“It never ceases to amaze me that companies spend millions to attract new customers (people they don’t know) and spend next to nothing to keep the ones they’ve got! Seems to me the budgets should be reversed!” – Tom Peters, Speaker and Author***
How would you feel if you spent five years…ten years building up your organization’s success only to have an outside company come in to provide services to your internal customers – your staff, your partners, your members; or your external customers – the community, visitors, your patrons – and that outside company, a third party vendor, comes in and treats your customers like enemies of the state? They talk down to them. They don’t honor their needs or requests. They operate in a way that contradicts your mission, your vision or your stated values.
Doing Great Business Means Monitoring Third Party Vendors
There is a well-known adage, “take the bull by the horns,” which is more than appropriate here. It means to deal with a situation assertively, directly and confidently. Waiting until it passes or until someone else takes care of it could mean the death of a perfectly viable organization.
Leading others in business, in houses of worship and anywhere else means keeping our eyes open to every aspect of the work we do. If we serve as the owner, the CEO, the Pastor or even a mid-level or entry level leader, we have to be aware of what is happening within our scope of responsibility and/or the scope of responsibilities of others around us. While I am not suggesting we stick our noses in where it doesn’t belong, I am suggesting we be aware of the risks that are brewing around us and be willing to step up and act or bring it to the attention of those who need to act. This helps avoid jeopardizing the success of the organizations we represent… or love.
Understanding the Role of a Third Party Vendor
A third party vendor is an individual or company that provides services for another company or their customers with or without a written contract to do so. Examples of a third party vendor include contractors, benefit providers, temporary employment agencies etc. Any individual or business that accesses and processes a company’s data is also considered a third-party vendor. This includes consultants, accountants, cloud-based service providers, email list services and more.
The role of outside vendors is to perform a service or provide products that make us more viable and position us for greater success. They should therefore be held to the same standard of excellence as anyone else and closely monitored as they may have less to lose and more to gain. Consider the following four insights to help understand how to take the bull by the horns and effectively monitor the third party vendors we engage with.
1. Know your Vendors
Who are we working with and how do they perform and manage that work? It is rare that an organization, large or small, non-profit or for profit, religious or non-sectarian, functions without the assistance of other businesses. Far-fetched as it may sound, there are times that we as leaders, business owners or CEO’s are unaware of all the third party vendors working on our behalves. Leaders at differing levels of the organization may have little or no involvement in the evaluation or selection of those vendors.
For example, I was once given leadership responsibility over a highly accessed service in an organization. Early in the process of leading this work, I was informed of a growing concern by someone within the service area. There were a number of third party vendors who would help themselves to opportunities to serve clients on our behalf. Due to the size and multitude of players involved in each situation, it was difficult to govern these unsolicited vendors. They would come into the organization, hang around in a particular area and wait until a need occurred. When the need arose they would offer their services. Unsuspecting employees would gladly extend the opportunity to them to serve and the vendor would then submit a bill for services rendered to that area’s leaders, who would then pay the bill! My reaction, as you might assume, was: “Wait! What?!”
The service level not to mention the liability of such practices was bad enough but think of the reality that these are un-vetted vendors, making money using our clients and we don’t have a paper trail on these people. Who are they? Are they a legitimate business? What credentials do they hold? Are they qualified to render services?
You might say, that was just one organization. OK, I can think of instances in which at least three other organizations I was a part of had third parties performing work for them and most individuals within those organizations had little or no knowledge of these vendors or their qualifications. Someone obviously made the decision but at what level of concern for risk management or customer care? Know your vendors!
2. Know Your Vendors’ Capabilities
Based upon what’s been said up to this point, we should obviously ensure that vendors have our best interests at heart as conveyed in their policies and procedures and a signed contract including what the vendor promises to deliver. Among those documents, one should be able to easily identify clear qualifications and proven capabilities that the vendor can and can bring to our organization.
If we employ the services of a much needed IT professional for example, we would be negligent to allow that person to have access and control of our computer hardware and software applications if we haven’t checked their credentials. Imagine the damage that can be done if they have no IT background or they haven’t touched a computer in the last 10 years!
The key questions and documentation we have to pursue is, “What are they able to do for our organization and how can they prove it?” Once complete, do not forsake the value of references and reviews. Even with the right credentials, a vendor may still provide poor services. These are not individuals or businesses we want representing our organization. If we value our internal customers, they should too. If we value our external customers, they should too. If we value our reputation, they should too. If we value diversity and inclusion, they should too! Know your vendors’ capabilities!
