Alyned Thinking

Why new thinking is needed and how we are putting our expertise to work.

Requirements for Successful Vendor Governance

vendor governance logo with small white shops and one red one

Setting up a scalable and cost effective Vendor Governance service is not an easy task and there are a number of core business process and solution requirements that are critical for success.

In our previous blog post in our Vendor Governance series we explored the current challenges and future trends we expect in managing vendor risk. The Alyne founders have observed many organisations address this challenge and we have also seen many shortcomings in the various implementations. These are the requirements we believe are success factors.

Business Process Requirements

  • Faster processing of new vendors
    The time from raising the business need to procuring a service needs to be significantly reduced. If multiple parties need to be involved in the process, the risk assessment and decision processes need to be parallelised to save time.

  • Consolidated Assessments
    If multiple stakeholders require assurance, the assessment needs to be consolidated to reduce assessment fatigue at the internal and external recipients of assessments and reduce time and cost for assessment processes. Multiple stakeholders need to be able to gain assurance from a common data set.

  • Deeper risk insight
    The depth of understanding of operational risk, supply chain risk, financial risk, cyber risk and privacy risk needs to be increased through the target Vendor Governance process

  • Automated data analysis
    Gaining the necessary risk insights cannot be dependent on the interpretation of raw data through subject matter experts. The data analysis needs to be automated to reduce the dependency on manual steps. Vendor Governance processes need to enable informed decisions on continuing, updating or discontinuing the procurement of services from a specific vendor.

  • Adaptable assurance
    Vendors should be addressed in a risk based approach according to risk exposure of the service, complexity of the service, previously identified risks and further factors to enable a tailored approach for the specific risk exposure of a given vendor. This also ensures a cost effective coverage of vendors.

Solution Requirements

Based on the business requirements, specific solution requirements become evident.

  • Higher scalability
    The solution needs to scale to cover all vendors with highly planable cost and without exponentially growing complexity

  • Greater cost efficiency
    The initial costs need to be low to prevent an entry barrier in structuring Vendor Governance and then scale with increasing numbers of vendors - while keeping the assessment costs of an individual vendor significantly below manual solutions.

  • Avoidance of workflow gaps
    The Vendor Governance process needs to be supported end to end from the raising of a service request through the business to the remediation of excessive risk. Any breaks in system and workflow create cost, delays and complexity for the process at scale.

  • Better usability
    With more stakeholders involved in the process end to end, the need for an engaging user experience increases. Solutions with the look and feel of a 90s database front end will not lead to the user participation required for successful Vendor Governance.

Unfortunately we have defined quite a requirements catalogue for successful Vendor Governance without very much guidance as to how this may be achieved. We hope you will join us for our final blog post in this series on how to setup successful Vendor Governance and how to decide on what topics to cover. As always, we encourage your opinions and feedback on our posts and look forward to your comments.

Part 1: Vendor Governance - Expensive process and intransparent risk

Part 2: Requirements for Successful Vendor Governance

Karl Viertel
Author: Karl Viertel
About the author
Founder & CEO of Alyne, IT security professional, gadget enthusiast.