Vendor Management Policy Tips

Topics: Risk Management

Simple vendor management advice for small businesses

Few relationships can do more to power a small business than a vendor relationship. In fact, recent research found that small and medium-sized businesses are investing between 45 percent and 65 percent of their sales revenue on the procurement of materials or services.

One of the keys to a thriving business, strong vendor management helps control costs, strengthen service and reduce risk. Considering the rapid advances in digital technology and the changing regulatory landscape, successful vendor management is more important than ever.

Vendor risks 

While they provide efficiencies, cutting-edge capabilities and, oftentimes, cost savings, vendors also expose businesses to an array of risks. Here are several risks that vendors can pose, along with the possible ramifications:

  • Violation of legal or compliance regulations – These missteps could result in large fines while opening the door to damaging lawsuits.
  • Data security breaches – Mismanagement of critical organization or customer data could lead to the loss – or compromising of – employee or customer data. Aside from the financial ramifications, the damage to the company’s reputation could be devastating.
  • Loss of intellectual property – Having trade secrets and other guarded information exposed could cost a company its competitive edge, as well as substantial revenue.
  • Contractual disputes – They can lead to fractured vendor-business relationships and potentially costly lawsuits.
  • Operational breakdowns – They can stifle efficiency and quickly erode a company’s profit margin.
  • Excessive costs and lost revenue – Neither is good for business.

Vendor statistics

If your business works with vendors, here are three statistics to consider:

  • In 2017, an estimated 19 percent of security incidents were directly connected with third-party vendors.
  • In 2016, over 60 percent of all data breaches were linked – directly or indirectly – to third-party access.
  • Only 52 percent of companies have security standards for third parties.

Statistics like these demonstrate the need for strong vendor management, also known as third-party risk management (TPRM). Successfully managing vendor risk requires analyzing and controlling the risks presented to your business, your data, your operations and your finances.

Vendor management policy tips

To help manage the risks posed by vendors, here are seven considerations:

1. Be in the know. The best way to do so is to create a vendor management policy. It identifies which vendors put your business at risk and then outlines the controls you can implement to help lessen that risk. To create a policy, work with an attorney, a procurement specialist and an IT professional, along with members of your management team.

2. Vet prospective vendors. Establish a thorough review and disclosure process for investigating new vendors. The disclosure should include any possible association with your existing vendors or your employees.

3. Communicate and collaborate. View each vendor relationship as a partnership. By working together, you and your vendors can more efficiently address concerns, solve problems and move your business forward.

4. Tap into the power of tech. Don’t have a procurement team? Consider procurement software. Whether cloud-based or on premise, the software enables you to purchase goods from approved electronic catalogs in accordance with company buying rules. Additional capabilities include catalog and order management, asset management and inventory, reports, billing and vendor management, requests for quote, purchase contracts, approvals and requisitions.

5. Educate your staff and vendors. A key component of vendor management is compliance. Ongoing compliance training will help keep everyone current on new regulations and requirements.

6. Implement a strong incident detection and response plan. Incident response (IR) plans are designed to limit the damage caused by cyberattacks and data breaches. Work with your vendors to find and then close gaps in security before a breach happens.

7. Actively monitor and regularly audit. Risk management technology providers offer tools – from compliance templates to risk assessment questionnaires – to help you assess and evaluate your vendors’ performance.

For help building a strong vendor management program, check out the Definitive Guide to Vendor Risk Management.

Staying safe, every step of the way

Helping fuel many small businesses, vendors can pose an array of risks, from financial and reputational to compliance and legal. For these reasons, it is critical that businesses protect themselves – before, during and after every vendor relationship.

To help protect your business from cyberattacks, AmTrust offers cyber liability insurance, which covers certain losses incurred due to data breaches. For today’s small businesses, cyber liability insurance is a key part of a solid risk management portfolio.


Time Zones