3. Know the Vendors’ Possible Limitations
Credentials are important when vetting potential vendors. As much as we may want to give business to friends, family and other known entities, we must consider what is best for the organization, while also honoring we say we value. There is probably room for a variety of representation, including friends or family who provide goods and services but also others who represent things we value and hold dear i.e. woman-owned, minority-owned, veteran-owned businesses.
Once we begin entertaining possible vendors from any of the above, we still have to do our due diligence, meaning taking the necessary steps to reasonably ensure that other people and property are not harmed as a result of our choices. Some might call it dotting our I’s and crossing our T’s. This calls for knowing what is required for health, safety and protection of people and property, knowing certification, experience and educational requirements, and knowing the history of those we are evaluating. In “Knowing the Vendors’ Capabilities,” we checked the references and reviews, so now we look at all of it together and determine possible risks. What are they lacking? What risk do their limitations pose for the business, for the customer, for the public? Having addressed each of these areas and answered all the questions, we make a decision on how the limitations might impact us and whether it is worth it.
It’s not as easy as it sounds, as it might mean getting rid of a long-time business partnership that no longer measures up to scrutiny… scrutiny that may not have previously existed. It might also mean that vendor can continue to work with us but only if they step it up and meet the new or existing requirements. There is the dreaded possibility that they do not care one bit if our business is successful. They may only be concerned with the success of their own business. The longer we turn our heads and ignore their short-comings, the longer they may continue offering us a risk we say we didn’t see coming. Know the Vendors Possible Limitations!
4. Mitigate Potential Risks Before They Happen
When I was faced with confronting vendors who were taking liberties within the area I was given, my first order of business was to find out who these people were and whether or not any of them were people we would normally choose to work with. I wanted to know their credentials, whether they were legitimate businesses, what documentation we had on record about them and how they came to prey on our clients in the first place. Once that was determined, I wanted to know who the legitimate vendors were and how the two groups compared. Needless to say, the illegitimate vendors were, in my opinion, not worth the risk. If they come in the door in a shady way, they probably are shady. There were stories that confirmed this suspicion, so we acted accordingly. I didn’t want anyone on board that did not meet specific requirements. So I made sure we documented what those requirements were. This was more than a notion but once it was complete, the clients were better served, I was more comfortable and the entire organization had been made aware of the do’s and don’ts and the rights and wrongs of working with this service.
Step One
The first step was to develop meaningful policies and procedures so all expectations were documented and distributed to all areas that utilized these services. This required both research and benchmarking to identify best practice and determine what fit with our organization.
One of these policies was that of requesting services. The process of requesting, utilizing and paying for said services was a decentralized process and could be authorized by any number of managers and staff. While payment was either rendered by the authorizing manager or paid by my department if we initiated the use of a vendor, all payments were ultimately attributed to my scope of responsibility! So even though payment may or may not have come out of my budget, the cost was still ultimately attributed to my area of service. I was not comfortable being held responsible for something or someone that I could not substantiate and did not authorize. Clearly, this was how unauthorized vendors were sliding in and getting paid! So the process was centralized and no request honored or executed outside of those who were managing the process!
Step Two
The second step, was to develop a documented process for obtaining the service and centralizing that process so every request came through my area where we could monitor and evaluate services. This would enable us to identify strengths and weaknesses and catch any potential problems that could arise from vendors or services provided in-house.
Step Three
The third step was to review the credentials and qualifications of everyone we utilized to provide the service to our clients and develop ways to assess individuals and ensure a standard of qualifications was established and communicated to those individuals.
Step Four
The fourth step was to conduct a massive communication campaign to every person in the organization who might request or use the services or who managed people who requested or used the services. Part of the communication strategy included sharing non-negotiable education and experience requirements for anyone providing the service and the ramifications for not adhering to those requirements. This of course, including education on the risk it presented to staff and clients should mistakes occur as a result of using unqualified individuals. Mitigate Potential Risks Before They Happen!
Closing Thoughts
As I write all of this and review it, everything that I’ve said thus far could also apply to staff (employees and leaders) and their advancement. Know your Vendors (staff), Know Your Vendors’ (staff’s) Capabilities, Know the Vendors’ (staff’s) Possible Limitations and Mitigate Potential Risks Before They Happen.
How would you feel if you spent five years…ten years building your organization’s success only to have an outside company come in to provide services to your internal and external customers and that outside company, a third party vendor, treats your customers like enemies of the state? They operate in a way that contradicts your mission, your vision or your stated values. I’ll tell you what you would do and what you should do. You should treat them the same way you would treat an employee or a leader that is not meeting documented expectations… you would put them on notice and if there’s no improvement… you’d let them go!