Skip to content

Vendor risk management: Is monitoring mysteriously missing?

In the dynamic world of business, vendor relationships are akin to the gears in a well-oiled machine. When they function smoothly, we often take them for granted. But what if a gear misaligns or shows signs of wear? Suddenly, the entire mechanism is at risk. This brings us to a crucial aspect of vendor risk management: continuous monitoring. Let's dive into why this element is so vital and, surprisingly, often overlooked.

Subscribe to our Knowledge Hub to make sure you catch the rest of our Vendor Risk Management blog series:

Subscribe now

The importance of post-onboarding vendor monitoring

Imagine you've just hired a new team member. You've vetted their credentials, conducted interviews, and they've passed with flying colors… and then never check in with them again. Of course, that doesn’t happen. So why would we accept that across our extended enterprise? Once a vendor is onboarded, the journey of collaboration has just begun.

Monitoring vendors post-onboarding is essential because:

  • Dynamic risk landscape: The business environment is ever-evolving. A vendor that was low-risk during onboarding might face new challenges, altering their risk profile.
  • Protecting our interests: We invest time, money, and trust in our vendors. Continuous monitoring ensures that our investments are safeguarded.
  • Compliance and transparency: Regular check-ins ensure that vendors adhere to the agreed-upon standards, fostering a culture of trust and transparency.

Ongoing risk assessments and monitoring

Risk assessments aren't a one-time affair. They're akin to our annual health check-ups – essential for assurance and early detection. Here are some types of assessments and monitoring techniques we should consider:

  • Financial health checks: Regularly review a vendor's financial statements. This can provide insights into their stability and long-term viability.
  • Performance reviews: Assess if the vendor is meeting the agreed-upon service levels and deliverables.
  • Compliance audits: Ensure that vendors are adhering to industry regulations and best practices. Are they keeping abreast of regulatory change in their sector?
  • Reputation monitoring: Keep an ear to the ground. What are others saying about our vendor? A sudden spate of negative reviews might be a red flag.
  • Operational change: Assess whether the vendor is undergoing major operational change initiatives. They might pose execution risks by themselves, but also change the vendors ongoing risk profile.

When monitoring goes wrong: a cautionary tale

In a previous blog, we mentioned the UK government’s failures when engaging with Malaysian medical glove supplier Supermax, who were accused of forced labor. Ansell, an Australian medical glove distributor, used a different supplier from Malaysia, the Brightway Group. Over a period of time, Brightway came under similar fire for their working conditions. In December 2021, US Customs banned imports from Brightway, citing 10 out of 11 indicators for forced labor.

Ansell were not oblivious to these allegations – indeed, they issued statements about how they were responding, although this may have been due to the public exposure and pressure rather than proactive monitoring. But although Ansell stated they were working with Brightway to address some of the concerns, this did not prevent a case being brought against the Australian company for ‘knowingly profiting from the alleged use of forced labor’.

There are a few take-aways from this story.

  • Perhaps the biggest is that the claims against Ansell were made former workers of Brightway against Ansell. Let me rephrase for impact – employees of your vendors may sue you for your failure to take action to protect them.
  • We don’t know the details of what Ansell’s internal monitoring looked like. However, it’s not hard to imagine that if it was poorly designed or delivered, relevant information about the risk exposure may not have been delivered to key stakeholders.
  • Even where monitoring is in place, you need criteria and defined triggers to escalate or take further action to address issues you uncover. If the monitoring would never change action no matter what you find, it’s a waste. The US Customs ban would probably have been a good time to rethink.

So why is it often missing?

Complacency can set in after the initial vetting process. There is a tendency to think that the hard work has been done. Here are two of the main reasons we see, and potential solutions to address them.

  • Resource constraints – Someone needs to perform the monitoring. This can especially be a challenge if you are using manual processes. Automated processes can issue risk assessments or questionnaires, and speed up the process while using less resources. Enabling access and assigning actions directly to the vendor is also a boon.
  • Lack of responsibility – Engaging with a new vendor might be accompanied by big fanfare, with someone prominent at the helm. That person might then move on to the next flashy thing. To solve this problem, ensure ownership of the monitoring is clear – this might remain the original owner, or might be delegated to a team vendor management team. Automated workflows can ensure that monitoring remains on track.

Conclusion and next steps for your organization

Monitoring vendors is not about mistrust; it's about fostering a collaborative and transparent relationship. By ensuring that our vendors align with our values and standards, we not only protect our interests but also empower them to be better partners and achieve shared objectives.

Don’t let monitoring be the mysteriously missing piece in the vendor risk management puzzle. Together, we can ensure that our collaborations are fruitful, ethical, and forward-thinking.

If you want to know more about how to assess your vendor risk, download our Vendor Risk Management eBook for a detailed step-by-step guide of to build an effective vendor risk management program.

Subscribe to our Knowledge Hub to make sure you catch the rest of our Vendor Risk Management blog series:

Subscribe now

About the author

Michael is passionate about the field of risk management and related disciplines, with a focus on helping organisations succeed using a ‘decisions eyes wide open’ approach. His experience includes managing risk functions, assurance programs, policy management, corporate insurance, and compliance. He is a Certified Practicing Risk Manager whose curiosity drives his approach to challenge the status quo and look for innovative solutions.