Taking a risk-based approach to vendor management is growing quickly in importance as businesses work with a broader base of vendors.
Business expansion and increasing regulatory scrutiny of vendor relationships are a few factors placing a heightened focus on vendor risk management within an organization. Not all vendor relationships are created equal. Using risk as a factor in your vendor management strategy requires a company to categorize their suppliers based on internal criteria, and then perform an appropriate level of ongoing oversight based on the determined level of risk. While the specific areas of concern may vary across companies, there are three types of risk that are common to almost all businesses.
Operational risk is the risk that a company may experience if a major issue arises with your organization if a vendor’s process or system fails. This risk aligns directly with your reliance on a vendor, and is typically greater with vendors that provide services such as outsourcing, IT systems and data.
There are two good ways to mitigate operational risk: 1) perform periodic on-site audits and/or business reviews, and 2) create a back-up plan should you experience a failure with a high-risk vendor. These two risk-mitigation techniques are directly related, and should be implemented across the board, but especially for business-critical vendors.
Financial risk is the risk that your organization is negatively impacted financially due to a vendor relationship.
Unmanaged costs tend to get the most attention. Most businesses have become focused on requesting competitive bids and negotiating terms. Often, those contracts were signed without knowledge of market conditions and rates (see our post about Optimizing Vendor Contracts). Negotiating a good price has little to do with managing costs, which comes from enforcing contract compliance and performing periodic cost and contractual audits. It’s the work done after the vendor contract is signed that mitigates the risk of excessive unmanaged costs.
Regulatory Compliance Risk
Regulatory compliance risk is the risk that a supplier or vendor will violate a law or a regulation that your organization has placed on them as a prerequisit for doing business with you.
This is becoming an increasingly important issue. For example, nonprofit organizations like health plans, healthcare systems and credit unions, are heavily regulated by Federal agencies. In many cases certain regulations pass through you to your vendors.
If you’re in this situation, you’ll want to ensure your risk management procedures enable you to analyze how well your vendors are complying with the required laws and regulations. Regularly scheduling a review of their practices to determine whether your vendors are aware of both new and existing regulations, and they have policies and procedures in place to implement them. Data privacy is of specific interest to regulators making it important to ensure compliance with laws, regulations and best practices proposed by the regulatory bodies.
There’s no shortage of risks when it comes to your vendors. The key is to carefully assess risk so you can properly categorize and manage your most important and riskiest vendors. The last thing any company needs is to be held responsible for something their vendor did, because they did not manage the risk effectively as part of their vendor management process.
About Limitless Technology
Limitless Technology, LLC has been managing complex indirect spend and vendor documentation since 2006 for some of the largest companies in the USA saving them millions in costs.
Through our Billing Optimization and Vendor Management Solutions proprietary platforms we utilize technology, processes, expertise, time, and resources to improve our client’s bottom-line.
Limitless Technology manages your vendors, so you can manage and grow your business.
For Additional Information Contact us at: