What Is a Vendor Management Program?
A vendor management program (VMP) refers to the strategic and tactical measures that a company employs to work efficiently with its suppliers. Vendor management programs include policies and procedures that are explained in shared documents, and they serve to drive cost control, risk management, service, and quality excellence.
Why Do You Need a Vendor Management Program?
Companies of all sizes need vendor management programs to maximize the benefits of outsourcing. With the right plan in place, organizations increase the value of vendor relationships, mitigate potential risks, and create long-lasting, positive organizational change.
Jon M. Quigley, author and Value Transformation, LLC Principal, has found in his many vendor management consulting engagements that synergistic vendor relationships simply make sense for all parties. “To win in a global, intensely competitive economy, use data to drive decision making and collaborate with vendors,” Quigley advises. “Negotiating to get to the lowest price isn’t a best practice in most cases, particularly for critical vendors. The goal is to work with vendors to reach company goals through mutually satisfying agreements and performance that drive profitability, innovation, and transformation.”
A formal vendor management program makes it easier to drive improvements that generate organization-wide benefits throughout the vendor lifecycle.
Benefits of vendor management programs include improvement in the following areas:
- Administrative Efficiencies: Data is fundamental to administering vendor programs effectively. Vendor management software cuts down on data duplication and loss of information and contracts, and it reduces administration labor errors and the resulting costs. By having a central place to store all your vendor data, you can better manage relationships and improve planning.
- Risk Management: Vendor management tools and vendor management programs provide the data you need to identify risks. Armed with data, it’s easier to mitigate risks or choose another vendor that aligns more closely to your desired risk profile. Mitigate risk throughout the contract lifecycle with vendor risk management (VRM) strategies and tactics such as those found in “Risk Management Strategies and Tips.”
- Vendor Performance and Quality: Vendor quality should include robust support after the sale, flexible credit management, good customer service, and strong market knowledge. Quality vendors take a “we, not me” approach and work with your team to innovate products and processes. Learn about methods that foster collaboration and generate quality results with “Vendor Performance Management.”
- Cost Controls: Increased visibility helps control costs. Additionally, collaborative relationships support rational rate negotiation and access to incentives and discounts that increase profit margins.
- Vendor Acquisition: One of the pillars of vendor management is learning the value of each vendor. Rank vendors by importance to help reorganize your roster and, if necessary, to end the relationship with some suppliers. Once you consolidate vendors, you’ll have an even more refined set of criteria from which to select new vendors and define the types of agreements and working relationships that make sense.
- Relationships: Improved processes also support improved relationships. These upgrades build loyalty and help you retain your most valued suppliers in the long run.
- Onboarding: Give vendors information about policies, procedures, and expectations from the beginning of the relationship to save time and resources, and to support better workflows throughout the vendor lifecycle. Learn the keys to effective onboarding with “Vendor Onboarding: Best Practices, Process Flows, and Checklists.”
- Brand Reputation: Better performance, efficiency, quality, and other improvements will raise your profile, create good buzz, and boost your brand.
Learn more about vendor management benefits and how to make smarter vendor management moves by reading our “Guide to Vendor Management.”
Elements of a Vendor Management Program
The elements of a vendor management program define your goals and standards for suppliers, as well as set quality, legal, and financial guidelines. The features you emphasize in your program will vary depending on your business and vendors.
Gerard Blokdyk is the CEO of The Art of Service and an author of more than 50 business management guides, including Effective Vendor Management: A Complete Guide (2020 Edition). He says that successful vendor management begins with determining specific organizational needs. “Begin with due diligence within your organization. Understand your own needs and make a thorough self-assessment before you begin any program. Doing so will prevent problems in the long run.”
Learn more about organizing the way you work with suppliers with “The Guide to Vendor Management Process".
Step One: Prepare for Your Vendor Management Program
You need to address several different areas before you create a vendor management program. One such aspect is the self-assessment, which will help you to prepare the purpose of your program and identify the vendors that will receive the final document. Blokdyk says that creating a self-assessment ensures that you set up the right framework.
The following tool is one of the self-assessment checklists in The Art of Service’s Vendor Management: A Complete Guide - 2021 Edition. The questionnaire will help you understand your needs and what to include to reach program goals.
Provided courtesy of The Art of Service
Download the Vendor Program Management Needs Checklist
Other elements you’ll need to address before you set up your program include the following:
- Risk Management Procedures: Determine the risks that require mitigation, as well as how to and who will manage the overall process. If you’re new to this type of assessment, learn more about the process in “Project Risk Management: Best Practices, Tips, and Expert Advice.”
- Vendor Comparison: Assess vendors and compare their capabilities, strengths, weaknesses, and other attributes. Before you release your vendor management program, get expert advice by reading “Vendor Assessment and Evaluation Simplified.”
- Vendor Risk Assessments: Grade potential or current vendors as part of your third-party due diligence. If you’re new to the process, review the “Simplified Guide to Vendor Risk Assessment.”
Step Two: Elements to Use to Create a Vendor Management Program and Document
In your vendor management program, be sure to cover vendor selection and certification, policies, compliance, confidentiality, standards, oversight, and termination information. The completed vendor management program systemizes and documents policies, procedures, and relationship standards that will govern how you work with suppliers.
The depth, length, and content of vendor management program documentation vary. Some companies use the vendor management program document internally, as a high-level overview for executives to understand how their vendor team operates and protects company interests. Other companies share the document with internal and external stakeholders (including potential vendors) in order to set expectations or as part of the onboarding process. Add contracts, signature forms, and links to portals that collect necessary documentation in the document you share with vendors.
Additionally, seek legal review to ensure the company is protected and that compliance standards are clear.
Here are some topics companies often cover in their official vendor management program and supporting documents:
- Overview: This details the company background and the purpose of the document.
- Vendor Selection: Describe the vendor consideration screening process.
- Policies and Procedures: List any accountability standards set by the company.
- Compliance: This includes the company or legal rules and regulations that govern company activities listed in the vendor management program document. These are the issues that govern how vendors (including IT vendors) must work in data security and customer or patient privacy.
- Confidentiality: Companies typically restrict vendors from sharing trade secrets. They may also require confidentiality due to compliance standards.
- Relationship and Contract Standards: This section defines legal and other expectations for conduct and deliverables, including codes of conduct.
- Required Documentation: Often, vendors need to supply documentation to verify various items, including proof of licensing, equipment certifications, engineering design, drug screens, competencies, and educational degrees.
- Oversight: This section explains how vendors should execute work and how it will be monitored by the company.
- Disciplinary Action and Termination: Describe what will occur if vendors don’t meet criteria, along with any causes for termination.
Vendor Management Program Sample and Template
There is no one-size-fits-all vendor management program — every company builds its program based on its type of business, company standards for quality and service, vendor roster, expectations, and compliance requirements.
“Vendor management programs make relationships more frictionless and productive,” says Quigley. “Documents can and should be shared with stakeholders as a best practice.”
Download Vendor Management Program Template
Microsoft Word | Adobe PDF | Google Doc
Download Vendor Management Program Template
Microsoft Word | Adobe PDF | Google Doc
This sample vendor management program comes from an insurance company. It includes common elements, such as an overview, oversight procedures, policies and program responsibility, vendor rankings, confidentiality, risk management standards, and more. Use the customizable template to generate a new document or refine your current vendor management program, and add links to other documents or vendor portals as needed.
Step Three: What to Do After Vendor Selection and Contracting
Once you select your vendors and sort out official contracts, you’ll need to manage and monitor performance on an ongoing basis. By staying on top of vendor performance, you help ensure that relationships and deliverables flow smoothly and that you keep risks at bay. Take care to regularly monitor the vendor relationship throughout its lifecycle; doing so will fill the gaps between when you began work with the vendor and bi-annual or annual assessment.
IT Vendor Management Programs, Data Security Monitoring, and Regulations
An IT vendor management program ensures that technologies, processes, policies, and procedures meet your business needs, industry standards, and security and government regulations. The need for IT vendor management has grown in direct proportion to data use in business and outsourcing.
