The size and scope of third-party management programs are different from one company to the next. And when it comes to structure, some companies maintain a central vendor management office, while others establish a general framework for their program and push out responsibilities across the organization.
Regardless of how you’ve decided to set up your vendor management function, it’s critical to know who’s responsible for what. RACI charts are a great tool for helping you with that process.
What is a RACI Chart?
A RACI chart (or matrix or diagram) is a visual way to identify the roles of stakeholders involved in a task or a process. RACI is an acronym that stands for Responsible, Accountable, Consulted and Informed. The four letters help to memorize the different roles that people must fill to ensure the proper completion of a process or task.
(R) Responsible: This is the person who is in charge of completing the task. They are responsible for getting the work done or making the decision. It can sometimes be more than one person, but good practice is to minimize the amount of people involved.
(A) Accountable: This is the person who has overall accountability for ensuring the task is completed, and ensuring it’s done on time and with quality. Ideally, this should be one person rather than a group to avoid confusion in terms of who actually owns the task. Oftentimes, this can be the person who is also responsible.
(C) Consulted: These are the other stakeholders who have to be consulted first before the work is done. Usually these are experts who have deeper knowledge or experience about the subject matter. The reason why you want your team member to consult with experts first is obvious: you want to limit the risk of failure.
(I) Informed: These are stakeholders who have to be informed about the progress and/or completion of the task. Maybe they are waiting for input so that they can proceed with their own work. Or maybe they just need to know what’s happening. Keeping everyone in the loop and sending out continuous updates is always important.
Using RACI Charts to Support Third-Party Management
Many stakeholders are involved in the process of finding and managing third parties. While the Business Owner (i.e. the person that owns the relationship with the vendor) is always central to the process, other stakeholders can include representatives from technology, information security, legal, compliance, procurement and even risk. Using a RACI Chart to clarify the roles and responsibilities of these folks is extremely helpful.
To illustrate, here is a RACI for a simple risk assessment and due diligence process for a prospective technology vendor. This is just an example as roles and responsibilities are going to differ for each organization.
We recommend that all of our clients incorporate some form of RACI Chart in their third-party management procedural documents. And while a RACI Chart is pretty simple to complete, the hard part is oftentimes getting agreement between stakeholders.
If you could use a hand aligning third-party management stakeholders in your company, let’s schedule a time to talk.