IT vendor management

Information Technology Vendor Management is a sub-component of the Information Technology (IT) Resource Management dealing with the intelligent sourcing of IT goods (procurement) and services (contracting/consulting). Vendor management requires familiarity with business needs and transforming those needs to goods and services from qualified and accredited suppliers. It also involves the implementation of technologies, processes, policies and procedures that support the effective running of the sourcing process and function. In investing in vendor management, organisations would look for the best way to get value out of the investment. This is in addition to protecting the valuable corporate and customer data, reducing or eliminating disruptions in customer service and internal operations, as well as reacting quickly and effectively to issues that might arise in the process. These issues cannot be properly addressed without a properly maintained historical record of vendor services and critical events.

Understanding IT Procurement
IT goods and services today are purchased at a sub-component level. Increasingly, IT is being purchased as a solution which involves the bundling of these sub components. The IT Procurement is now moving to shared, managed and outsourced services.

The Chief Information Officer and the Chief Technology Officer have to consider a number of things when dealing with IT and IS procurement including:
 * The total cost of ownership which might influence the decision to lease or buy- major cost / investment implications
 * View of IT / IS in the business: Commodity vs. Solutions vs. Competitive edge view
 * Availability of IT / IS providers who meet the requirements of the business.

The are two main factors to consider in the procurement process:
 * Risk - The risk arises because of the complexity and configurations available for the IT resources, the impact of potential failure of an IS implementation as well as availability / reliability of suppliers.
 * Cost - the cost arises because of the scale of most IT / IS projects, the resource or capital constraints that most organisations face and the lack of quantifiable guaranteed benefits that could arise from an IS implementation.

All costs and risk factors must be considered carefully for any IS implementation and deployment to be effective and successful.

Supply base rationalisation
Structuring IT supply involves working more closely with suppliers / vendors to reduce cost and risk. Firms have very limited resources and therefore the design and structure of their vendor sourcing should be well thought through. In the current business environment, the nature of the inter-firm relationship is changing from relatively independent to relatively dependent. This calls for different measurements and management systems for effective and efficient working. Supply chain rationalisation means that firms are working with fewer suppliers to reduce cost.

Determinants of costs
Cost in the supply chain structure is determined by a number of factors:
 * Operational – running day to day operations. For example the cost of producing the purchase order, invoicing, etc.
 * Managerial – managing the relationship. For example problem solving, traveling to discuss issues with suppliers, quality workshops, etc.
 * Strategic – strategic risk. For example the ability of a supplier to act quickly and to adapt to the changing needs of customers. Is the supplier flexible and reliable. Does the supplier offer a consistent quality service / product at a competitive price.

Effects of Rationalisation
Rationalising the supply chain means that most of the cost and risk is transferred from the operational and managerial level to the strategic level. Costs at the strategic level are more subjective while costs at the operational level are more objective. The more subjective the costs, the more difficult they are to measure and therefore the less likely they are to be considered by the firm.

Rationalisation drivers
There are two dimensions to a firms rationalisation drivers:
 * Profit impact: Volume purchased / percentage of total purchased cost / impact on product quality or business growth
 * Supply risk: Availability / number of suppliers / competitive demand / make-or-buy opportunities / storage risks / substitution opportunities

Strategic vendor management
Strategic vendor management calls for the management of both the suppliers / vendors and the services they supply. It is aimed at consistent quality on time at the right price. The management process entails two main activities:
 * Adjusting underlying contracts with suppliers to the demands of the business
 * Managing relations with suppliers and their performance scope.

The process pays attention to all suppliers and contracts, in support of the services to be received by the client. The process should allow for and include the following aspects:
 * Input and maintenance of supplier policy - clarifies and governs
 * Maintenance of supplier and contract databases - allows statistical reporting
 * Categorizing of suppliers and contracts - classifies and groups for quicker decision making
 * Supplier and contracts risk assessment - minimizes or quantifies potential risks i.e. late deliveries
 * Evaluation of contracts and suppliers - determines preferred suppliers for specific areas
 * Developing, negotiating and approving contracts - puts service levels in place
 * Revising, renewing and terminating contracts - improves supply chain management.

The Supplier Management Life cycle
The supplier management life cycle has six steps.



Challenges and risks in vendor management
Vendor management requires well-defined service management processes on both the sourcing organisation's side and the side of the vendor. The relationship should be seen as that of mutual benefits to both organisations. The relationship should be sustainable. That is, both organisations should see each other as partners with clear roles and responsibilities for a common end goal. For this to happen, there needs to be clear and effective communication among all people involved in the process.

Challenges

 * Constantly changing business and IT requirements: The of change rate for both the IT requirements and the demands for IT in business is high. This requires an agile approach to dealing with IT vendors.
 * Existing imperfect contracts: Most IT contracts are negotiated by the Procurement Division. This often leads to imperfection in the drawing up of contracts.
 * Insufficient experience in the organization: There is limited experience of IT contracting in most organisations. This is evidence by the high number of vendor lock-in contracts that are difficult to come out of, and the over-reliance on consultants even when internal capabilities would have been more beneficial.
 * Tied in with long-term contracts: As in the insufficiency in internal experience above, some contracts are unnecessarily long and do not cater for the fast pace at which IT and IT requirements are changing. Firms find themselves with unusable technologies or IT contracts that are difficult to get out of.
 * Implementing vendor management systems: Implementation of vendor management system especially for IT goods and services is not easy due to the number of requirements, the rate of change of IT, and the people's attitudes and behaviours.

