Obtaining and reviewing a vendor’s financials can be a laborious process, as individuals must sift through a large scale of information within a vendor’s financial statements to thoroughly analyze and identify key data points. Once this review and assessment takes place, the focus then shifts to how your team can adequately use the vendor’s financial information/metrics and make further sense of it all within your vendor risk management program.
One useful way to better understand vendor financial information during and after a review is through benchmarks. Many times, there are questions your organization may have around if there are any common benchmarks or standards that they can use for a vendor’s financials and how these benchmarks can be valuable across a large vendor base.
Utilizing these financial thresholds or “rules of thumb” to assess a vendor’s financial health can be an impactful guidepost to better obtain a holistic view of a vendor’s risk profile to your organization. It can also give your organization a better understanding on the varied composition of your vendor base (i.e., by industry, company size, financial performance, etc.), how to appropriately utilize these benchmarks in different scenarios and circumstances and where there are limitations to benchmarks.
Key Representative Benchmarks to Consider in Your Vendor Financial Reviews
Within your organization’s vendor risk management program, there are always questions that arise around how to apply a consistent, rigorous and defined approach to reviewing and assessing a vendor’s financial information. Because financial information is dynamic and can change (for the better or for worse) rather quickly, it’s important to not rely entirely on benchmarks and common “rules of thumb” in your financial reviews. However, having a set of appropriate guideposts in the form of financial benchmarks can certainly be beneficial to the success of your organization when assessing the risks that a vendor may pose to you from a financial health point of view.
To start, it’s always important to extract proper financial information from a vendor’s key financial statements (balance sheet, income statement, cash flow statement). These foundational data points can help serve as the starting point that you can build benchmarks or utilize existing “rules of thumb” to assess a vendor’s financial health.
Key foundational information from the three financial statements is highlighted below:
Balance sheet (multi-year detail, as available)
- Cash and cash equivalents balance
- Accounts receivable balance
- Current assets and current liabilities balances
- Total assets and total liabilities balances
- Current and long-term debt balances
- Retained earnings balance
Income statement (multi-year detail, as available)
- Revenue performance
- Gross profit and margin performance
- Operating income (loss) detail
- Net income (loss detail)
Cash flow statement (multi-year detail, as available)
- Beginning and ending cash balance as of a period start and end
- Cash flow from operations, investing, and financing
Once this information is collected and analyzed accordingly, your team can utilize benchmarks across each of the financial data points to better understand how this vendor’s financial health compares to representative thresholds. These benchmarks can come from multiple sources, such as third-party research, internal data your team may have collected on other vendors (and thresholds/averages that your organization may set from this compiled data) or from an outsourced service provider or software tool.
Common benchmarks and “rules of thumb”
The below provides some common “rules of thumb” and benchmarks that your organization can apply and utilize when reviewing and assessing many of the categories of financial information found in a vendor’s financial statements.
4 Best Practices When Applying Benchmarks in Financial Reviews
Benchmarks should be one tool that your organization commonly uses in its vendor risk management program when assessing a vendor’s financial health and financial profile. With benchmarks and “rules of thumb,” organizations can better define the standards in which they hold their vendors to from a financial health point of view. Additionally, organizations can ensure that key vendors meet or exceed these thresholds; when the vendors do not, the organization should work to identify and mitigate the risk that these vendors may pose to their organization if a vendor’s financial health continues to slip and cause performance-level/SLA issues.
The following best practices are important to remember:
- Document common financial benchmarks: To encourage better shared practices across your organization’s team members and constituents, it may be good to document the common financial benchmarks and “rules of thumb” your organization utilizes. This can help solidify key details to look for when reviewing a vendor’s financials and ensure that your organization’s team members maintain an updated view on these benchmarks across time and vendor types.
- Understand limitations: It’s also important to understand the limitations that benchmarks possess and the considerations of these tools in your overall vendor risk management program. Benchmarks don’t provide the full, holistic view of a vendor’s financial health and performance and must be viewed together with other quantitative and qualitative details in your financial review processes. Paired with commentary from financial information, such as recent announcements that a vendor has made around its operating performance, can provide a better view of a vendor’s risk and financial health than just benchmarks alone.
- Develop common rules of thumb: Additionally, as mentioned earlier, benchmarks may vary by vendor size, industry and company type. By developing common rules of thumb, you can capture a good deal of the typical use cases in reviewing a vendor’s financials but may not adequately and thoroughly address other cases that may arise when looking at a unique vendor in a new industry or situation your organization is not accustomed to. Therefore, it’s a good practice to try to use these benchmarks as a guide or a “sanity check” for your reviews and assessments as opposed to the final answer or conclusion on a vendor’s financial health.
- Regularly update and check metrics: Finally, benchmarks tend to be static in nature given that they’re a reference as of a point in time or over an average set of companies/examples. Because these metrics are static, it’s important to ensure that they are regularly updated or checked to ensure that nothing material has shifted or changed. After all, we operate in a dynamic, evolving business environment that introduces unknown variables (like a once in a lifetime pandemic) that can certainly make benchmarks your organization has used in the past less useful.
Include Benchmarks as a New Tool in Your Overall Toolbox
Financial benchmarks are a common and simple way to add incremental rigor and order to your vendor financial review procedures. These benchmarks can add useful insight and information that your organization can utilize to better comprehend the financial health of key companies across your diverse base of vendors. By defining and developing internal best practices for your team to know how and when to use these thresholds in your vendor financial review process, your organization can help mature its vendor risk management program and identify and work to mitigate risks that may arise from vendors.
Although these benchmarks can certainly be a helpful tool, they come with inherent limitations when used in a vacuum or not complemented by other controls and workflows in your financial review processes. Therefore, it’s always integral to ensure that your organization does not view benchmarks as a replacement to other risk management and financial diligence workflows or an “end-all and be-all” when it comes to performing holistic vendor financial reviews. Rather, your organization should use benchmarks as another great tool to add to your growing and maturing vendor risk management toolbox.
Now that you have an understanding of useful benchmarks to look for, what happens if you see a vendor’s financial health decline? Learn the warning signs to look for. Download the infographic.
Red Flags in Critical Vendor SOC Reports
When you begin your initial due diligence or regular monitoring of a vendor, one of the first...
11 Tips for Reviewing Vendor Business Continuity and Disaster Recovery Plans
When major storms are a brewing, we can’t help but wonder about all the people that stand to be...
4 Considerations to Drive Vendor Compliance
Third-party risk management’s foundational principle is that you can outsource the product or...
Subscribe to Venminder
Get expert insights straight to your inbox.
Ready to Get Started?
Schedule a personalized solution demonstration to see if Venminder is a fit for you.