Vendor Centric Blog

Do You Really Know Your Third Parties?

In a recent benchmarking survey on third party risk management, 72% of respondents said they “cannot produce a complete report of all of their third parties quickly and easily.”


While many people believe this information lives in their accounts payable system, the reality is it doesn’t. Nearly all a/p systems capture very limited information about paying your vendor, and absolutely no useful information about the myriad legal, compliance and risk obligations you need to understand and manage with the vendor.


Creating and centralizing profiles on your third parties is the only way to have the visibility, reporting and management capabilities you need to really know (and effectively manage) your vendors and other third parties. At Vendor Centric, we believe that the foundation of a solid profile requires three things. 


  1. Tracking basic corporate information about the vendor.

  2. Knowing your contractual obligations so they can be managed.

  3. Understanding the risks to which you are exposed so they, too, can be managed and mitigated.


Here are some additional details on each.


1. Corporate Information


The foundation of your profile starts with capturing basic information about the vendor themselves. This provides visibility into the organization as well as the people with which you’ll be working. At a minimum, your basic

vendor profile should include:


  • Legal name

  • DBA (doing business as) name

  • Contact information (account manager, billing, help desk)

  • Address

  • Website

  • Ownership structure

  • Date of business formation

  • Tax ID number

  • DUNS number

  • Special classifications (i.e. small, minority, woman or veteran owned)


2. Contract Information


Can you quickly and easily see all of the contractual obligations, terms and conditions you have with your third parties? Most organizations can’t. And that’s not good.


Contractual obligations are serious ones. They obligate you and your third parties to a variety of financial and legal requirements. At a minimum your profile should incorporate the following contractual information:


  • Contract owner

  • Type of agreement (master services agreement, statement of work, addendum, etc.)

  • Brief description of the contract

  • Start and end dates

  • Auto renewal provisions

  • Termination requirements

  • Notification dates for termination

  • Deliverables

  • Service level agreements


The more data you pull out of each contract, and include in your vendor profile, the more comfort you can have in knowing that stakeholders understand contractual requirements and a contract manager is actively managing all of the legal obligations between you and your third parties.



3. The Third Party Risks the Vendor Presents


The third component of a complete vendor profile is the identification of the key risks presented by the relationship. Each third party presents a different level of risk when it comes to risk areas such as reputation, operations, transactions and information security.  Identifying the risk associated with each vendor by conducting a risk assessment will provide visibility into the appropriate level of due diligence and oversight you need to maintain.


Some of the big risks you want to evaluate and capture as part of your vendor profile include:


  • Does the third party collect, store and/or process confidential or sensitive data (e.g. nonpublic information)?

  • Will they be using subcontractors or other suppliers/services providers (i.e. fourth parties) in their delivery of services to you?

  • Are they on any excluded parties or sanctions lists?

  • Are any key executives on politically exposed persons (PEP) lists?

  • Is there any pending litigation or bankruptcies that could impact the health of their organization?


Remember. Knowing these risks only provides you with visibility. A solid due diligence process is where you’ll dig deeper into each risk area to understand what your true exposure may be, and to ensure that you’re comfortable that the risk is being mitigated.  This is where you can dig into things like financial health, employment practices and information security practices. 

Please reload

Subscribe to the

Vendor Centric 


Subscribe to the

Vendor Centric 




Rethinking Vendors

Our flagship publication shares our philosophy on power and untapped value of vendor relationships.

The Nonprofit CFO's Guide to Virtual Credit Cards


A step-by-step guide to automating a/p payment processing and creating new streams of revenue.

Subscribe to

Our Podcast

Related Blog Posts

Please reload

Quick Links

Contact Us

9841 Washingtonian Boulevard Suite 200 Gaithersburg, Maryland 20878


(240) 813-1170

Follow Us

  • Vendor Centric Facebook
  • Vendor Centric Twitter
  • Vendor Centric LinkedIn

Subscribe to our newsletter

Subscribe to our

Rethinking Vendors Podcast

Vendor Centric Podcast

Copyright © 2018 Vendor Centric. All rights reserved.