Vendor

Article Dean Dorton

Does your company rely on multiple third party vendors to achieve maximum efficiency in its day-to-day operations? How would you rate your company’s diligence in accepting and monitoring your third party vendors?

Dean Dorton can assess your risks around third party vendor management. One recent client project identified substantial overspending, which was corrected with significant savings. We’ve found that all companies should rate their vendors to allow for appropriate monitoring programs, as well as employ data analytics to monitor third party performance.

Fundamental vendor questions that your company should address

  1. Have the key vendors been identified?
  2. Does a complete inventory of all third party agreements exist?
  3. Are the key terms of each third party agreement being followed?
  4. Does an internal contact person exist for each agreement?
  5. How often does the contact person visit the third party?
  6. Has management reviewed the vendor master file and updatedit  accordingly?
  7. Does a vendor acceptance policy exist and is it being followed?
  8. Do any of the third parties have access to the company’s network?
  9. Do any of the third parties spend time on company property?
  10. Do any vendors have access to company systems?

Common outsourced business operations that increase risk

  • Billing
  • Payroll and employee benefits
  • Legal support
  • Call center operations
  • Data center
  • Cloud services
  • Email
  • Software or hardware partners
  • Offshore manufacturing
  • Offsite storage
  • Software development

Benefits of an active vendor management program

  1. Regulatory compliance
  2. Safeguarding of data
  3. Adherence to contract terms
  4. Timely identification of potential conflicts of interest
  5. Effective bidding
  6. Fraud reduction
  7. Protect reputation
  8. Accountability
  9. Effective use of data analytics to identify trends and help with vendor selection
  10. Identify opportunities to consolidate vendors
  11. Procurement cost reductions
  12. Enhanced vendor performance by the regular reviews

 

Please contact Bill Kohm at bkohm@deandorton.com if you would like to establish a VMP.

Article Dean Dorton

The U.S. and international economies are becoming more competitive every day. Many of us are competing for the same workforce; for others it may be the same customer, but we have to ensure that we continue to respond to the rapidly changing environment in which we operate. Ten years ago, did you ever worry about cybersecurity?

These are a few of the reasons – it is critical to analyze your business risks at least annually. We recommend formally documenting your key risks along with how you are responding to those risks. This can be a very helpful exercise when strategizing how you should be spending your most valuable resources (your people). Below are a few of the key risks that you may want to monitor in 2016.

5 Key Risks Companies Should Monitor in 2016
Plan now to address employment, inflation, currency, cybersecurity and vendor risks

By: Joe Brusuelas and Rob Kastenschmidt of RSM US LLP

The U.S. economy continues its slow but steady improvement. While growth slowed to 0.6 percent in the first quarter of 2015, it rebounded to 3.9 percent in the second quarter, and we expect growth for the year of about 2.2 percent. Unemployment dropped to 5.4 percent by the second quarter and was down to 5 percent by November. Consumer demand, especially for services and autos, is strong; the housing market continues to improve; and energy and commodity costs remain low.

But the international picture is less sunny. While we expect global growth of about 3 percent in 2015, with a slight uptick next year, a variety of issues are affecting international economies. Growth in China continues to slow as it seeks to rebalance its economy from an export-oriented model to a growth model driven by internal consumption. While the long-term outlook for China is positive, its current slowing growth and the related reduction in demand for resources is adversely affecting many emerging economies. The already uncertain economic picture in Europe is being further stressed by the massive influx of refugees from the Middle East. All of this means lower international demand for U.S. goods and services. It also is leading to a divergence in monetary policy between the U.S. and other economies. In the U.S., the Federal Reserve will likely increase the federal funds rate by 25 basis points in December 2015 followed by another 50 to 70 basis points by mid-2016, while central banks in Europe, Japan and possibly even China are pushing rates toward zero.

What does all this mean for U.S. companies? For 2016, this means you should monitor and be prepared to respond to three key economic risks: a tightening domestic labor market, inflation and the challenges presented by a strengthening dollar. In addition, cybersecurity risks continue to increase and diversify, requiring heightened attention, and the increasing reliance of many companies on third parties raises new risk management issues.

1. Plan for a tighter labor market

An unemployment rate of 5 percent doesn’t tell the whole story. The number of unemployed persons per job opening is down to 1.44 from a peak of almost 7 in 2010. Not only is the overall unemployment rate down, we are also finally seeing stronger growth in higher-wage jobs. Since January 2014, the U.S. has added 2.4 million high-wage jobs compared to 2.3 million lower-wage jobs. While this is helping boost consumer confidence and demand, it also means U.S. employers need to plan for a tighter labor market. The risks of a tighter labor market? Increased labor costs, higher attrition and stronger competition for top talent. To offset these risks, employers should consider the following strategies:

  • Explore automation strategies. Now may be the time to investigate whether the expense of improved automation might be offset by savings in labor costs.
  • Consider offshoring, outsourcing and contractor services. With the U.S. economy outperforming its global peers, offshoring certain functions may offer improved returns given continued low labor costs overseas. Outsourcing non-core functions or increasing reliance on contractors is another way to manage labor costs and can have the added benefit of reducing administrative demands and benefit expenses.
  • Re-evaluate compensation programs. Competition for top performers is heating up. Take a look at your compensation practices to ensure that you are effectively rewarding and motivating your best people. This will also make you more attractive to the candidates you wish to hire.
  • Improve your recruiting practices. LinkedIn and other social media platforms are far more important now than they were prior to the economic crisis, but can’t be relied upon as the sole way of identifying potential candidates. Are your talent identification and recruiting practices keeping up?

