Vetting a Vendor: Questions to Ask Before Making an Investment

BY JAMES F. LEON, CPA, ED.D.
October 1, 2010

Editor's note: Also read "Cloud Computing: What Accountants Need to Know" in the October 2010 issue of the JofA.

 

Ample research must be done before selecting any vendor, but specific areas should be addressed when choosing to move your data to the cloud. The following are some questions to ask a potential provider and other considerations. Note that some of the information can be checked or reviewed in the service-level agreements or contracts.

 

Costs

Analyze costs carefully. While most vendors offer pay-as-you-go pricing, an annual contract is often required. What is the minimum length of the contract for services? Are there termination fees? Yearly price increases? What happens if you want to add more users or reduce the number of users to the contract?

 

What are cost estimates for a single user vs. five, dozens, hundreds or thousands (bulk discounts are typically available and usually are not advertised)? Is technical support provided free of charge? Are there early cancellation fees? Charges for upgrades? If the vendor raises its fees, are you locked in to the original price? What additional costs may be incurred beyond routine contractual expenses? Is there a fee to transfer data from another vendor’s application? Is there a fee to transfer your data from the vendor at the end of a contract? Is a free trial available?

 

Reliability

Analyze performance. What percentage of the time is the data available (uptime)? What is its anticipated scheduled downtime, and how does the vendor notify customers about when it is taking place? Check its reliability statistics. You should be looking for one that is in the 99% or better range. These days it is not uncommon to see 99.999%.

 

Are there any guarantees for availability or credit for not meeting agreed-upon performance levels? How fast is the response time? What performance issues (if any) exist? How often are upgrades provided and what kind of advance notice and/or training is provided? Can customers control when and whether to turn those upgrades on?

 

How often is maintenance performed? What happens in the event of a power outage? Is there a disaster recovery plan in case the service’s infrastructure is disabled or destroyed? How fast is disaster recovery? Verify that a full daily backup of data is performed at minimum and that a redundant backup center exists in one or more locations (preferably in different states in case of a natural disaster such as a hurricane or earthquake).

 

Security

Your company’s critical data is being stored with a third party outside your office walls. Controls need to be in place for transmitting data to the provider securely over the Internet. Are controls in place for storing data, such as encryption? Is a strong user-authentication system in place? Has the provider had an SOC 2 and/or SOC 3 engagement performed on its data center to verify it has proper controls in place? Ask for a copy of the report and a copy of the vendor’s privacy policy. Also inquire as to how security breaches are handled, including specifically how soon customers are notified.

 

Support

What technical support is available? Is there 24/7 live human support? Does the vendor offer assistance in making the transition (for example, data format conversion) from your current system to theirs? Upon termination of services—when the vendor no longer serves your company—what process will the vendor follow to return your company’s data to you? Is the vendor willing to meet with and demonstrate its applications to decision makers in your company?

 

Integration and Development

Ease of integration is an important factor to consider when making technology purchasing decisions. While some Web-based applications can easily build upon one another and seamlessly transfer and share data, that is not always the case. Evaluate how well the application integrates with your existing ones (both in the cloud and on-premise).

 

Some vendors offer application program interfaces (APIs) for your software developers (if you have any). This allows your developers to write custom applications that are hosted by the vendor and also allows developers to integrate those products with on-premise or other Web-based applications. The vendors may also allow for the sharing of applications between customers through an online shopping mall of sorts.

 

—By James F. Leon, CPA, Ed.D., visiting assistant professor, Department of Computer Science, Northern Illinois University.

 

More from the JofA:

 

 Find us on Facebook      Follow us on Twitter

 

PROFESSIONAL DEVELOPMENT: EARLY CAREER

Making manager: The key to accelerating your career

Being promoted to manager is a key development in a young public accountant’s career. Here’s what CPAs need to learn to land that promotion.

PROFESSIONAL DEVELOPMENT: MIDDLE CAREER

Motivation and preparation can pave the path to CFO

CPAs in business and industry face intense competition to land a coveted CFO job. Learn how to best prepare yourself for the role.

PROFESSIONAL DEVELOPMENT: LATE CAREER

Second act: Consulting

CPAs are using experience to carve out late-career niches. Learn how to successfully make a late-career transition to consulting, from CPAs who have done it.