The expansion of digital business, growth of cloud services and increasing regulatory scrutiny of third-party vendor relationships are just a few factors placing a heightened focus on vendor risk management.
But not every vendor relationship is created equal. A true, risk-based approach requires organizations to first segment their vendors based on pre-determined criteria, and then establish an appropriate level of ongoing due diligence and oversight activities based on the assigned level of risk. And while the specific activities may vary across organizations, there are three types of risk you want to be sure to address.
- Operational Risks
- Financial Risks
- Regulatory Compliance Risk
Operational risk is the risk that your organization will experience a major failure, shutdown or unexpected disruption of some segment of your business if a vendor’s processes, people or systems fail. Operational risk goes hand in hand with your reliance on a vendor and is typically higher with vendors that provide services such as outsourcing, IT systems and data.
There are two good ways to take a proactive approach and mitigate operational risk: perform periodic on-site and/or due diligence reviews and create a contingency plan should you experience a failure with a risky vendor. These two risk-mitigation activities go hand-in-hand, especially for mission-critical vendors. Monitoring daily performances that don’t meet the standards required is also a good indication that in a time of risk there is a higher risk of disruption or failure.
Financial risk is the risk that your organization is negatively impacted financially due to a vendor relationship. This can come in two forms: excessive costs and lost revenue.
Poor Vendor Service due to Finances
Many supplier performance issues are related to finances.
Deliveries were late, and shortages were piling up with no relief in sight. The primary supplier was actively blaming the secondary supplier for the bottleneck, claiming that their supplier was behind in their coating process. They began casting aspersions on the supplier’s lack of process control, communication and even hinted at ethical issues.
While the protocol was for the primary supplier to manage all downstream relationships, this problem had escalated high enough that it was time to call the supplier directly to get to the bottom of the issue and develop a get-well plan.
Negotiating and Enforcing Contract Compliance
Organization understand the importance at managing competitive solicitations and negotiating good pricing. But negotiating a good price has little to do with managing costs, which comes from enforcing contract compliance, effectively managing the procure-to-pay cycle and performing periodic cost and contractual audits. It’s the work done after the vendor contract is negotiated that mitigates the risk of excessive costs.
The other financial risk relates to the reliance on vendors who support your own revenue-producing activities. Examples include fundraising companies, outsourced service providers and fulfillment centers, to name a few.
It may also include vendors whose technologies you use to process financial transactions. Problems with these vendors may delay access to revenue or, in the worst cases, result in lost revenue for your organization.
It’s important to identify and segment these types of vendors to design the most appropriate diligence and oversight activities, and to also integrate with your vendor management operational risk planning as it relates to contingencies.
Regulatory Compliance Risk
This has become a HOT TOPIC in many industries. Nonprofit organizations like health plans, healthcare systems and credit unions, along with those that receive Federal grants, are heavily regulated by Federal agencies. And in many cases certain regulations pass through to third party vendors.
Regulatory compliance risk is the risk that a third-party vendor will violate a law or regulation that your organization has placed on them as a requirement for doing business with you.
Ensure your risk management activities enable you to evaluate how well your vendors are complying with the appropriate laws and regulations.
Even though a supplier may be remarkably reliable, the fact that their component or ingredient is absolutely essential to your finished product makes them high-risk. Partner with a company that oversees these risks to proactively avoid business disruption is key to avoid potential problems.
Audits aren’t just necessary for validating new suppliers––they’re an important tool for maintaining quality and compliance over time. The recent rise in outsourcing only further underscores the importance of having a plan in place to conduct regular evaluations led by skilled quality professionals.
Contact LIMITLESS Cost Reduction Specialists to determine what your Vendor Management Operation and Processes needs are to put a Vendor Risk Plan in place, manage vendor contracts, audit billing for optimal pricing while maintaining quality, negotiate contracts on your behalf and as the result improving your business bottom line.