Often hidden within the supply chains of businesses, most companies use a variety of vendors daily. Third parties are the cogs that keep a business functioning and growing, from managing employees to selling and packaging goods. Because of the vital role they play, vendors must be addressed, operated and matured correctly, which is best achieved by having the correct people involved and a structured vendor management framework in place.
Why companies need an IT vendor management framework
More than half of companies (55%) do not practice continuous monitoring of their vendor third parties according to the NAVEX 2020 Third Party Risk Management Top Market Trends and Analysis. Having an IT vendor management framework allows companies to manage policies and processes. It should also help to establish organizational governance and measure and report on vendor management performance.
How the vendor management function is structured impacts its success in achieving company-wide objectives. These objectives and goals directly influence the company’s success and growth. This includes creating a clear set of goals surrounding IT vendor risk, contract and performance management.
Having an IT vendor governance framework is about authority: how decisions are made, who makes them and who is held accountable. IT vendor governance creates an accountability framework that ensures desirable behavior in the application of products and services from vendors to develop optimal performance, compliance and risk mitigation benefits. It can also improve vendor value by increasing vendor ROI, flexibility and establishing clear accountability and escalation for projects at the right levels with IT and vendors.
Measure and report IT vendor management functional performance
Another essential factor of having an IT vendor management function is that it should be responsible for building and maintaining relationships with business stakeholders. Stakeholders and investors can make or break a business financially, so establishing a relationship surrounding managing vendors is vital.
Business partners can sometimes view vendor management as a roadblock, needing more value and causing process delays. This often results in business stakeholders trying to manage vendors themselves without the company’s vendor management involvement. Naturally, this can cause confusion between organizations and their vendors. Part of having an IT vendor management function is collaborating with stakeholders and investors to identify the vendor options that best meet their desired business goals.
With the correct vendor management function in place, companies can communicate and show a business partner the value an internal vendor management process can add to the business.
Gartner® IT shares that not all vendors deliver the same business value, risks or switching and investment costs. An IT function can help to decide the importance of vendors responsive to businesses’ goals and market dynamics through categorization.
The IT vendor management function can also monitor contract terms and deliverables. However, management level can differ between organizations and is driven by vendor segmentation. Some vendor contracts are not managed at all, which eliminates the ability to improve the contract’s value or redefine contract terms. In other cases, contract management is only applied to significant or high-value agreements, often driven using a manual process.
Many companies rely on IT vendors to support business processes. This reliance exposes them to disruption or failure risk, potentially harming their external reputation and finances. According to the NAVEX 2020 Third Party Risk Management Top Market Trends and Analysis, only 59% of companies continuously monitor high-risk third parties for changes in risk. The vendor management function should help identify, analyze, and monitor potential threats and risks.
A reactive process or online management system can help to identify vendor risks, and vendor managers can decide on risk response methods.
To drive improvements, the IT vendor management function should support developing, monitoring, and reporting vendor performance and SLAs. Monitoring vendors’ performance allows companies to act before potential problems arise.
At NAVEX, we understand many organizations share the challenge of finding the right people with the proper skill set. Frequently, several different functions undertake IT vendor management across the organization, often without incremental training. training. This exacerbates the challenge. It is imperative to have competent personnel with clearly defined responsibilities in crucial roles.
For further information and a step-by-step framework breakdown of how your company can successfully implement an IT vendor function, download Gartner IT’s four-step actionable process:
Or, to learn more about how the NAVEX ONE online solution can help your company manage the goals, challenges and risks of your vendors and third parties
GARTNER is a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally and is used herein with permission. All rights reserved.
Gartner, How to Implement, Operate and Mature a Successful IT Vendor Management Function, Joanne Spencer, Refreshed 29 July 2022, Published 10 June 2019