Unfreezing Vendor Risk Management Tasks

This time of the year, if you live in a similar climate as I do, when you step outside the temperatures are frigid. You’re bundling up as much as possible and layering on sweaters, coats, your hat, gloves, scarf, to avoid freezing. Interestingly enough, if you’re like many of us in vendor risk management, you may also notice some of your tasks have become frozen. With limited time and resources, it’s easy to “freeze” a task or put it on hold to jump on other priorities.

However, before the year ends, it may be a good time to regroup and determine what still needs to be addressed. Even if you can’t accomplish it this year, maybe you can (probably should) make it a priority for 2020.

Here are some common vendor risk management tasks that we often see going stale:

1. Reaching out to Accounts Payable to compare your actively managed vendor list with their file
2. Ongoing vendor due diligence
3. Refreshing the vendor management policy and program
4. Relaying significant vendor changes to senior management and the board – Yikes!
5. Tracking important contract dates and organizing your contracts

Why You Shouldn’t Freeze Vendor Management Tasks

Freezing vendor risk management tasks can become problematic for a variety of reasons. Here are some that come top of mind:

1. Non-compliance
2. Exposure to additional vendor risk
3. Missed contract dates aka causing the organization a loss on ROI
4. Lack of communication with vendors, senior management and the board
5. Decline in service levels
6. Failure to oversee active vendors
7. Customer complaints
8. And more!

All of these reasons are why you should “unfreeze” your tasks. You’ll likely will be audited or examined in 2020. It’s better to identify program gaps and risk before an auditor or examiner does. Be proactive and address any issues or concerns. There are some ways to help with defrosting the windows and driving these tasks home.

3 ways to help you unfreeze your tasks:

1. If budget allows, hire additional internal resources to help accomplish these tasks. If budget is tight, it may make more sense to outsource to a third party expert. You can outsource the most time-consuming projects only, such as gathering and analyzing due diligence reports (e.g., SOC report, business continuity plan, financials).
   
   
2. Speak with the vendor. Maybe there is something they should be doing better to help streamline your internal processes. For example, is this a vendor who provides you a SaaS software? In this case, are their efficiencies that can be put into place within that particular software that could help you out?
   
   
3. Implement a tracking method. Set up alerting to notify you when due diligence needs refreshed, contracts need reviewed, etc.

Head into the New Year strong. De-ice those tasks that have been pending.

Make sure that you are managing the right vendor management tasks. Download the checklist.