As a company that specializes in 3rd Party Risk Management education & training, automated solutions, and consulting, we witnessed the pandemic cause many institutions to scramble to identify their vendors, search for contracts, wonder about their vendors’ capacity and resilience, business continuity plans, and financial viability during this unprecedented time. Those who felt they were not vulnerable and had risk under control suddenly felt exposed. Vendor Management, often considered a money pit and check-the-box regulatory requirement, actually became important and high profile!
The multiple global paradigm shifts that occurred simultaneously as a result of the pandemic have been a catalyst for change, requiring new ways of conducting business and spurring investment in people, process and technology. Business resilience and risk mitigation are now more important than ever. A big exposure came in the form of 3rd party service providers. With so many services outsourced and increasing dependence on 3rd, 4th…nth parties, there is less in our control. It’s probably a good time to take a look at our vendor management programs and update our goals and strategic objectives since they’ve probably changed since the time you first developed them. You did set strategic objectives for your program, didn’t you?
Those of us who have developed strategic plans know there will be a variety of factors in our global ecosystems, some anticipated and some not, that will require us to make adjustments along the way in order to keep on track to meet our strategic objectives. In fact, we might even need to adjust the objectives themselves as regulations, markets, economies, technology, services, and consumer demands change. The paradigm shifts might cause us to realign our objectives or implement new tools, policies, procedures and methodologies in order to adapt. The COVID-19 pandemic may have been just such a catalyst. What was unique about COVID was that the paradigm shifts it caused happened in the blink of an eye globally and simultaneously causing many late nights, daily status meeting and reports to the Board and scrambling in the trenches to avoid disruptions. Many of us were a part of the great migration to remote/home offices, classrooms, collaboration, communication, cloud-based infrastructure and applications, and even conducting remote vendor site visits. For some, the shift was disruptive while others were well positioned.
If you haven’t reviewed your vendor management program lately, maybe it’s time to update it. Perhaps it’s time to raise the bar. Perhaps it’s time to align it with overall corporate goals if you haven’t done so previously. A well-structured program should, among other things:
1. Generate business value as I’ve discussed in previous articles.
2. Help identify and mitigate risk.
3. Help ensure business resilience.
4. Drive vendor performance.
5. Make better and faster business decisions by converting that data container of vendor information into business intelligence.
You might not have had a vendor management program in place at all when you were first given the responsibility for it. Your goals might have been fairly simple and straightforward such as identify who your vendors were. So you reviewed the accounts payable list, asked the lines of business who they did business with, reviewed all the contracts, and even had Accounts Payable identify repetitive employee business expenses that indicated payment to vendors by credit card. You hit your goal but never formally realigned it and took it to the next level.
Or perhaps there was a program in place when you took it over and your goal was to establish an Operating Model to get everyone thinking about vendor risk in the same way, improve operational cost efficiency, mitigate risk and drive better and faster decision-making. So you enforced Governance by defining roles and responsibilities, building lines of defense, having everyone speak the same vendor risk language and forming a Vendor Management Oversight Committee.
Perhaps corporate goals now include ensuring resilience, further risk mitigation and cost containment. To align with those corporate goals you might consider understanding your Concentration Risk including entity-based, service-based, geographic, market, and economic. Coupling that with understanding vendor performance by assessing SLA’s and KPI’s and then assessing vendor value will help you Rationalize your vendor inventory for the purpose of Cost Containment, Resilience and Risk Reduction.
With lessons learned from the Pandemic, it’s time to review your vendor management program again and align it appropriately. Take a look at what you set out to achieve and measure the progress you made. Compare those goals to where you think you need to be now and through the next few years. Determine what you need to do to get there. Conduct that Current State-Future State assessment, identify the gaps and build the roadmap to get there. And be sure to measure progress at reasonable intervals, fine tune and iterate as necessary.