Vetting a Vendor: Questions to Ask Before Making an Investment


Editor's note: Also read "Cloud Computing: What Accountants Need to Know" in the October 2010 issue of the JofA.


Ample research must be done before selecting any vendor, but specific areas should be addressed when choosing to move your data to the cloud. The following are some questions to ask a potential provider and other considerations. Note that some of the information can be checked or reviewed in the service-level agreements or contracts.



Analyze costs carefully. While most vendors offer pay-as-you-go pricing, an annual contract is often required. What is the minimum length of the contract for services? Are there termination fees? Yearly price increases? What happens if you want to add more users or reduce the number of users to the contract?


What are cost estimates for a single user vs. five, dozens, hundreds or thousands (bulk discounts are typically available and usually are not advertised)? Is technical support provided free of charge? Are there early cancellation fees? Charges for upgrades? If the vendor raises its fees, are you locked in to the original price? What additional costs may be incurred beyond routine contractual expenses? Is there a fee to transfer data from another vendor’s application? Is there a fee to transfer your data from the vendor at the end of a contract? Is a free trial available?



Analyze performance. What percentage of the time is the data available (uptime)? What is its anticipated scheduled downtime, and how does the vendor notify customers about when it is taking place? Check its reliability statistics. You should be looking for one that is in the 99% or better range. These days it is not uncommon to see 99.999%.


Are there any guarantees for availability or credit for not meeting agreed-upon performance levels? How fast is the response time? What performance issues (if any) exist? How often are upgrades provided and what kind of advance notice and/or training is provided? Can customers control when and whether to turn those upgrades on?


How often is maintenance performed? What happens in the event of a power outage? Is there a disaster recovery plan in case the service’s infrastructure is disabled or destroyed? How fast is disaster recovery? Verify that a full daily backup of data is performed at minimum and that a redundant backup center exists in one or more locations (preferably in different states in case of a natural disaster such as a hurricane or earthquake).



Your company’s critical data is being stored with a third party outside your office walls. Controls need to be in place for transmitting data to the provider securely over the Internet. Are controls in place for storing data, such as encryption? Is a strong user-authentication system in place? Has the provider had an SOC 2 and/or SOC 3 engagement performed on its data center to verify it has proper controls in place? Ask for a copy of the report and a copy of the vendor’s privacy policy. Also inquire as to how security breaches are handled, including specifically how soon customers are notified.



What technical support is available? Is there 24/7 live human support? Does the vendor offer assistance in making the transition (for example, data format conversion) from your current system to theirs? Upon termination of services—when the vendor no longer serves your company—what process will the vendor follow to return your company’s data to you? Is the vendor willing to meet with and demonstrate its applications to decision makers in your company?


Integration and Development

Ease of integration is an important factor to consider when making technology purchasing decisions. While some Web-based applications can easily build upon one another and seamlessly transfer and share data, that is not always the case. Evaluate how well the application integrates with your existing ones (both in the cloud and on-premise).


Some vendors offer application program interfaces (APIs) for your software developers (if you have any). This allows your developers to write custom applications that are hosted by the vendor and also allows developers to integrate those products with on-premise or other Web-based applications. The vendors may also allow for the sharing of applications between customers through an online shopping mall of sorts.


—By James F. Leon, CPA, Ed.D., visiting assistant professor, Department of Computer Science, Northern Illinois University.


More from the JofA:


 Find us on Facebook      Follow us on Twitter


Where to find August’s flipbook issue

The Journal of Accountancy is now completely digital. 





Better decision-making with data analytics

Data analytics has become a hot topic, but many organizations have not yet managed to understand its potential, let alone put it to work. This report will take a deep-dive on how to best introduce or enhance the use of data in decision-making.