(270) 506-5140 CONTACT US
Best Practices

4 Important Vendor Management Reminders for the Board

Mar 10, 2020 by Gordon Rudd, CISSP

As a board member for any organization’s board, it’s your responsibility to ensure the organization is pursuing vendors that are compatible with their risk tolerance, strategic objectives and overall business objectives. Sometimes, vendor management can get lost in the hustle and bustle of a million and one things to do. I’m here to provide a few important reminders for the board.

4 Vendor Management Reminders for the Board

Here are four vendor management related reminders for you, a board member:

1. You're in control.

It’s important to remember that you are indeed in charge of everything. If you don’t like the way something is being run, it’s up to you to speak up and/or take the appropriate action to rectify the situation. The board can make hiring and termination decisions and can start or stop any initiative they choose. If your organization doesn’t do vendor management the way you want it done, then talk to other board members and get their take on the situation, too.

2. Knowing your regulations and understanding your responsibilities are key.

No matter the industry, it’s important to remember the board has specific responsibilities of which they’re obligated. Responsibilities don’t go away. However, taking it a step further, many boards fall under regulations that encompass vendor management.

For example, the Federal Financial Institutions Examination Council (FFIEC) has very specific “suggestions” on how organizations manage their vendors. The FFIEC wants very specific, risk-based methodologies utilized to manage vendor relationships. This is particularly important as many organizations are required to follow FFIEC guidance. The FFIEC is a combination of regulatory requirements from multiple agencies and all agencies tend to follow FFIEC guidance when examining an organization’s vendor management. The Office of the Comptroller of the Currency (OCC), Federal Deposit Insurance Corporation (FDIC), Federal Reserve Bank, National Credit Union Association (NCUA) comprise the lions share.

As a board member, you have a fiduciary responsibility to the organization. You can be held liable for everything that happens in your organization so you should expect to be informed of and understand anything that happens in the vendor management department.

It’s important for the vendor management team to understand your vendor management expectations. Remember, an auditor or examiner will evaluate your organization’s vendor management program and if the vendor management team doesn’t have the necessary resources to create and operate an adequate program, the examiners and auditors will have findings in their reports and offer the board an opportunity to correct the problems.

3. Adequate resources and tools are a must.

In some cases, but of course not always, board members are operating under the false assumption that “one employee” and “spreadsheets” are really all that’s needed to effectively manage the organization’s vendors. This is against all vendor management best practices. Inadequate support for the vendor management program will cause examiners and auditors to issue findings for any number of vendor management failures that directly result from a lack of budgeting for adequate resources. The board and senior management team should be weary of attempting to operate a vendor management program with spreadsheets. Don’t set your team up for failure.

4. It’s not just about the examiners.

It should be important to any business to understand how their outsourced spend is being applied. Failing to analyze the investment being made in vendor products or services versus the return on those investments, the ROI, is just bad business. Vendor management systems can provide visibility, enabling executive management and the board to make smarter decisions. Ensure you have a vendor management program in place that supports this visibility and let it open the eyes of management to what’s going on with the organization’s vendors.

There’s a lot of work that goes into overseeing an organization. Understandably, vendor management can be challenging to focus on when there’s so much noise in the filter. However, never forget the importance of a successful vendor management program and the 2.5% a well-run program will add to your bottom line. As a board member, you’re an important part of the vendor management process and your oversight and feedback is critical to the success of the organization.

Read through important vendor management updates from 2020. Download the whitepaper now.

New call-to-action

Gordon Rudd, CISSP

Written by Gordon Rudd, CISSP

Gordon Rudd is a Third Party Risk Officer at Venminder. Gordon has more than 30 years of experience in the financial services industry in the areas of third party risk management, technology, information security, enterprise risk management and GRC (Governance, Risk Management and Compliance) program development. Gordon works with the Venminder delivery team as a third party risk management and cybersecurity subject matter expert in residence.

Follow Gordon Rudd, CISSP

Subscribe to the Venminder Blog