Skip to content

Does Santa have good vendor risk management?

Following last year’s sleigh ride through operational resilience, Santa’s Chief Operating Officer Mrs Claus realised how many processes and resources were supported by vendors. While Santa set some of those arrangements with a wink and a nod, Mrs Claus knew this wasn’t going to cut it – they needed to follow a vendor risk management (VRM) lifecycle.

Here is what she scribbled on the back of the naughty and nice list:


Shortly after tallying up an inventory of existing vendors, disaster struck. The company which owned the primary and secondary sleigh, as well as maintaining service crews around the world, went bankrupt. Not only that, both sleighs were impounded.

It was time to put her VRM process through the wringer while sourcing a suitable replacement.

Subscribe to our knowledge hub to get practical resources, eBooks, webinar invites and more showing the latest developments in risk, resilience and compliance, direct to your inbox:

Subscribe now

Tiering the vendors: sleigh supplier stratification

Mrs Claus, taking charge, knew that identifying the right vendor for their Sleigh as a Service (SaaS) model was crucial. She categorised the sleigh providers as Tier 1 vendors due to their critical role in Christmas operations. This tiering guided the level of scrutiny and due diligence required to ensure a vendor could meet the North Pole’s high standards, not just the lowest bidder (or whoever slips Santa a sherry).

Due diligence: making a list, checking it twice

Mrs Claus, leveraging her automated VRM platform, initiated an extensive due diligence process. Questions were crafted to evaluate potential vendors on financial stability, ethical treatment of reindeers, sustainability in sourcing wood, adherence to sleigh safety standards, the efficacy of their business continuity plans, and the origins of their labour. These inquiries were designed not just to assess the vendors' current capabilities, but also to gauge their alignment with the North Pole's values and long-term viability. Systematic capture made it easy for the North Pole to evaluate what was outstanding and request follow up information.

Risk assessment: beyond the naughty or nice

After scrutinising the due diligence responses, Mrs Claus and her team conducted a detailed risk assessment of their chosen vendor, Sleigh Maintenance Co. Despite satisfactory due diligence responses, concerns remained about labour practices potentially leading to crew shortages and the use of unsustainably sourced wood, which could spark a reputational blizzard for Santa. To mitigate these risks, Mrs Claus implemented clauses mandating annual third-party certifications confirming adherence to industry standards in labour and environmental practices.

Ongoing monitoring: elves on vigil

To ensure the sleigh would be ready for its critical Christmas Eve journey, ongoing monitoring was paramount. The vendor was required to provide regular updates on sleigh performance and undergo quarterly financial stability reviews. This proactive approach aimed to prevent any unforeseen issues, ensuring that the sleighs remained in top condition.

Crisis averted: managing the unthinkable

During the year, a dip in sleigh performance data signalled potential trouble. It was discovered that a rogue decision had led to the use of inferior wood in sleigh maintenance. Under Mrs Claus's leadership, this crisis was swiftly managed. The vendor corrected the issue, and sleigh performance was restored to optimal levels, demonstrating the effectiveness of the VRM process in real-time problem-solving. With visibility into the outstanding issues and actions for all vendors, Mrs Claus had a bird’s eye view of where attention was needed.

The maiden voyage: sleighing it

The true test of the revised approach to vendor risk management came on Christmas Eve. As Santa embarked on his maiden voyage with the new vendor, the stakes were high. The successful journey across the starlit sky was a testament to the robustness of the North Pole's vendor risk management. It was a clear indication that the new system was not just up to the task but could ensure the magic of Christmas delivery was preserved.

The impounding of Santa's sleighs was a blessing in disguise, catalysing a transformation in how the North Pole managed vendor risks. Mrs Claus's leadership in implementing a comprehensive VRM process ensured that Santa's operation adapted to modern challenges, maintaining the joy and reliability of Christmas deliveries.


A festive call to action

This tale from the North Pole serves as a reminder of the importance of robust vendor risk management. As you prepare for your own festive celebrations, consider the lessons from Santa’s workshop. Whether in a magical or corporate realm, foresight, preparation, and effective risk management are key to success.

If you want to know more about how to assess your vendor risk, download our Vendor Risk Management eBook for a detailed step-by-step guide of to build an effective vendor risk management program:

Read eBook

About the author

Michael is passionate about the field of risk management and related disciplines, with a focus on helping organisations succeed using a ‘decisions eyes wide open’ approach. His experience includes managing risk functions, assurance programs, policy management, corporate insurance, and compliance. He is a Certified Practicing Risk Manager whose curiosity drives his approach to challenge the status quo and look for innovative solutions.