How to create a vendor risk management programme

Managing risks with your external vendors is essential in a modern supply chain to make sure there is no negative impact on your business

Third-party relationships can introduce a whole range of risks that might impact business operations, data security, compliance, and reputation to the outside world.

In a recent white paper, third-party risk software provider ProcessUnity identifies four key points to creating a vendor risk management programme.

Identify potential vendor risks

The paper argues that companies can waste time and money completing deep analysis of all partners and vendors, when some may well be of very little consequence or risk.  

Their suggested strategy is to categorise and prioritise vendors in order of the potential risk they pose, for example if one looks after customer financial transactions.

Develop strategies for addressing higher risk vendors

If your VRM process has picked out a vendor that may pose some kind of risk, but you still require them as a business partner, it is important to make sure a strategy is in place to stop their potential issues causing you any harm.

The paper suggests working closely with the vendor to try and solve the problem, monitor their performance to make sure matters are improving, and to also have a plan to follow if the vendor crosses a threshold of risk.

Align vendor control environments with your internal framework

Your organisation will already have controls in place to minimise any internal risk, so it is important to work with the potentially risky vendor to find out how effective the controls they have in place to mitigate the issues you have identified. 

A gap analysis can be carried out to establish how far apart the two organisations are, and to work together to try and close the gap in standards. 

Implement ongoing oversight utilising metrics and external alerts

Finally, the whitepaper suggests setting up a series of metrics to measure performance, and the risks that are associated with those issues.  

External alert services can also be a useful tool, to surface if the vendor is having business issues that may impact the performance of their supplied service and allow you to address it quickly.   
 

Supply Chain Risk Management requires revision

Writing recently for Supply Chain Digital, Alex Saric, CMO at Ivalua argued that a new, smarter approach to supplier management is required.

“A new, smarter approach to supplier management is required. To do this, businesses must first adapt their approach to assessing supply chain risk.  Too often, the process is little more than a tick the box exercise on individual suppliers.

It needs to expand to include sub-tier suppliers. Companies are exposed not just to their immediate suppliers, but also to suppliers that their suppliers depend on.”

This is backed up by a 2021 McKinsey survey of global supply chain leaders found that only 48% have visibility into Tier 1 suppliers, 21% into Tier 2 and only 2% into Tier 3.

 

******
For more insights into the world of supply chain read the latest edition of Supply Chain Digital and be sure to follow us on LinkedIn & Twitter.
Other magazines that may be of interest: Procurement, Manufacturing & Sustainability. Also check out our upcoming event in September: Procurement & Supply Chain LIVE London.
******
BizClik is a global provider of B2B digital media platforms, for leaders across: Sustainability; Procurement & Supply Chain; Technology & AI; Cyber; FinTech & InsurTech; Manufacturing; Mining; Energy; EV, Construction; Healthcare; and Food. Based in London, Dubai, and New York, BizClik offers services including content creation, advertising & sponsorship solutions, webinars & events.

 

Share

Featured Articles

Procurement & Supply Chain LIVE New York 2024: Day Two Recap

Day Two of Procurement & Supply Chain LIVE New York featured a number of engaging discussions relating to AI, risk management and supply chain innovation

Executives from Vodafone, Mastercard & SAP at P&SC London

Executives from Vodafone and SAP will join Procurement & Supply Chain LIVE London when it returns on 24 & 25 September at the BDC

Procurement & Supply Chain LIVE New York: Day 2

Join us for day two of Procurement & Supply Chain LIVE New York, the premier virtual event for leaders in North America and Canada

Procurement & Supply Chain LIVE New York: Day 1

Sustainability

Four New Sponsors Join P&SC LIVE London 2024

Operations

Four New Sponsors Announced for P&SC LIVE London

Digital Supply Chain