Tom is a trusted advisor on procurement and third-party management to organizations across the United States. Having worked with over 120 organizations over his 30-year career, he has a unique ability to bring creativity and discipline to finding solutions for even the most complex challenges his clients face.Vendor relationships are an important part of the ecosystem of every organization. Some organizations have only a handful of vendors while others have thousands.
Vendors impact organizations in a variety of ways, but they all bring cost and risk. Who is ultimately responsible for managing this cost and risk? In many organizations, this is unclear due to the multiple roles and stakeholders involved. These include:
- Business owners – those who manage the day-to-day vendor relationship;
- Purchasing – those who manage solicitations and vendor contract renewals;
- Finance – those who manage the procure-to-pay process;
- Compliance – those who manage regulatory and risk-related activities;
- Legal – those who support contracting and contract negotiations with vendors; and
- IT – those who support technical aspects of vendors who provide technology systems and solutions.
Responsibilities get even muddier in organizations that may not be large enough to have fully staffed departments like purchasing or compliance. In those cases, vendor management responsibilities are loosely distributed to staff across the organization or, in many cases, simply aren’t executed at all.
With so many people managing so many disconnected pieces of the vendor relationship, the reality in most organizations is that no one is truly managing vendors in a coordinated, disciplined way.
Unfortunately, some organizations are finding this out the hard way.
A number of high-profile vendor breaches have created both embarrassment and real, operational problems for the organizations that hired those vendors. Third-party vendor breaches like the ones reported at Greenway Health and Children’s National Health Systems highlight the types of problems vendors can cause. And the number of these incidents will only increase over time as more data moves to the cloud, and hackers continue to evolve their toolset.
Regulatory bodies have taken note of the risks that unmanaged vendors create, and have addressed them through increased regulations. Industries like health care, financial institutions, nonprofits and municipalities have been hit hard with increased regulations around procurement and vendor oversight.
For these and other reasons, the vendor management conversation is gradually evolving from a focus on reducing costs and efficiently processing transactions to a focus on mitigating risk and driving value.
This shift has elevated the conversation to the C-Suite and the board of directors. Both want clearer vendor management roles and processes within the organization.
If you don’t know who’s really managing your vendors, now is the time to figure it out. You don’t want to wait until it’s too late.
