3 Common Mistakes in a Vendor Management Program

/in , , , , /by
  1. Not completing a risk assessment on all vendors.

Some companies may decide not to do a risk assessment on a vendor because of the contract value or the type of work that the vendor is performing for the business.  Each vendor that provides a product or service for your business should have a risk assessment completed.  By performing a risk assessment on all vendors, it allows your business to better understand the risks that exist when they use a vendors’ products or services.  Conducting a risk assessment for all vendors is particularly important when a vendor handles a critical business function, accesses sanative customer data, and/or interacts with customers.  It will also help you categorizes your vendors by risk level.  By categorizing your vendors by risk level, it will allow the business more time to focus on those vendors that have a higher risk.

  1. Not conducting vendor reviews.

Vendor reviews help manage your vendor’s performance.  A quality vendor review assesses how the vendor is performing against Service Level Agreements (SLA) and Key Performance Indicators (KPI) that are established in the contract.  It should also show non-contractual performance issues, such as incidents that aren’t measured by a service level.  Understanding the vendors situation, performance and how they handle third parties is crucial for the businesses on-going monitor of their vendors.  Vendor reviews are perfect way to partner with the vendor for a successful relationship and to hold the vendor accountable for their performance.

  1. Storing vendors due diligence material in different places.

Vendors due diligence material assist the business with selecting a vendor, contracting, and ongoing monitoring.  This process can be very difficult for businesses that don’t have a centralized repository to store their vendor documents.  Having a centralized repository for your vendors documents will help streamline and organize your vendor manager program.  With this process in place, it makes it easy for another employee to find the documents that are needed, and the business can also set reminders on when the document needs to be updated.

An independent certified public accountant has examined Strunk’s operations and found them to be in compliance with the AICPA’s Trust Service Principles. It was determined that Strunk meets the Security, Availability, Processing Integrity, Confidentiality, and Privacy criteria for SOC 2 established by the AICPA.