In my time as a third-party risk management consultant, I’ve worked with organizations large and small. Some have thousands of vendors and some have hundreds. Some operate in a centralized procurement environment and others do not. Some have annual revenue of $2 Billion or more and others have $40 Million or less. Regardless of the organization’s size, when I begin a third-party management consulting project (especially when we are helping our clients implement a vendor management system) I usually find that organizations simply don’t have a good understanding of how many active vendor relationships they have.
Some would think that the larger the organization the more likely they are to have a process and system in place to keep track of their vendors. In most cases, that statement does not hold true. Large and small alike, it is common for me to see departments maintaining their own lists of vendors, databases being populated with inaccurate information (or no information at all) and contractual documents being stored in a number of different locations (on shared corporate drives, within email messages or even in filing cabinets!).
The reason I bring this topic up isn’t to scare you – it’s to let you know that you aren’t alone! And as more and more organizations are taking a serious approach to third-party management, creating and maintaining an accurate inventory of your third-party vendors is a great place to start.
Here are four tips you can use to maintain a reliable inventory of your vendors.
Tip #1 – Follow the Money
As I mentioned earlier, it’s not uncommon for each department to maintain their own vendor list. This not only creates lack of visibility across the organization, but can easily result in vendors being unmonitored and flying under the radar.
If you want a good place to start to truly see who your active vendors are… ask Finance to run a report from your Accounts Payable system. It may take some time to sort through the various types of disbursements of funds, but once you can separate “vendors” from the other payments your organization makes you’ll be able to see who your third-party vendors are. You might even identify some cases in which a vendor is still being paid and there is not an active contract on file!
Tip #2 – Use a Vendor Management System (organization-wide)
Excel spreadsheets, access databases, filing cabinets… vendor and contract information probably lives in all of these locations and maybe some others, too. But wouldn’t it be nice if there was one, central place where anyone in the organization could go if they wanted to answer questions like: “How many contracts do we have with Vendor ABC?” or “Who is the vendor that provides service XYZ?”
Vendor management systems allow you to maintain your “source of truth” (i.e. your complete vendor list), but they also do much more. You can use vendor management systems to manage the entire vendor lifecycle, from procurement to contracting and from ongoing oversight to offboarding. Vendor management systems also give you the ability to see the entire profile of the vendor, which a/p systems can’t do. Take a look our recent blog post about different types of vendor management systems that are available in the marketplace to understand which is right for you.
Tip #3 – Assign Responsibility for Data Maintenance
The people within your organization who have business problems to solve (and who are finding vendors to help solve them) don’t have the time to make sure all the required data points are added to a vendor management system. They simply want to execute the contract and begin working on a solution. Often times it’s these people who are maintaining the organization’s “vendor list” and that’s when the data starts becoming a bit more inconsistent.
If you’ve followed Tip #2 and have implemented a vendor management system, it’s very wise to set some rules regarding who can add new data or modify existing records within your system. Data is only useful when it is accurate and when it can be trusted. An approach I’ve seen that works well is to limit the responsibility for adding and maintaining vendor/contract data to only one or two people (usually staff within the Vendor Management Office, VMO). This way, vendor information and contracts are added in a consistent manner to your system, and the VMO gets their eyes on everything, too.
Tip #4 – Use Standard Naming Conventions
Once you’ve set some ground rules regarding who has the ability to add and modify your vendor data, establish some naming conventions for things like contract records and vendor names. It should be easy for someone to navigate to a vendor’s record and see what types of contracts are on file. If the contract record is named “Amendment” or “Master Agreement” that doesn’t provide much context. However, if the contract record is named something like “Amendment 1 to Software Licensing Agreement,” that can point someone in the right direction.
Organizations of all sizes share the challenge of maintaining an accurate inventory of vendors. So, don’t worry, you aren’t alone! While establishing an accurate inventory of your third-party vendors may take some time and effort, it’s a pretty easy win (low-hanging fruit in terms of the necessary components of a third-party management program).
If you have any questions about the topic covered in this article, or want to discuss any other third-party risk management issue, just let us know! Reach out to us and we’d be happy to help.