There’s a lot that goes into vendor management and all the hard work makes it an integral component of an organization’s success. Vendor management, or often referred to as vendor risk management and third party risk management in recent years, is the process of fully identifying all of the significant companies that aid in the delivery of a product or service to your organization or to your customers on behalf of the organization. It involves controlling costs, driving service excellence and mitigating risk to gain increased value throughout the deal lifecycle.
Vendor Management Responsibilities
The role of vendor management within an organization consists of wearing many hats. Some responsibilities include:
- Working closely with vendors on a day-to-day basis
- Assisting with planning and developing the vendor management policy, program and procedures
- Facilitating vendor selection and contract negotiation processes
- Continuously monitoring vendor risk even after the vendor contract is executed (e.g., monitoring performance levels, requesting and analyzing current due diligence)
- Communicating with internal departments such as lines of business/business units, internal audit, senior management, the board and more to answer vendor questions and oversee tasks
In addition, the role of vendor management plays a strong part in managing each vendor’s lifecycle. While some who aren’t directly involved in vendor management on a regular basis may not realize there’s an entire vendor lifecycle, there certainly is.
Every relationship has a beginning, a middle, and ultimately, an end. The vendor lifecycle looks like this:
- Planning – establishing the vendor management policy, program and procedures that set the organization up for continued success
- Due Diligence and Third Party Selection – the process of fully vetting vendors prior to drafting a contract
- Contract Negotiation – outlining and discussing clear expectations before executing the contract
- Ongoing Monitoring – continuously monitoring vendors and reviewing their most current due diligence to help prevent undisclosed or unwanted risk
- Termination – identifying transition and exit strategies to help understand how notice periods and the return of assets will be handled should the relationship end
When you think about the role of vendor management, everyone at your organization actually plays a part. Basically, that’s because there are three lines of defense involved – which tends to include a lot of the organization – and even if you feel you’re not part of one of these lines of defense, you can help by sharing experiences you’ve had with the vendors you work with.
The three lines of defense include:
The first line – this is the front line or business unit. They’re managing the third party relationships on a daily basis. And, by this we mean they’re speaking to the vendor, addressing issues or concerns, asking questions and more.
- The second line – this is the independent risk management function. This tends to be the compliance or third party risk departments overseeing vendor management.
- The third line – this is the independent audit function. They review the first and second-line work product and effectiveness of the controls, as well as the policy, program and procedures, and advise if any changes need to be made. They’re looking for gaps in processes. You want them to catch it before an examiner does.
Really the role of vendor management within your organization and what it means comes back to what the definition above says. It’s extremely important. Without it, an organization would have a lot of trouble doing the following three things:
- Driving costs
- Controlling service excellence
- Mitigating risk
Risk is inevitable, but a strong vendor management team and program helps prevent it as much as possible.
Each organization needs a unique approach to vendor management. Download the eBook.