Vendor Management Tips




Selecting the right vendors and properly managing vendor relationships can help protect your company from damages and long-term losses.

As more work is outsourced to specialized vendors, companies face greater exposure to fraud, security breaches and the possibility of financial losses. When companies outsource, they are still responsible for protecting sensitive information belonging to customers and the company. Consider these tips:

checkbox Invite many vendors to participate in the request for proposals (RFP). Prepare an RFP that covers the majority of business concerns while setting expectations for the vendor from a legal perspective. The RFP often forms the basis of the contract. Vendors with the most flexible terms and highest desire will bubble up to the short list.

checkbox Prepare a detailed questionnaire to determine the level of sophistication of the vendor’s operations, policies and security. The responses can be a barometer of the vendor’s level of compliance with policies important to your company and can also be used as written representation of vendor abilities in the future event of a breach and/or legal action.

checkbox Review three years of the potential vendor’s audited financial statements, including the audit opinion and trends in profitability and cash flow. For software companies, review the level of research and development spending on products. Determine the vendor’s largest customers and solicit opinions from them on the company’s performance.

checkbox Ensure the contract terms are beneficial to your company. Often the vendor will produce the contract. Review it for penalties and termination clauses, warranties offered, and maintenance and annual increases required. Ensure that there is a return of confidential data at termination, remedy for breach, conversion assistance at termination, a right to audit, favorable payment terms, disaster recovery plans and test sites.

checkbox Make sure the contract prohibits assignment without permission and allows for escrow agreements and the avoidance of unfavorable evergreen (or automatic renewal) clauses. Service-level agreements should benefit your company and be measurable and enforceable.

checkbox Ensure you can protect sensitive information belonging to your customers or company. Obtain SysTrust reports, which attest to a system’s reliability and ability to operate without material error, flaw or failure, and type II SAS 70 reports and review the tests of controls.

checkbox Review perimeter controls and policies related to how the vendor restricts access through passwords, patching and encryption, as well as through segregation of duties. Ascertain the tools used to protect against viruses and detect intrusion to ensure they exist and are adequate. Review the mechanisms the vendor uses to protect itself when it engages third parties.

checkbox After selecting a vendor, track statistics on invoice disputes and errors to determine how effectively the recipient of the vendor’s services within your company is reviewing details on the invoices. If your in-house contact is doing his or her job, it is highly likely there will be invoice disputes. Publish those statistics within your company and identify vendors with persistent errors.

checkbox Review volumes and related statistics. Ensure that the company can validate invoice amounts using independent statistics that are internally generated. These amounts should be reconciled to the invoices, and differences should be resolved before payment.

checkbox Track vendor performance and compliance. Periodically solicit from the recipient of the vendor’s services an assessment of the vendor’s performance. Responses to these performance evaluations should stimulate discussions, and in some cases, new RFPs.

checkbox Maintain an inventory of contracts that includes the vendor’s certificate of insurance; initial contracts; current contract amendments and addendums; privacy protection forms; dates of notification, termination or renewals; and the total annual value of the contract.

Joseph P. Savidge, CPA,
is senior vice president of finance and
administration, technology and operations for
Webster Financial Corp., in Bristol, Conn.


Year-end tax planning and what’s new for 2016

Practitioners need to consider several tax planning opportunities to review with their clients before the end of the year. This report offers strategies for individuals and businesses, as well as recent federal tax law changes affecting this year’s tax returns.


News quiz: Retirement planning, tax practice, and fraud risk

Recent reports focused on a survey that gauges the worries about retirement among CPA financial planners’ clients, a suit that affects tax practitioners, and a guide that offers advice on fraud risk. See how much you know with this short quiz.


Bolster your data defenses

As you weather the dog days of summer, it’s a good time to make sure your cybersecurity structure can stand up to the heat of external and internal threats. Here are six steps to help shore up your systems.