Dealing with the challenges
To deal with these challenges, organisations need:
 * Protection against poor supplies. Reports and trend identification is crucial in identifying poor supplies.
 * Services (and goals) adjusted to the requirements of the business. Flexibility is needed in this time of rapid change.
 * Clarity on suppliers and contracts. Key performance indicators will help to measure performance.  Monthly review gives a basis of continuous discussions to clarify different views of the contract.

Managerial risks

 * Lack of involvement by the business and senior management
 * Lack of information on future business goals and policies
 * Lack of resources or budget
 * Non-realistic contract agreements

Implementation risks

 * Lack of end to end process and tools which impair deployment of effective risk management
 * Diverse and uncoordinated efforts to address gaps in overall program management (for example, Information Security, Business Impact Analysis, Insurance, and Contingency Planning)
 * Unclear end to end ownership and exposure tolerance for key vendors
 * Lack of guidance on materiality criteria for vendors at business unit or company level

Risk mitigation

 * Performing due diligence
 * Eliciting and documenting all expectations
 * Assign roles and responsibilities to accountable executives
 * Communicate contract details to the teams in the contract implementation
 * Measure and monitor the important things in the contract
 * Verify and audit contract execution
 * Employ measures for fraud detection
 * Always exercise prudent business judgement

Supplier development
Supplier development is any effort of a buying firm with a supplier to increase its performance and/or capabilities and meet the buying firm’s short and/or long-term supply needs. This can be limited such as supplier evaluation and performance improvement requests. It can also be extensive which include training and investment in the supplier’s operations.



Improving supplier performance

 * Workflow simplification
 * Layout changes and optimization
 * Set-up time reduction
 * Share information internally
 * Communicate information to suppliers and take action
 * Establish processes to evaluate and track performance
 * Build Scorecards around business goals and objectives

Supplier capability development
Cons
 * 1) Buyer attempts to transfer its own in-house capabilities across firm boundaries and into the supplier.
 * 2) More problematic to achieve.
 * 3) One of the key challenges is managing the transition out of the supplier’s organization.
 * Large commitments of time and resources are required by the buyer
 * Results may not come quickly and there is danger of frustration.

Supplier development strategies

 * Keep the vendor under competitive pressure by regularly reviewing contracts. Having a standard retendering of the service 3 - 5 yearly will keep the vendors on market value and operational standard.
 * Put processes in place to evaluate systems and certification systems
 * Incentives can be given if targets are met or exceeded to motivate the provider.
 * Direct involvement is the most effective strategy, as the company will understand the gaps and possibilities of the vendor.
 * Capital and equipment investments in suppliers are needed to ensure that have the tools to perform.
 * Partial acquisition of the supplier firm is similar to the direct involvement but has more risks and is also not part of the core business of the company.
 * Investment of human capital and organizational resources as, particular with the IT processes it is important to involve people to make the service provided successful.

Tools Overview
There are essential tools that the person responsible for vendor management within an organisation should have. This section looks at some of the tools. Together, these tools forms a vendor management toolkit. These tools include:
 * Vendor Management Policy
 * Annual review checklist
 * Critical Statistics
 * Vendor Contract and SLA
 * Vendor Management Records
 * Open and Resolved Issues List
 * Vendor financial and third party review reports.

Vendor Management Policy
Describes the organizations beliefs, objectives, and general procedures related to vendor management / service provider oversight
 * Some of the key points to include in the vendor management policy include:
 * Required / recommended vendors
 * Assignment of responsibilities
 * Accountability
 * Key performance indicators should form the basis of monthly and annual reviews.

The Annual Checklist
Standard list of actions to perform annually:
 * Researching
 * Requesting, reviewing and updating information
 * Recording and reporting results.

Vendor Questionnaire/Request List
Standard list of items to be provided by your vendor on an annual basis. You feel like an auditor, and essentially you are. If possible, have an obligation to provide this information written in as part of the contract.

Critical Statistics
Information which is critical to the identification, classification and communication of and with vendors.
 * Contact Information of account personnel
 * Contact Information of support personnel
 * Any support ID’s, account processes
 * Who is authorized to request changes
 * Key contract dates
 * Payment details.
 * Payment terms

Vendor Contract and SLA
Determining and putting in writing the requirements and the service levels of vendors and agreeing to this bi way of signatures of both parties.
 * Outlines the services provided and expectations of each entity
 * Outlines recourse for resolving issues
 * Where is the vendor contract stored
 * Contract termination date
 * Date or period of notice prior to renewal or termination
 * Insurance coverage of the carrier
 * Privacy and other regulatory expectations
 * Outlines penalties for breach of contract
 * Clear scope & out of scope definition

Vendor Management Records
Records and reports of previous vendor management activities for this vendor should be used:
 * To identify trends
 * As a reminder of concerns from prior reviews and establish if these have been resolved.

One would expect vendor management to improve the service, particularly in IT. With recording activities one can correlate with previous months and years to see how the service improved or not. Trends can be identified by measuring support calls, type of calls logged, general hardware performance etc. Identifying trends will assist to improve service delivery and how to will focus the company on what rectifying activities will be needed to improve IT and IS usage

Records can be used to identify what solutions were used before for specific problems and if they were successful or not.

Open and Resolved Issues List
Used to evaluate vendor performance and services.
 * How are requests or issues with the vendor tracked and monitored
 * Review of resolved issues
 * Appropriate, critical and acceptable resolutions
 * Any trends observed over a certain time frame
 * Review of open issues
 * How long issues remained open
 * Appropriate response and current criticality