Software

Gain a 360-degree view of third-party risk by using our SaaS software to centralize, track, automate, assess and report on your vendors. 

Managed Services

Let us handle the manual labor of third-party risk management by collaborating with our experts to reduce the workload and mature your program. 

Overview
Document Collection
Policy/Program Template/Consulting
Virtual Vendor Management Office
Vendor Site Audit

Ongoing Monitoring

Let us handle the manual labor of third-party risk management by collaborating with our experts.

VX LP Sequence USE FOR CORPORATE SITE-thumb
Venminder Exchange

As Venminder completes assessments for clients on new vendors, they are then made available inside the Venminder Exchange for you to preview scores and purchase as you need.

CREATE FREE ACCOUNT

Use Cases

Learn more on how customers are using Venminder to transform their third-party risk management programs. 

Industries

Venminder is used by organizations of all sizes in all industries to mitigate vendor risk and streamline processes

Why Venminder

We focus on the needs of our customers by working closely and creating a collaborative partnership

1.7.2020-what-is-a-third-party-risk-assessment-FEATURED
Sample Vendor Risk Assessments

Venminder experts complete 30,000 vendor risk assessments annually. Download samples to see how outsourcing to Venminder can reduce your workload.

DOWNLOAD SAMPLES

About

Venminder is an industry recognized leader of third-party risk management solutions. 

Our Customers

900 organizations use Venminder today to proactively manage and mitigate vendor risks.

Get Engaged

We provide lots of ways for you to stay up-to-date on the latest best practices and trends.

Gartner 2020
Venminder received high scores in the Gartner Critical Capabilities for IT Vendor Risk Management Tools 2021 Report

READ REPORT

Resources

Trends, best practices and insights to keep you current in your knowledge of third-party risk.

Webinars

Earn CPE credit and stay current on the latest best practices and trends in third-party risk management.  

See Upcoming Webinars

On-Demand Webinars

 

Community

Join a free community dedicated to third-party risk professionals where you can network with your peers. 

Weekly Newsletter

Receive the popular Third Party Thursday newsletter into your inbox every Thursday with the latest and greatest updates.

Subscribe

 

Venminder Samples

Download samples of Venminder's vendor risk assessments and see how we can help reduce the workload. 

resource-whitepaper-state-of-third-party-risk-management-2022
State of Third-Party Risk Management 2022

Venminder's sixth annual whitepaper provides insight from a variety of surveyed individuals into how organizations manage third-party risk today.

DOWNLOAD NOW

The Proper Use of Benchmarks in Vendor Financial Reviews

7 min read
Featured Image

Obtaining and reviewing a vendor’s financials can be a laborious process, as individuals must sift through a large scale of information within a vendor’s financial statements to thoroughly analyze and identify key data points. Once this review and assessment takes place, the focus then shifts to how your team can adequately use the vendor’s financial information/metrics and make further sense of it all within your vendor risk management program.

One useful way to better understand vendor financial information during and after a review is through benchmarks. Many times, there are questions your organization may have around if there are any common benchmarks or standards that they can use for a vendor’s financials and how these benchmarks can be valuable across a large vendor base.

Utilizing these financial thresholds or “rules of thumb” to assess a vendor’s financial health can be an impactful guidepost to better obtain a holistic view of a vendor’s risk profile to your organization. It can also give your organization a better understanding on the varied composition of your vendor base (i.e., by industry, company size, financial performance, etc.), how to appropriately utilize these benchmarks in different scenarios and circumstances and where there are limitations to benchmarks.

Key Representative Benchmarks to Consider in Your Vendor Financial Reviews

Within your organization’s vendor risk management program, there are always questions that arise around how to apply a consistent, rigorous and defined approach to reviewing and assessing a vendor’s financial information. Because financial information is dynamic and can change (for the better or for worse) rather quickly, it’s important to not rely entirely on benchmarks and common “rules of thumb” in your financial reviews. However, having a set of appropriate guideposts in the form of financial benchmarks can certainly be beneficial to the success of your organization when assessing the risks that a vendor may pose to you from a financial health point of view.

To start, it’s always important to extract proper financial information from a vendor’s key financial statements (balance sheet, income statement, cash flow statement). These foundational data points can help serve as the starting point that you can build benchmarks or utilize existing “rules of thumb” to assess a vendor’s financial health.

Key foundational information from the three financial statements is highlighted below:

Balance sheet (multi-year detail, as available)

  • Cash and cash equivalents balance
  • Accounts receivable balance
  • Current assets and current liabilities balances
  • Total assets and total liabilities balances
  • Current and long-term debt balances
  • Retained earnings balance

Income statement (multi-year detail, as available)

  • Revenue performance
  • Gross profit and margin performance
  • Operating income (loss) detail
  • Net income (loss detail)

Cash flow statement (multi-year detail, as available)

  • Beginning and ending cash balance as of a period start and end
  • Cash flow from operations, investing, and financing

Once this information is collected and analyzed accordingly, your team can utilize benchmarks across each of the financial data points to better understand how this vendor’s financial health compares to representative thresholds. These benchmarks can come from multiple sources, such as third-party research, internal data your team may have collected on other vendors (and thresholds/averages that your organization may set from this compiled data) or from an outsourced service provider or software tool.

