Vendor Management: Don't Risk Losing Money or Jeopardizing Reputation
Every contract for outsourced services has risks that need to be managed to protect your organization. From construction projects and cleaning contracts to cloud services, most organizations rely on outside third-parties to provide the goods and services they need to operate effectively.
However, before signing a contract, organizations rarely take the time to understand the risks involved. If you do not actively and effectively manage those risks – consider the associated costs, performance of the vendors and compliance of the vendor against the contract terms and conditions – the price you pay might not only be financial, but reputational.
Every organization should be aware of and actively manage some of the most common risks associated with managing a third-party vendor. Here are seven common vendor management risks and potential consequences.
1. Reputation – The vendor can damage the reputation of an organization through its actions, or lack thereof.
2. Performance – The vendor may fail to meet timelines and/or fail to perform in accordance with the terms of the contract.
3. Compliance – The vendor may fail to comply with laws and regulations governing the performance of the contract.
4. Non-conforming goods or services – The vendor could deliver goods or services that do not conform to the contract specifications.
5. Change order abuse – The vendor could increase the price or extend and expand the contract scope through the use of multiple change orders.
6. Cost mischarging – The vendor might charge the organization for costs (material or labor) that are not allowable, reasonable or allocable to the contract.
7. Data breaches – A vendor could mismanage critical organization or customer data, either intentionally or through the ineffectiveness of its information technology security and controls.
If risks aren’t managed, imagine these potential scenarios that are real-world examples.
- A defense contractor fraudulently inflated the price charged for food and water sold to the U.S. under an $8.8 billion subsistence prime vendor contract. The vendor used a middleman to mark up prices of food and water sold to the U.S. government for troops serving in Afghanistan. The fraud resulted in a $48 million loss to the government.
- Over the span of 10 years, a high school technology coordinator created nine fake vendors as part of a fraudulent billing scheme. The coordinator lined up individuals to pose as vendors and then mailed the vendors’ checks to a P.O. Box the coordinator opened. The scheme netted nearly $420,000.
- Instead of paying its clients’ federal taxes in appropriate amounts and by the regulatory deadlines, one company diverted the funds to pay their own salaries and expenses. They defrauded their payroll clients of more than $2 million.
- While on a project to build a water treatment plant, a sub-contractor prepared and submitted inflated invoices and false change orders for labor and materials provided to the project, which resulted in $4.8 million in overbilling.
Tips for managing your vendor risks
Many organizations do not have the necessary processes or controls in place to address vendor risk management. Here are a few recommendations to help your organization manage its vendor environment.
- Establish a vendor management policy and framework to manage the lifecycle of vendor relationships, including procurement, management and disposition of vendor services.
- Include a “right to audit” clause in your contracts, and use it. Also, require that vendors make available other audit reports, such as Service Organization Control (SOC) reports where available.
- Educate employees involved with vendors to understand risks and manage vendor relationships and performance.
- Ensure internal controlsare designed and operating effectively.
Establishing comprehensive procedures within an organization to ensure compliance of the contractor or vendor against the contract terms and conditions does not happen overnight. To avoid paying the price down the road, start managing vendor relationships before signing on the dotted line.