Institutions are utilizing more vendors than ever to provide services for their customers. While this can mean more efficient and cost effective offerings, it also means having a robust vendor management program in place. In my time working in the financial industry, I’ve seen institution after institution fall victim to the following three vendor management pitfalls.
Not understanding who actually belongs in a vendor management program
Often, when someone hears “vendor management”, the assumption is that it means every third party you pay money to needs to be in the program. This actually isn’t the case. The focus for a vendor management program is third parties you have a business relationship with that perform operational functions integral to your product or service offerings. Think of it this way: The provider of your loan origination software is a vendor. They’re directly involved in the services you provide to your customers. The guy who delivers your copy paper? Not so much. They are simply a supplier, not a vendor, and don’t belong in the program.
Monitoring every vendor, and every point
A common misconception for people maintaining a vendor management program is that they need to examine everything available for every vendor, but that isn’t necessary. You want to monitor based on the vendor’s inherent risk rating. The higher the inherent risk, the more monitoring is required. This works in the opposite direction also! The lower the inherent risk, the less monitoring is required. In other words, you don’t need to monitor every available SOC report for every vendor, just your highest risk ones. Monitoring only what’s relevant allows you to spend your time in your vendor management program more efficiently.
Having contracts in many different places
Time and time again, I see institutions with their contracts in many different places. Centralizing your contracts means having all the pertinent details of your partnerships right at your fingertips whenever you need them. You should also never be surprised by the renewal of a vendor. Centralizing your contract location facilitates effective tracking of renewal dates. Tracking dates means being prepared for these actions, and seeing them in a holistic view with the rest of your vendors.
Learn more about vendor management program and other risk assessment topics at the upcoming 7th annual WolfPAC User Conference. You will earn 11 CPE credits, and have the opportunity to network with your peers. Choose to attend at Mohegan Sun on October 29-30 or Mandalay Bay on November 5-6.