IT costs are often seen as a small percentage of business expense, generally sitting under 5% of overall business expenses. Many leaders in the past have focused on larger areas, avoiding taking a deep dive into IT cost because there are often complexities (multiple locations, deep-dive auditing of bills, managing a renegotiating contracts) for a small return in cost savings.
A strong external IT resource will still need a focused system in place to manage their day-to-day impact on your business. However, one major problem in the IT industry is that company’s internal IT teams don’t have the time and, in most cases, the resources to manage their IT, Telecom, and VOIP systems at a micro-level. They are too busy managing the system-wide issues that arise daily and impact employees’ productivity on a ground level.
A team mentality must be brought to the contract development and negotiations phase. In too many companies, outsourcing contracts are left to purchasing, legal, and senior executives, then assigned to the managers and staff who will be working with the vendor on a day-to-day basis.Operational staff and process owners don’t always understand the complexities of the initial contract. It is signed and filed – end of story. However, the question remains… is the contract still measured for performance, ensuring nothing which is critical during the life of the contract has been overlooked or omitted?Management teams can deal with hundreds of contracts at once, so it is easy for a contract term, condition, or renewal to slip through the cracks.
The expansion of digital business, growth of cloud services and increasing regulatory scrutiny of third-party vendor relationships are just a few factors placing a heightened focus on vendor risk management.
But not every vendor relationship is created equal. A true, risk-based approach requires organizations to first segment their vendors based on pre-determined criteria, and then establish an appropriate level of ongoing due diligence and oversight activities based on the assigned level of risk. And while the specific activities may vary across organizations, there are three types of risk you want to be sure to address.