State of Third-Party Risk Management Highlights: Vendor Contract Management

According to Venminder’s State of Third-Party Risk Management 2022 survey, most vendor management programs (28%) have between 100 – 300 vendors to manage and 18% cite having 301 – 500 vendors. And, many organizations have multiple contracts with one vendor for various products and services, so it follows that the more products, services, or vendors an organization has, the more contracts they need to manage.

Managing contracts can be challenging for many organizations, but having a solid third-party risk management program that incorporates a contract management process can help ease the burden.

According to survey respondents, some of the primary benefits of TPRM are contract-related and include:

• “Meeting regulatory and client contractual agreements.” – Healthcare, 501 – 1,000 employees
• “Cost savings, better contract negotiation, and business continuity.” – Wealth/Asset Management, 1,001 – 5,000 employees
• “Gives us a timely review of contracts (sufficient time to negotiate costs and/or services).” – Credit Union, Less than $1B

4 Ways to Incorporate a Strong Contract Management Process Into TPRM

Incorporating a robust contract management process into your third-party risk management (TPRM) program is essential. Here are four recommendations:

1. Consider that vendor contract management is made up of stages. You’ll want to define what happens within each stage, which includes:
   
   • Internal Planning
   • Negotiating/Creating/Drafting
   • Approving/Executing
   • Storing the Contract
   • Managing the Contract
2. Establish extensive contract tracking (e.g., setting up automated alerting to track key contractual dates like an auto-renewal clause or termination date)
3. Have a central and searchable repository with comprehensive reporting for all contracts
4. Ensure service level agreements (SLAs) are a part of your vendor contracting process. To ensure your vendor is providing what you expect and requested, ensure you track and monitor their performance against the SLAs and other contractual terms.

Effective third-party risk management often leads to cost avoidance, realized through improved management of contracts, better third-party service levels, strong regulatory compliance, and the prevention of business interruptions. Ensuring there is a solid vendor contract management process will set your organization up for success.