What to Do When the Vendor Contract Has Been Signed Unexpectedly

Have you been in this situation? Someone at your organization signed a vendor contract, but they shouldn’t have. This is a nightmare scenario many third-party risk managers have faced at one point or another. So, what do you do when the first time you hear about a new vendor contract is during committee meeting, or worse, when a problem has already occurred?

9 Steps to Get Back on Track After a Vendor Contract Has Been Signed

Here’s a few steps to help you get things back on track:

1. Stay calm. Relatively speaking, of course. Refrain from hitting the “panic button,” which inevitably can make a situation worse.
   
   
2. Get to the source. Who signed the vendor new to the organization? Are they new to the organization, or, more importantly, are they authorized to sign? Typically, these situations are usually matter of rushing, or accepting a vendor boiler plate as one-size-fits-all. We've witnessed horror stories where a business manager, with the best of intentions, simply wants to get a contract signed but doesn’t give it adequate review. This is what we like to call “short-term gain, long-term pain.”
   
   
3. Revisit the program document. Make sure to go back and check your vendor management program document, or the vendor management governance documentation you have on file, to make sure it clearly lays out the steps for bringing on a new vendor and then share that with the person who signed it. Additionally, confirm it addresses all areas of the vendor risk management lifecycle, which include vendor selection, risk assessment, due diligence & third-party selection, contract management, ongoing monitoring, exit strategy and termination.
   
   
4. Analyze what went wrong. Here’s where you want to put on your problem-solving hat in order to help prevent these kinds of scenarios in the future because hasty contract signing can lead to a whole host of issues. Take the time to dig in and find out what caused the occurrence.

5. Educate your internal teams. Determine whether it was an isolated problem, or whether wider education may be needed around the organization.
   
   
6. Update senior management and the board. Be sure to update your risk committee and senior management as to the incident, particularly if it would be considered a high-risk or critical vendor. The board relies upon senior management and vendor management to keep it informed and engaged. The front-line management also relies on senior management and vendor management to identify who needs to be involved and when, and if there’s a breakdown, it’s imperative they know.
   
   
7. Remember, it’s a team effort. A strong vendor management program relies on everyone in the organization to carry out their roles and to be the eyes and ears of anything that needs to be attended to – whether it’s new vendors or changes in existing vendors that need to be terminated at the conclusion of a contract. Make sure to re-address this with the organization and get everyone on the same page.

8. Do your homework. Take time to perfect the files. Even if the contract has already been signed, whether you think it was a good decision or not, don’t skimp on the regular duties. Make sure due diligence and a risk assessment are both done on the vendor.
   
   
9. Crosscheck your inventory. If anything, this is a lesson learned that it’s also worth checking your overall vendor inventory against accounts payable to be sure there are no other surprises lurking.

A disciplined contract management process and approach as well as follow up are key to keeping these sorts of incidents in check and preventing further occurrences. Also, don’t forget, vendor management, like compliance, relies on the combined efforts of everyone on your team. Your board, senior managers, colleagues, customers and your shareholders are all relying on a strong, efficient system that protects its sensitive information and the overall health of the organization.

Be ready for your for vendor contract renewals by proactively preparing. Download the checklist.