Detailed tracking processes and software help credit unions manage risk and stay compliant.
It’s 2019, and your credit union’s procedures and policies are more important than ever to ensure security compliance and meet industry standards. As a vendor or procurement manager, your department may face the challenge of improving your organization’s technology vendor and supplier management best practices and procedures.
Regulatory Challenges and Resources
The pressure of adhering to vendor management industry best practices stems from many areas. Fraud is a big concern within supplier management, and such corruption as kickbacks and bribes are a significant risk. Ensuring that your organization is using the best value supplier and products can also be difficult—working with weak or underperforming vendors is another ongoing risk.
To provide guidance on better vendor management and financial control, many federal, state and local government agencies have published procedures and policies for fair vendor management and procurement. For example, the United States Government Accountability Office recently issued updated guidance and improvement practices. The Office of the Comptroller General of the United States also issued guidance for management to implement controls for oversight and establish internal control standards in the Standards for Internal Control in the Federal Government in September 2014. The publication discusses establishing an effective internal control system that includes risk assessment, monitoring and reporting processes. When applied to third parties, these control processes aim to prevent such issues as unauthorized modifications to software or accepting inaccurate or fraudulent information from vendors.
A Better Way to Manage Vendors
CobbleStone Software has outlined some key steps to help credit unions get started improving their vendor and supplier management processes, including regulatory reporting. Here are 10 best practices that, when implemented conjunction with a vendor management software solution, can help establish better governance over vendor management:
- Manage vendor/supplier contact details: Implement a system to track such vendor/supplier details as names, addresses, tax/EIN numbers, D&B numbers (also known as D-U-N-S or Dun & Bradstreet ID number—a unique nine-digit identification number assigned to business organizations of all types globally) and periods of performance (the timeframe in which the vendor agrees to fulfill their agreement). Provide vendor management sign-up forms to easily collect supplier data and onboard new vendors online.
- Track vendor performance: Track each vendor’s stability, revenue, employees, services, performance scores and value of contracts.
- Track vendor qualifications: Track vendor certificates, licenses, training, insurance, security classifications and services/products supplied.
- Routinely rate vendor risk: Rate risk for performance, quality, financials, data exposure, service and security.
- Track DBE and minority goals: Track minority and disadvantaged business enterprise participation, percentages and amounts, as this is required for many large companies and organizations utilizing government, state or public funds.
- Track insurance details: Track policy numbers, coverage dates and limits by coverage line.
- Analyze historical data: Perform routine audits, assessments and past performance reviews via internal and external surveys.
- Set up automated alerts: Schedule approval alerts, to notify the procurement team when a contract has been sent for approval, when approval is received, and when the contract is expiring, and monitoring alerts, to proactively check contract status without manual contract tracking, during new vendor onboarding.
- Create reports: Create reports for minority reporting, audits and vendor reviews.
- Communicate: Provide better communication with your vendors via a secure vendor/supplier portal.
As your vendor management program matures, you may also consider implementing a robust software solution to help with electronic requisitions, e-procurement, online bidding and sourcing, RFx (request for proposal, request for information, request for quote and request for bid) management and integrated contract management.
Although this article is not a comprehensive guide for every organization’s vendor management process, by implementing some of these best practices assisted by vendor management software, you can become a vendor/supplier champion at your organization. As always, check your state laws and regulations and seek legal advice to ensure compliance with applicable laws and regulations.
Mark Nastasi is EVP and founder of CUES Supplier member CobbleStone Software, Lindenwold, New Jersey, and created one of the first commercial, off-the-shelf contract management software solutions.