Due Diligence and Ongoing Monitoring

 View Only
Venminder Venmonitor
Back to discussions
Expand all | Collapse all

Vendor Review Frequency

  • 1.  Vendor Review Frequency

    Posted 01-01-2020 07:41 PM
    ​Hi All,

    We are currently discussing the frequency of our annual vendor review project. Our current process is to review all designated critical and high risk vendors annually at a point in time, typically in the spring. As our vendor volume has grown, this is causing us to re-evaluate the frequency due to level of documentation and time it's taking to complete. I'm curious as to how others are managing this process? For the vendors you review annually, do you review a certain number of vendors monthly or quarterly, or do you review them all at once?

    Appreciate your thoughts!
    Colleen


  • 2.  RE: Vendor Review Frequency

    Posted 01-02-2020 07:29 AM
    ​Hi Colleen and Happy New Year!

    Each October we pull the calendar of Vendors in scope for the following year and we spread them out over the course of the year. The goal is to have all critical vendors completed by September (it isn't always possible).  Each of my staff is assigned a portfolio of vendors that are critical, medium risk, and low risk throughout the year.
     I hope that helps!

    ------------------------------
    Jenn Wilkinson
    Vice President
    Strategic Vendor Management


    Original Message


  • 3.  RE: Vendor Review Frequency

    Posted 01-02-2020 08:50 AM
    Hello Colleen:
    I am new to the thread and vendor due diligence as I have only two years in the field but will share my experience.  In my role as a Sourcing Manager at a major big pharma company, vendor due diligence activities were conducted in an on-going fashion.  There were about 9 different assessments needed for each vendor and they each came due at a different point in time due to the results of the individual assessments.  If a Financial Analysis, for example, came back as High Risk, there would need to be a recheck at six months as opposed to a low-risk rating which would need to reoccur in a year.  Given the different risk ratings that could arise, the due diligence checks were (as mentioned) done continuously.  I was surprised it was all tracked manually.  It was a lot of work in my opinion.  Hence my interest in Venminder and other companies. 
    I learned that other big pharma companies were considering reducing their vendor pool due to the extent of the due diligence compliance checks needed.

    ------------------------------
    Kevin O'Brien
    Sourcing & Procurement Professional, Pharmaceuticals
    ------------------------------

    Original Message


  • 4.  RE: Vendor Review Frequency

    Posted 01-03-2020 09:25 AM
    ​Our small community bank has a Risk Management Team that meets monthly. Our vendors are currently reviewed 6 months prior to the vendor's contract renewal date (this is to ensure a timely review prior to the contract's term notice requirements). Only our Tier 1 High Risk vendors and Tier 2 High Risk vendors receive a full vendor due diligence evaluation to include COI, Financials, BCP, DR, SOCs, Security & Privacy review. Tier 2 Medium and Low, Tier 3, Tier 4, Tier 5, Tier 6 vendors are reviewed at their contract renewal date, but mostly through a risk assessment and vendor/product/service performance, their stability and controls, contract review, etc. Since they are not deemed critical, the vendor review is less. My program has a total of 109 vendors, 25 of which are considered critical-high risk, so reviewing them monthly according to their contract renewal date means we are reviewing less than 5 critical vendors a month annually.

    ------------------------------
    Joni D
    ------------------------------

    Original Message


  • 5.  RE: Vendor Review Frequency

    Posted 01-03-2020 10:03 AM
    ​Thanks for sharing!  I'm curious:  for your non-high risk vendors who, from what you've shared, are reviewed at their contract renewal dates:  how do you handle vendors with contracts that may auto-renew annually?

    Rosalie Stremple
    Westfield Bank (Ohio)
    Original Message


  • 6.  RE: Vendor Review Frequency

    Posted 01-03-2020 10:13 AM

    Even if the contract is set for annual auto-renew, we maintain the same review schedule and review the vendor 6 months prior to the auto renewal date (additionally, the contract term requirements of 30, 60, 90, 120 days written notice is taken into consideration). This helps me know that we are still reviewing them, and if there is an issue with their performance or anything else, we will be on top of meeting the termination requirement if we decide we want to end the relationship. Does that make sense?



    ------------------------------
    Joni D
    ------------------------------

    Original Message


  • 7.  RE: Vendor Review Frequency

    This message was posted by a user wishing to remain anonymous
    Posted 01-02-2020 08:15 AM
    This message was posted by a user wishing to remain anonymous

    We have been completing all critical vendor reviews at the same each year as well, typically targeting for the August time frame for completion so we can provide the review to the Board of Directors by September or October. Unfortunately other things come up and this important project gets pushed back and then we feel as if we are scrambling to complete. We are looking at spreading out over several months and hope to accomplish this in 2020.

    Thank you.
    Original Message


  • 8.  RE: Vendor Review Frequency

    This message was posted by a user wishing to remain anonymous
    Posted 01-02-2020 09:01 AM
    This message was posted by a user wishing to remain anonymous

    We have several hundred high and critical vendors, so managing the review schedule is a huge challenge for us currently.
    Original Message


  • 9.  RE: Vendor Review Frequency

    Posted 01-02-2020 08:17 AM
    We do it the same was as Jenn. Each October the "window" for annual reviews opens up, and we aim to get them all done by the following September.


    One thing I'd suggest, if you feel that the volume of critical/high-risk vendors is getting to be too much, is to re-evaluate your criteria for how you are classifying your vendors. You may have some marked as critical or high-risk that really shouldn't be.
    Original Message


  • 10.  RE: Vendor Review Frequency

    Posted 01-02-2020 09:02 AM

     

    In our program, ideally, re-assessment timing through the year is driven largely by contract anniversary date.  In practice, the re-assessment calculator relies on Last Completion date. The system allows for a manual over-ride of the due date which we use to correct for material differences with anniversary date and last completion date, adjust for SOC completion timing, or to provide load-balance in the schedule.

     

     

     

     

    Greg Schmeisser

    Corporate Contract & Procurement Director

     



    Original Message


  • 11.  RE: Vendor Review Frequency

    This message was posted by a user wishing to remain anonymous
    Posted 01-02-2020 09:16 AM
    This message was posted by a user wishing to remain anonymous

    We do a round each quarter, typically by region so each vendor is reviewed annually, but not all at once.
    Original Message


  • 12.  RE: Vendor Review Frequency

    Posted 01-02-2020 09:49 AM
    At the beginning of each year, we run some reports to identify vendors that will be due a review in current year.  The total number normally does  include a mix of  Critical  (yearly review), Highly significant (bi-annual review) , Significant (every 3 years) and Minor (every 5 years) vendors. Once the total number of reviews has been determined, we then divide them up in the 4 quarters.  This is just for convenience and so as not to overburden vendor owners and SME's involved in the reviews.
    Original Message