For the vast majority of organisations, key strategic imperatives involve the use of third party suppliers. To achieve processing efficiency and cost savings, among other objectives, there’s simply no other way. But, as much as sourcing and offshoring initiatives are beneficial, they’re not without their risks. And as supply chains become more extensive, complex and sophisticated, our vendor risk management must evolve with them.
Vendor risk management is concerned with protecting an organisation from any potential risks that a third party supplier poses. The risk could be to any facet of the business – general disruption, financial, reputational.
As outsourcing increases throughout the corporate world, VRM is becoming an increasingly important part of all risk management framework. We involve third parties to drive down costs and allow more time for us to focus on what we do best, but we must also ensure these vendors are behaving in a way that’s in line with our own standards, because whatever risks they are exposed to, so are we.
Outsourcing arrangements have increased in complexity, which means the risks they expose us to have as well. These include:
Damage to an organisation’s reputation can be extensive and extremely difficult to undo. Third party suppliers can pose reputational risks when there are interruptions to services or supplies, or when there’s an issue with safety or quality. However, the greatest risk to an organisation’s reputation can occur when one of their vendors is found to be in breach of adequate employee arrangements (think modern slavery).
This is a big concern when it comes to VRM. All organisations are fully aware that sensitive data – such as customer information – should only be accessible to those with approval. If there’s a breach due to poor cyber security, the consequences can be dire. And if the breach has occurred within a vendor’s operations, it may as well have been within the organisation itself, such are the ramifications.
Pivotal aspects of an organisation’s operations are often supplied by third parties. For instance, an IT vendor might be responsible for the running of an organisation’s online store. If there is a failure in their service, a core component of that organisation’s operations will be out of action – immediately and without warning. This is a good example of why the vendors’ operational integrity needs to be as good as the organisations using their products or services.
All of the above points lead to one destination: financial loss. Supplier failure or poorly managed contracts can hurt an organisation’s bottom line, either directly or through reputational damage. Proper vendor risk management is absolutely vital if the advantages that vendors offer are to be realised.
The contract is an incredibly important document that provides the best defence against vendor risk – if drawn up appropriately. Here’s what you need to consider:
Procurement plays a vital role in protecting the organisation through vendor risk management, a lot of which comes down to drawing up an appropriate contract. Academy of Procurement provides in-depth contract management training that covers all the relevant aspects, from SLAs through to corporate governance. Develop the skills so your organisation can reap the benefits of working with third party vendors without exposing itself to unnecessary (and potentially crippling) risk.