the market for vendor management software. Let’s take a look at five of the most common types of systems that offer solid functionality for managing vendors and other third-parties.
- “True” Vendor Management Systems. If you want to manage the entire lifecycle of your relationship with vendors and other third parties, this is the right type of system for you. These applications were designed from the ground up specifically to manage the end-to-end relationship. The vendor’s record serves as the ‘hub’ for the system, with all functionality such as contract management, risk assessment and due diligence associated back to the main vendor record. In our experience, these systems give you the best visibility into all aspects of your third-party relationships.
- Contract Management Systems. If managing contract workflow is your goal, then a contract management system might be the best fit. The contract serves as the ‘hub’ in these systems, and workflow for developing, negotiating, signing and managing the contractual document what they are good at. Contracts are a big part of third-party management, but they aren’t the only thing. These systems can be a bit light in supporting other aspects of vendor management such as risk, due diligence and performance.
- Enterprise Risk Management Systems. Do you already have an enterprise risk management (ERM) system? Is risk management what you care most about with your third parties? If you answered yes to both, then you should consider using your existing ERM system. Most mature ERM products have third-party management functionality built into the core system, or offer it as an add-on module. So it can be an economical solution. However, I generally do not recommend using an ERM system for third-party management if you don’t already have one in place. They are limited to focusing solely on risk – with a big emphasis on data security risk – and oftentimes don’t support key functionality for managing contracts, costs and compliance. So before you go with one of these, be really sure that third-party risk management is truly your main objective.
- Procurement Systems. Procurement software developers have really stepped up their game when it comes to vendor management. While these systems are best at supporting sourcing, procurement and payment processes, they’ve added solid functionality (via add on modules) for vendor, contract and risk management. So if you want to streamline your more transactional procurement activities along with your vendor management activities, there are some solid options.
- Workflow Management Systems. Lastly, if you want to manage just about any type of workflow you can think of, and have the control to design it your own way, then a workflow management system is an option. These systems are designed to manage any type of workflow, which means that you can create processes to manage vendors, contracts, risk, due diligence, procurement…pretty much anything. However, they come with a lot of customization and can take a long time to implement. And your processes stay static versus other systems that continually improve functionality. Yes you can build whatever you want, but that comes with a price. Proceed with caution.
There are other systems – like CRMs and accounting – that promote themselves as having vendor management functionality. But most are limited in terms of what they can do, and there is a lot of customization required to them true vendor management.
So which type is right for you? Well, that really depends on a few things:
- Objectives. Do you want to manage the end-to-end vendor relationship, or is risk management the only thing you care about? The breadth and scope of your vendor management function will help drive you towards the right type of system.
- Costs. How much are you willing to spend? The more functionality you want, the more it’s going to cost you.
- Resources. Do you have dedicated people to manage the system, or is this going to be added to someone’s existing job description. The fewer your resources, the less complicated you need your system to be.
- Existing Systems. What systems do you already have in place? Do you already have a system that might have a solid add-on module that gets you 85% of what you need? Looking internally first might be a good place to start.
- Integrations. Is it important to ‘talk’ to other applications? If yes, then you want to focus on systems that make that process easy for you.
The choices can be overwhelming. If you’re looking for a new system, Vendor Centric can help you find the right one and ensure it is implemented efficiently and cost effectively. Contact me at firstname.lastname@example.org to discuss how we can help.
Author: Tom Rogers
Job Title: CEO
Organization: Vendor Centric
Tom is the founder and CEO of Vendor Centric, he has been a trusted advisor to nonprofit organizations for 30 years, with a focus on helping them align the right people, processes and systems to mitigate third-party risk and drive more value from third-party contracts and relationships.