Common benchmarks and “rules of thumb”

The below provides some common “rules of thumb” and benchmarks that your organization can apply and utilize when reviewing and assessing many of the categories of financial information found in a vendor’s financial statements.

Bad Neutral Good
  • A/R: greater than 55 days
  • Declining revenues (depending on magnitude)
  • Consistent growing and operating and net losses + degradation of revenue base
  • Negative cash flow from operations and financing
  • Operating and net losses (usually bad, but may indicate investment in its product, sales, marketing and operations)
  • A/R 40-55 days
  • Declining revenues (depending on magnitude)
  • A/R of less than 40 days 
  • Flat or improving revenues
  • Current ratios of 1x 

Exceptions:

  • Cash flows from investing and financing have important details around equity and debt funding, major acquisitions or dispositions and other non-operating events a vendor may have to help its cash position.
  • Margins (both gross margins and operating/net income profit margins) tend to be industry specific. For example, 30% gross profit margins for a vendor who operates in the food industry is good but it would be bad for a software company that provide cloud software tools.

Calculations

  • Current ratios: dividing current assets and current liabilities
  • Accounts receivable (A/R): multiplying a vendor's accounts receivable balance by the number of days in a year/period your organization is assessing and dividing that product by the vendor's total revenue. 

4 Best Practices When Applying Benchmarks in Financial Reviews

Benchmarks should be one tool that your organization commonly uses in its vendor risk management program when assessing a vendor’s financial health and financial profile. With benchmarks and “rules of thumb,” organizations can better define the standards in which they hold their vendors to from a financial health point of view. Additionally, organizations can ensure that key vendors meet or exceed these thresholds; when the vendors do not, the organization should work to identify and mitigate the risk that these vendors may pose to their organization if a vendor’s financial health continues to slip and cause performance-level/SLA issues.

The following best practices are important to remember:

  1. Document common financial benchmarks: To encourage better shared practices across your organization’s team members and constituents, it may be good to document the common financial benchmarks and “rules of thumb” your organization utilizes. This can help solidify key details to look for when reviewing a vendor’s financials and ensure that your organization’s team members maintain an updated view on these benchmarks across time and vendor types.
  2. Understand limitations: It’s also important to understand the limitations that benchmarks possess and the considerations of these tools in your overall vendor risk management program. Benchmarks don’t provide the full, holistic view of a vendor’s financial health and performance and must be viewed together with other quantitative and qualitative details in your financial review processes. Paired with commentary from financial information, such as recent announcements that a vendor has made around its operating performance, can provide a better view of a vendor’s risk and financial health than just benchmarks alone.
  3. Develop common rules of thumb: Additionally, as mentioned earlier, benchmarks may vary by vendor size, industry and company type. By developing common rules of thumb, you can capture a good deal of the typical use cases in reviewing a vendor’s financials but may not adequately and thoroughly address other cases that may arise when looking at a unique vendor in a new industry or situation your organization is not accustomed to. Therefore, it’s a good practice to try to use these benchmarks as a guide or a “sanity check” for your reviews and assessments as opposed to the final answer or conclusion on a vendor’s financial health.
  4. Regularly update and check metrics: Finally, benchmarks tend to be static in nature given that they’re a reference as of a point in time or over an average set of companies/examples. Because these metrics are static, it’s important to ensure that they are regularly updated or checked to ensure that nothing material has shifted or changed. After all, we operate in a dynamic, evolving business environment that introduces unknown variables (like a once in a lifetime pandemic) that can certainly make benchmarks your organization has used in the past less useful.

Include Benchmarks as a New Tool in Your Overall Toolbox

Financial benchmarks are a common and simple way to add incremental rigor and order to your vendor financial review procedures. These benchmarks can add useful insight and information that your organization can utilize to better comprehend the financial health of key companies across your diverse base of vendors. By defining and developing internal best practices for your team to know how and when to use these thresholds in your vendor financial review process, your organization can help mature its vendor risk management program and identify and work to mitigate risks that may arise from vendors.

Although these benchmarks can certainly be a helpful tool, they come with inherent limitations when used in a vacuum or not complemented by other controls and workflows in your financial review processes. Therefore, it’s always integral to ensure that your organization does not view benchmarks as a replacement to other risk management and financial diligence workflows or an “end-all and be-all” when it comes to performing holistic vendor financial reviews. Rather, your organization should use benchmarks as another great tool to add to your growing and maturing vendor risk management toolbox.

Now that you have an understanding of useful benchmarks to look for, what happens if you see a vendor’s financial health decline? Learn the warning signs to look for. Download the infographic.

New call-to-action

 

Subscribe to Venminder

Get expert insights straight to your inbox.

Ready to Get Started?

Schedule a personalized solution demonstration to see if Venminder is a fit for you.

Request a Demo