Vendor Management Tips

BY JOSEPH P. SAVIDGE

  

 

Selecting the right vendors and properly managing vendor relationships can help protect your company from damages and long-term losses.

As more work is outsourced to specialized vendors, companies face greater exposure to fraud, security breaches and the possibility of financial losses. When companies outsource, they are still responsible for protecting sensitive information belonging to customers and the company. Consider these tips:

checkbox Invite many vendors to participate in the request for proposals (RFP). Prepare an RFP that covers the majority of business concerns while setting expectations for the vendor from a legal perspective. The RFP often forms the basis of the contract. Vendors with the most flexible terms and highest desire will bubble up to the short list.

checkbox Prepare a detailed questionnaire to determine the level of sophistication of the vendor’s operations, policies and security. The responses can be a barometer of the vendor’s level of compliance with policies important to your company and can also be used as written representation of vendor abilities in the future event of a breach and/or legal action.

checkbox Review three years of the potential vendor’s audited financial statements, including the audit opinion and trends in profitability and cash flow. For software companies, review the level of research and development spending on products. Determine the vendor’s largest customers and solicit opinions from them on the company’s performance.

checkbox Ensure the contract terms are beneficial to your company. Often the vendor will produce the contract. Review it for penalties and termination clauses, warranties offered, and maintenance and annual increases required. Ensure that there is a return of confidential data at termination, remedy for breach, conversion assistance at termination, a right to audit, favorable payment terms, disaster recovery plans and test sites.

checkbox Make sure the contract prohibits assignment without permission and allows for escrow agreements and the avoidance of unfavorable evergreen (or automatic renewal) clauses. Service-level agreements should benefit your company and be measurable and enforceable.

checkbox Ensure you can protect sensitive information belonging to your customers or company. Obtain SysTrust reports, which attest to a system’s reliability and ability to operate without material error, flaw or failure, and type II SAS 70 reports and review the tests of controls.

checkbox Review perimeter controls and policies related to how the vendor restricts access through passwords, patching and encryption, as well as through segregation of duties. Ascertain the tools used to protect against viruses and detect intrusion to ensure they exist and are adequate. Review the mechanisms the vendor uses to protect itself when it engages third parties.

checkbox After selecting a vendor, track statistics on invoice disputes and errors to determine how effectively the recipient of the vendor’s services within your company is reviewing details on the invoices. If your in-house contact is doing his or her job, it is highly likely there will be invoice disputes. Publish those statistics within your company and identify vendors with persistent errors.

checkbox Review volumes and related statistics. Ensure that the company can validate invoice amounts using independent statistics that are internally generated. These amounts should be reconciled to the invoices, and differences should be resolved before payment.

checkbox Track vendor performance and compliance. Periodically solicit from the recipient of the vendor’s services an assessment of the vendor’s performance. Responses to these performance evaluations should stimulate discussions, and in some cases, new RFPs.

checkbox Maintain an inventory of contracts that includes the vendor’s certificate of insurance; initial contracts; current contract amendments and addendums; privacy protection forms; dates of notification, termination or renewals; and the total annual value of the contract.

Joseph P. Savidge, CPA,
is senior vice president of finance and
administration, technology and operations for
Webster Financial Corp., in Bristol, Conn.

SPONSORED REPORT

Revenue recognition: A complex effort

Implementing the new standard requires careful judgment. Learn how to make significant accounting judgments and document them and collaborate with peers for consistent application.

TECHNOLOGY Q&A

How to create maps in Excel 2016

Microsoft Excel 2016 has two new mapping capabilities. J. Carlton Collins, CPA, demonstrates how to make masterful 2D and 3D maps in Excel 2016.

QUIZ

News quiz: Economy and health care changes top CPAs’ list

CPA decision-makers’ economic outlook and the House Republicans’ proposed tax changes as part of replacing the Patient Protection and Affordable Care Act received attention recently. See how much you know with this short quiz.