2. Manage inflation

  • Inflation is still near historic lows and deflation continues for energy and commodities. But energy and commodity costs are likely at or near their floors, and the Fed is almost certain to start raising rates soon. According to RSM’s Middle Market Leadership Council survey, 67 percent of executives expect increases in their costs over the next six months, compared to just 54 percent in the second quarter. What to do?
  • Focus on efficiency and cost-cutting programs. Decreased costs during the crisis and recession diverted attention from these efforts at many companies. Now is the time to increase discipline.
  • Explore hedging strategies.
  • Shift your purchasing patterns and explore supply chain changes. Global economic conditions are uneven. Weaker economic conditions in other markets may present purchasing opportunities.
  • Audit vendors and monitor margin compression at key customers. Now is the time to reevaluate your vendor relationships to ensure they are delivering real value. And keep an eye on how inflation is affecting margins with your key customers so you can make appropriate pricing and relationship management decisions.

3. Minimize the risks and maximize the benefits of a stronger dollar

  • The U.S. economy is outperforming its global peers. Higher U.S. Treasury rates are spurring an influx of foreign capital and strengthening the dollar. For middle-market companies, this is a double-edged sword. It makes U.S. exports more expensive and diminishes the value of foreign earnings denominated in U.S. dollars. But it also drives down the cost of off-shore sourcing options and can create international acquisition opportunities.
  • Look for global supply chain opportunities. Take advantage of the strong dollar by finding offshore sourcing options.
  • Consider global hedging options to control risks and costs.
  • Consider international expansion opportunities. If expanding through acquisition in new global markets is part of your corporate strategy, the strong dollar could mean a better deal.

4. Increase attention to cybersecurity

No organization can afford lax cybersecurity controls. Many companies think they aren’t large enough to attract the attention of cyber criminals, but the NetDiligence® 2015 Cyber Claims Study shows nano organizations and small organizations actually experienced the most incidents, with 29 percent coming from each of those groups. Your best defense? Make sure you have three layers of cybersecurity controls—preventative controls that make you a hard target, detective controls to timely identify any breach and corrective controls that let you respond quickly and appropriately to intrusions.

  • Preventative controls. Your preventative controls should include a vulnerability assessment, patch management, strong access and authentication controls, a solid intrusion prevention system (IPS), configuration management, and up-to-date anti-virus protection.
  • Detective controls. Most companies choose either to outsource detection controls to a Managed Security Service Provider (MSSP) or to purchase a Security Information and Event Management (SIEM) product. Weigh that choice carefully and be sure the solution you choose is appropriate to your threat environment and internal capabilities. A strong intrusion detection system is also vital, along with compliance and operational monitoring, and anti-virus and network alerts.
  • Corrective controls. Effective corrective controls start with a robust incident response plan. You will also want strong forensic capabilities; anti-virus quarantine and isolation protocols; disaster recovery and business continuity plans; and administrative, legal and insurance protections.

5. Control your third-party risks

Corporate boundaries are getting fuzzier as businesses of all kinds explore a wide range of third-party relationships that allow them to focus on their core business while leveraging outside expertise in areas like logistics, technology and a variety of other specialized functions. That creates efficiencies that drive growth, but it also gives rise to a wide range of new risk issues. Your ability to execute your strategy now hinges partly on the performance of third parties. You could face liabilities stemming from non-performance by your vendors. Connections between your systems and those of your vendors create new security risks. And the web of social media and other connections between you and your vendors can expose your organization to reputational risk due to the failings of third parties. Here are six third-party risk questions to consider in 2016:

  • Do you know where all your contracts are located? Are they stored electronically?
  • Do you understand and are you fulfilling all of your contractual responsibilities?
  • Have your contracts been updated to reflect new regulations for privacy and data security?
  • Are you adequately monitoring the IT risks associated with your third parties?
  • Is the insurance coverage maintained by your third parties sufficient to cover losses in the event of a data breach?
  • Are your audits of the contract performance and related invoices sufficient to ensure alignment with acceptable risk levels directed by your senior management and board of directors?

If you have any questions about the key risks above or how to perform your own formal risk assessment, please contact:
Lance Mann: lmann@deandorton.com or 502.566.1005
Jim Tencza: jtencza@deandorton.com or 502.5661071

View Lance Mann’s Bio

View Jim Tencza’s Bio