As vendor management has evolved from contract management a decade ago, focused upon risk management and regulatory compliance, the emerging challenge is keeping track of all the elements required to keep pace. You can no longer run an Excel or SharePoint solution from a server in the corner of the IT Department to get the job done. Vendor management requirements have grown too large and too widespread.
Vendor risk management, as defined by the FFIEC across a multitude of vendor analytical dimensions, was the first layer of complexity to be placed on top of traditional document repository contract management systems. Today’s fully-featured solutions have expanded upon this layer to include vendor news monitoring, vendor risk alerting, performance risk inclusive of SLA monitoring, the many facets of onboarding and ongoing due diligence review and risk assessment, complaint and social media monitoring, information and cyber security reviews, on-site evaluations, fourth-party risk review practices, and most recently, the newly unveiled concentration risk analysis.
The key to a successful vendor management program is in the quality of its tracking and documentation:
- What vendor documentation do you have?
- When does it need to be updated?
- What documentation have you reviewed?
- Where do you require added focus or should concern be raised?
- Who are you still waiting on to respond?
- What needs to be reported upward?
- How long has it been since last contact?
- How is the vendor performing against the contract?
- When does the contract renew and what are your options to terminate/renegotiate?