What is a Vendor Risk Management Plan?

image

Organizations Can Face Vendor Risks through THEIR Actions and Relationship!

Nearly all organizations need to work with vendors or third-party suppliers.  Managing risks posed by a vendor is a critical aspect to running a successful business or nonprofit. Proper management and reduces the risk of Vendor Abuse. When beginning a vendor relationship, make sure that your vendor and third-party relationship complies with the overall governing body that oversees your specific relationship. Companies can face a host of risks by engaging in business with a vendor or a third-party. Especially where confidential, sensitive, proprietary, or classified information is involved, companies can be taking a huge risk by entrusting data to an outside entity.

What is Vendor Risk Management and Vendor Relationship Management and How important is it to understand the Risks if Poorly Managed or Not Manged to Full Potential?

It’s important to understand who or what a vendor is in the context of business projects and goals. Vendors and third parties to any organization can provide a small, one-time need for a single project, or can be an ongoing business partner.

Vendors can be virtually anyone doing business with your company.

These third parties can include:

  • Manufacturers and suppliers (everything from healthcare supplies, construction materials to food services).
  • Service providers, including janitorial services, elevator services, office equipment services, consultants, and advisers.
  • Short-term and long-term contractors. Those of widely varying skills and backgrounds, such as IT experts, developers, designers, lawyers, real-estate developers, meeting leaders, analysts, sales teams, customer-service reps, and more. Essentially, this type of vendor is anyone who provides a service for and to the company that’s not on staff.

Vendor Management is a company’s oversight of the relationships with the vendors, from acquiring them through the delivery of the required goods and services. The person in an organization who oversees these relationships is called a vendor manager and can reside in any segment of the business from human resources, to IT manager, to office manger to CEO, to CFO, to department or facility managers and so on depending on the size of the company and the role assigned. There may also be cases where other employees in the organization may manage the relationship more directly on a day-to-day basis.

Vendor risk management is an important component of vendor management because third parties can pose many risks including financial, reputational, compliance, legal, and more. Therefore, it’s always in a company’s best interest to protect itself from vendor risks – before entering into, during, and even after the vendor relationship ends.

Do you have a Vendor Risk Management Plan?

What Risks is your Organization allowing by not?

How can these Risks Disrupt Business?

Can the Risk impose Reputable Damages?

How much are the Risks Costing your Company … Daily? Weekly? Monthly?

How much Visibility Do you REALLY have into your Vendor and Suppliers?

Are there multiple “eyes and hands” managing the same accounts?

A VENDOR RISK MANAGEMENT PLAN is an organization-wide plan that clearly outlines the types of conduct, access, role, performance etc. that both company and the vendor have agreed on. This document should reflect deep consideration by both parties. The plan should also detail required testing and periodic review to maximize the vendor’s ability to do his or her job, but without compromising the company in any way. Without such a plan or management the organization is risking loss profits, reputable damages, vendor negligence, compliance issues, lack of cost control and competitive losses.

Depending on the vendor and service or material provided, these relationships need to be spelled out step by step, with checklists, to ensure that all steps are followed. The entire organization must buy into the process, and it should provide VISIBILITY TO THE COMPLIANCE, HR, management, departments and legal teams as needed.

Provider/Vendor Fraud

Provider or Vendor Fraud is an “intentional” deception or misrepresentation which results in an unearned benefit to a supplier or vendor, usually in the form of an excess payment.

10 Potential Provider or Vendor Fraud examples include:

  • Provider billing for services that were not rendered
  • Providing services which are not necessary
  • Provider billing for a covered service when a noncovered service was provided
  • Billing for a more costly service than was performed
  • Double Billing
  • Altering and/or falsifying fees
  • Breach of legal or compliance regulations
  • Breach of HIPAA (the Health Insurance Portability and Accountability Act) regulations
  • Data security
  • Loss of intellectual property

These are just a few of the risks posed by vendor and third-party relationships – all of which could result in severe losses to the company, including fines and reputable damages.

Managing risk means ensuring consistency and visibility, so it’s crucial to hold short- as well as long-term contractors to the same risk management standards. Access and other types of secure information may be different for a short-term versus a long term vendor, but regardless of the contract length, the rules around compliance should be the same.

Vendor Management Solutions (VMS) reduces and/or eliminates Vendor Risks by providing the tools needed to access, manage and have complete visibility into vendor billing, agreements, renewals, contracts, assets and supplier – vendor services. VMS improves process and ensures vendors are held accountable to terms and agreements and finds errors in billing and contracts resulting in recovered revenue to the client and increasing bottom line profits.

Contact LIMITLESS for information on Fully Managed Vendor Management Software. 

info@limitlesstechnology.com