.gif?width=1920&name=Sample-Graphic-Animation%20(1).gif)
3 min read
The maturing landscape of vendor management has been ten years in the making. Take a look at how the third-party risk management thought process has changed from 2007 to 2017.
2007
Common Attitude: What is vendor management? Isn’t it just about getting the lowest price?
Vendor Interactions: Donuts on Friday.
Annual Assessments: Nope!
Risk Assessments: Look at the annual spend.
Board Involvement: How much do we spend?
Performance Management: Staff complain but we have no way to report or record the facts.
Dedicated Vendor Management Department: Unlikely.
RFP to Stimulate Competition: Unlikely.
Contract Management: Contracts are in a filing cabinet. Key dates come and go. There's lack of signing control on contracts.
Policy and Procedures In Place: Why do we need a Policy & Procedures?
Accounts Payable: Process the bill. There's little to no oversight.
CFPB: Doesn’t exist.
2017
Common Attitude: Are we ready when the regulator comes to town? Are we doing enough?
Vendor Interactions: There are monthly performance scorecard calls and ongoing monitoring.
Annual Assessments: Huge improvement - onsite and desktop audit activity on the increase.
Risk Assessments: Review both inherent and residual risk. Scope includes: financial, policy and procedures, SOC, BCP, disaster recovery and regulatory compliance.
Board Involvement: Increased interaction and have formal board acknowledgement.
Performance Management: Improved feedback loop on performance and complaint tracking to address and remediate vendor issues.
Dedicated Vendor Management Department: This is on the rise, but we still see a lot of other departments still try to shoulder vendor management in a part-time capacity.
RFP to Stimulate Competition: This depends on the size and maturity of the organization.
Contract Management: Contracts are in a filing cabinet. Key dates are logged in excel and reminders for contract expiration dates can become a burden to manage. Contracts are reviewed in closer detail with key caveats included. Streamlined contract management system and signing authority policy is in place. Pre-contract due diligence is recognized as a key practice in order to flush out potential vendors who present elevated risk to the organization.
Policy and Procedures In Place: Still room for improvement. They're readily available off the shelf. Policy and procedures are available but are a one size fits all approach. These can become a self-inflicted wound when reviewed by a regulator.
CFPB: In full force, will review vendor management practices at the department and enterprise level, and have also begun to perform vendor oversight on key vendors serving financial institutions.
It's nice to see how far we've come. We'll see how much further we can go and improve in the next ten years...better yet, it will be interesting to see what 2018 will bring.
Learn vendor management best practices to use in 2018, download our infographic.
Related Posts
10 Vendor Management New Year’s Resolutions for 2018
Exercise more, lose a few pounds, adopt a new hobby and spend more time with family and friends are...
Top 10 Vendor Risk Management Best Practices to Take into 2019
It’s the last month of the year! When you leave behind 2018, don’t leave behind third-party risk...
Is Sr Management & Board Involved Enough In Vendor Management? Ask These Questions
A few weeks ago we discussed the importance of senior management and board involvement regarding...
Subscribe to Venminder
Get expert insights straight to your inbox.
Ready to Get Started?
Schedule a personalized solution demonstration to see if Venminder is a fit for you.