Sharing Success with vendors

 

Sharing Success with vendors

• Vendor management is an emerging business discipline, being adopted with greater frequency by companies across every industry
• Part of this emergence has been a transition from a purely compliance-based function to an enterprise risk-management function, oftentimes residing outside of compliance in its own vendor management office
• But there is no one-size fits all when it comes to a vendor management program. Rather, every organization should scale its vendor management function to align with its size, complexity and overall risk appetite
• If you are getting a new program off the ground, or in the early stages of getting adoption within your organization,  consider the best practices highlighted below

1. Right-size your vendor management program for you

• Many companies delay starting a vendor management program because it seems overwhelming. Our advice – don’t try to boil the ocean. 
• Get your fundamentals in place and kick things off by focusing on your most critical and riskiest vendors.

2. Set the right tone at the top

• Your leadership must buy into the fact that vendor management is a core business discipline and not a compliance function.
• It’s critical to have buy-in from senior management (and the Board, when applicable) for the program to have teeth, and deliver the type of measurable value it’s capable of

3. Establish governance and engage your stakeholders

• VM involves multiple stakeholders and subject matter experts from across the organization. 
• In addition to the Business Owner who actually manages the day-to-day vendor relationship, you need to establish responsibilities across all lines of defense including risk, compliance, legal, information security and business continuity. 
• You also need to define who is ultimately accountable at the top, and a reporting hierarchy to keep everyone informed and working together

4. Get visibility into your vendors and contracts

• Too many organizations lack even the basic systems to know who their V are and what contracts they have with them.
• Data and documents reside in multiple places including emails, shared folders and file cabinets. You can’t run a VM program with incomplete and disparate data. You need a central

5. Know which risks apply to which vendors

• Not all vendors are created equal, and different types of vendor relationships bring different types of risk. Vendor risk assessments and tiering are core components of your vendor management program. 
• They allow you to know where your risks are with every vendor relationship and align your due diligence activities accordingly

6. Don’t skimpy on due diligence

• Assessing risks is only part of the process, though. Due diligence is where the rubber meets the road in terms of drilling down to really understand your risk exposure and implement the appropriate tactics to reduce residual risk. Be sure to align your activities with the risk level of the vendor – more risk always

7. Be disciplined in contracting

• Contracts are your only opportunity to legally document the business terms to which you and your vendor have agreed.
• Yet contracting is an inconsistent process in many organizations, resulting in unclear expectations and unnecessary risk.
• Your vendor management program should provide for a standard, consistent contracting process that ensures all of the necessary, risk mitigating contractual clauses are incorporated into the final agreement.

8. Establish expectations during onboarding

• Vendor management doesn’t stop once the contract is signed. Rather, that’s when most of it begins. Your vendor management program must address what happens post-contract and who will be responsible.

9. Monitor and grow the relationship like you would any other

• Developing a strong, mutually beneficial relationship with your vendor requires an investment from both of you.
• It also requires following a consistent process for continually evaluating performance, costs, risks and compliance. 
• This is where the relationship can blossom and provide tremendous value, or fall flat and lead to big problems. 
• Nurture your vendor relationships to get the most value from them.

10. Have a formal process for breaking up

• When the relationship needs to end, don’t guess on what to do next.
• Have a formal process for off-boarding your vendors, especially as it pertains to key contractual requirements such as transfer of assets, data, or destruction of confidential information. 
• You don’t want to leave this stuff to chance. So don’t.
• At Vendor Centric, we believe that a formal vendor management program is not a nice to have – it’s a must in today’s business environment
• A vendor management framework is a logical system for developing a vendor management program. The framework includes recommendations for creating the program, acquiring vendors and divesting vendors, managing vendors, and determining and communicating the value each vendor brings

Changing control system

The change control system is a collection of processes that allow change requests to be analyzed, approved, declined, and then managed. A change request enters the change control system. The change request is written, not verbal

Step 1: Identify the need for change and the scale of the issue

Step 2: Set a goal

Step 3: Create a change management map

Step 4: Secure a sponsor and get executive support

Step 5: Distribute resources and get buy-in from teams

Step 6: Collect feedback and make changes where necessary

Conclusion

Remedial change: 

• Fixing something wrong before it becomes disastrous. Turnarounds are high-level examples of remedial change.
• Once you know what type of change you need to implement, you can start looking at your target result

Escalation Path

• Procedure to insure(arrange for compensation) that when problems can't be resolved within an agreed time frame, they are rapidly brought to the appropriate level of responsibility for adequate resolution
• ISSUE MANAGEMENT AND ESCALATION PROCESS

1 Identify and Document Issues

2 Review of Issues

3 Communication of Issues

4 Escalate Issues 

5 Issue Resolution

Step 1 – Identify and Document Issues

• Project Manager, team members or any other stakeholders can raise issues at any time. This can be via verbal dialogue or email
• Issues which cannot be immediately resolved within the project team must be entered onto an Issue/Decisions Log on the Teams site
• All issues are assigned an owner who is responsible to resolve and update the issue on a regular basis
• All issues are assigned a target resolution date

Step 2 - Review of Issues

• Address open issues during the scheduled project/organizational meeting or as necessary. Review and identify new issues for resolution since the last meeting
• Review open issues that have passed their targeted resolution date. Monitor, review and address new or existing issues for possible escalation to the appropriate level
• Update discussions made regarding each issue in the Issues/Decisions Log
• The owner of the issue will document and report status of the issue within the project Teams site
• Issues will be updated weekly or as activities occur to ensure all stakeholders are aware of the progress and status of the issue

Step 3 - Communication of Issues

• The Project Manager will report on issues until they are closed.
• The Project Manager will share the status of the issues with the team members on a regular basis, as well as the Project Steering Committee

Step 4 - Escalate Issues

• Determine whether or not the issue needs to be escalated according to the project’s escalation path.
• Criteria for escalation include:
• Issues that affect more than one project
• Issues that, if left unresolved, may jeopardize a key milestone or deliverable
• Issues of high priority that are not being resolved in a timely manner

Step 5 – Issue Resolution

• Once the issue has been resolved, communicate the resolution to the originator, issue owner and appropriate escalated levels.
• Update the Issue/Decisions Log for the Issue, setting the Status (to closed), the Date Closed, Resolution Comments and note the variance between the Resolution Target Date and the actual Date Closed

 Author: Nazia Tabassum