Having full IT capabilities in-house is rare. Many companies function more effectively and profitably by outsourcing application development, bill processing, cloud computing, data backups, managed security, network monitoring, receivables collections, payroll services, telecommunications platforms, and other services. That said, there is risk involved when you outsource essential functions that often affect sensitive data.
As Blokdyk says, “Even with risk management protocols in place, organizations often get the sinking feeling that they don’t have a clear picture of the security position of their most critical vendors.
“For example,” he continues, “Ask: Do the vendor’s mobile server software, client software, application management capabilities, device security, and management abilities meet your requirements for performance? Is your vendor securing that data in a manner consistent with your data classification requirements and regulations? Make sure that your vendor’s subcontractors are also risk-checked and held to necessary standards, laws, and applicable regulations.”
You will usually include IT management protocols in contracts and specify them in the larger vendor management program. Risk management audits are essential, and in many cases, auditors should certify that you and your vendors comply with applicable laws and regulations.
Below you’ll find a downloadable chart that includes an overview of some of the many national and international data standards and regulations related to IT, data security, and privacy:
Download IT Vendor Management Data Security and Regulations Overview
GDPR and Vendor Management Programs
GDPR is the most stringent privacy and security law in the world. Although it is a European Union (EU) law, it imposes obligations on all entities that sell to and store personal data about people living in the EU.
“IT compliance needs to be emphasized in all effective vendor management programs,” Blokdyk says. “It doesn’t matter what size company you have. Not understanding or complying with laws outside of the United States, like the GDPR, can be costly.” Penalties can be steep. Fines for non-compliance can reach up to 20 million euros, depending on the severity of the violation.
Enterprise risk management software and vendor risk management solutions can detect and mitigate risks and enforce your IT standards. To identify the solution that is right for your business, read “Pick the Right Risk Management Software.”
The Role of Vendor Management Teams
Vendor management teams manage vendor relationships to ensure that they align with company goals, and help to foster a smooth, fiscally responsible partnership. Vendor management teams also serve as liaisons between vendors and company departments.
Quigley provides an example of vendor management team composition based on his experience with large consulting firms. “The team size and personnel vary depending upon the complexity of the material acquisition,” explains Quigley.
Often, the team resides in a vendor management office (VMO), which is the internal unit that evaluates third-party services and goods providers, supervises daily interactions, and manages longer-term relationships based on the vendor management program dictates. Because of the increasing importance and emphasis on technology, a separate IT vendor management office operates within the VMO. IT vendor management offices establish and monitor IT vendor relationships, set up insourcing and outsourcing standards, and determine risk management policies.
Vendor Management Program Best Practices
Vendor management program (VMP) best practices should support your organization’s stated goals and overall performance. Best practices support overall company goals, use data and technology to continuously improve, provide clarity, and improve relationships.
Below are some VMP best practices:
- Secure Top-Down Planning: Get leadership buy-in from the start and look to right-size the vendor management program for your company.
- Keep KPIs in Mind: Simplify vendor evaluations with KPI scorecards. When you define and monitor goals, you communicate what you need and how you will evaluate deliverables from the first day of the engagement.
- Clarity: The policies, procedures, strategies, and tactics of your VMP should be clear to both internal and external stakeholders. Reach out to the people who regularly interact with vendors so that they can review all aspects of the program to ensure it functions in the real world.
- Foster Relationships: Take the time to engage stakeholders at your company and with your vendors to keep communication lines open. Grow the relationship and see what opportunities you can work on with the vendor to improve and innovate.
- Take Advantage of Technology: It’s easier to track every aspect of vendor management effectively with the right tools to centralize data, track risks, and monitor performance.
For more best practices, refer to the “Vendor Management Best Practices Guide.”
Set Up and Maintain Your Vendor Management Program with Smartsheet
Empower your people to go above and beyond with a flexible platform designed to match the needs of your team — and adapt as those needs change.
The Smartsheet platform makes it easy to plan, capture, manage, and report on work from anywhere, helping your team be more effective and get more done. Report on key metrics and get real-time visibility into work as it happens with roll-up reports, dashboards, and automated workflows built to keep your team connected and informed.
When teams have clarity into the work getting done, there’s no telling how much more they can accomplish in the same amount of time. Try Smartsheet for free, today.