How technology is an effective enabler of vendor risk management

Brendan Batch   |   November 19, 2021
enterprise risk mitigation

You have the right strategies, you have the right people and processes. Now it’s time to implement third-party risk management efficiently, because no one wants added cost pressures.

With so much data being created and passed around, traditional or manual practices are no longer suited to the new reality of sheer information volume and scale.   

As there is no one-size-fits-all solution, organisations have started to configure their technology stack to support third-party risk management programs across different business functions – while ensuring shared visibility.  

Why technology for enterprise vendor risk management?

Before diving deeper into the specific ways in which technology can help, it is useful to consider the high-level benefits to set the right level of expectations for technology adoption. Many of the benefits fall under the "cost avoidance" category: 

  • Centralised hub of up-to-date information shared with the right stakeholders to inform decision-making 
  • Ensuring every possible due diligence step has been taken – shield of defence in case of an audit  
  • Freed up time to focus on strategic tasks that can mitigate risks much earlier such as demand planning, category management, tender documentation and specification  
  • Facilitating and not hindering the adoption of best practices in procurement/governance 
  • Enabling multiple supplier segmentation strategies and applying those to various workflows 
  • Ability to pinpoint where, when, who, how at any stage of the procurement lifecycle to improve accountability and proactive troubleshooting 

Mapping third-party risk management solutions against risks

The following tables provide a vendor management risk / technology matrix - or how technology can help mitigate various risk areas mentioned in previous articles of this series.

With each risk topic, you’ll find a description of the risk, the consequence for not managing it, the technology solution, and the benefits.


Legal compliance 

Diversity quotas 

Exposure to fraud (external) 


Unethical, non-compliant practices conducted in your supply chain, intentionally or not 

Government-imposed or corporate sustainability quota requirements not met 

Unauthorised vendor profile updates 
(e.g. unverified banking details) 


Non-compliant organisations may face penalties or brand damage 

Missed opportunities on government contracts and revenue, brand reputation 

Payments made to imposters of the vendor 


Prequalification questionnaires, compliance document expiry notifications 

Supplier database segmentation and reporting, prequalification questionnaires 

Secure vendor portals and notifications of significant changes  


Legal compliance at scale, better vendor relationship management 

Better understanding of supplier pool to diversify sources, improved standing with clients

Improved security and accountability 



Exposure to fraud (internal) 

Business continuity/ Overdependence  

Choosing the inappropriate vendor  


Conflict of interest not declared or managed properly 

Business disruption due to issues with key vendors.
Heavy reliance on a select few 

No accessible data to inform decision making during the subcontractor selection process 


Value for money not achieved and possible investigation (internal/external) 

Operational delays, financial loss, or diminishing gains from bulk buying 


Value for money not achieved, potential delays or reputational issues 


Tailored valuation and approval workflows, audit trail of procurement activities 

Up-to-date prequalified vendor database. Access to an open marketplace 

Up-to-date vendor database, evaluation & approval workflow 


Oversight of supply chain, ensuring probity 

Diversified vendor pool for competitive advantage 

Business continuity, or defensible decisions  



Failure to deliver on contract 

Spend leakage 

Inefficient tools/systems 


No shared visibility over contract timeline and milestones 

Lack of process governance, maverick spend, poor spend visibility

Reliance on manual or paper-based processes, task duplication and siloed systems 


Project delays, potential financial and reputational impact 

Pressure on margins, operational delays due to cost overruns  

High administrative burden that leads to process bottlenecks and non-compliance 


Contract management, post-engagement performance evaluation  

Audit trail of procurement activities, threshold protected purchasing, ERP integrations to match PO records.   

Automated workflows, customisable user access, audit trail  


Opportunities for early rectification, informed decision at next sourcing event 

Supply chain visibility and accountability

Enabling efficiency, collaboration and governance   


Technology is not the silver bullet 

As always, the caveat is technology alone does not solve the third-party vendor risk management puzzle. It helps align people and processes, thereby enabling stronger governance.  

Another way to look at it is technology serves as the conduit between the lines of defence mentioned previously. Below is an example of the vendor onboarding process facilitated by technology across different stakeholders. 

 Vendor Management Process Maps

Indeed, this is the perfect-world scenario, where stakeholders at all levels are aligned on the executives’ vision around risk mitigation, processes are designed to match users’ needs, and investment into the right technology platform is made to ensure maximum uptake.  

Where to from here?

Supply chain risk management is an enterprise-wide initiative that requires collaboration across traditionally siloed departments: procurement, legal, Industrial Relations, operations.   

How do we move from firefighting to prevention, from reactive to proactive?

And how much budget should we allocate to supplier risk and performance management? Figures have been thrown around, such as:

“Organisations should also consider allocating a higher proportion of annual enterprise risk management operating expenditure (opex) to pre-screening and exit planning and termination activities – perhaps about 10% to each of these. This would supplement the focus on selection – due diligence and contracting at 20 to 30% of the budget, and ongoing monitoring at 50% or a little above.” (Deloite)  

In short, organisations need to increase investment to match the importance of third parties in the supply chain – which is high as ever.   

Our latest research report Building in the Dark - High-risk Supply Chains: Attitudes, Responses & Opportunities also touches on how industry peers are or are not using technology in managing their vendors.

If you’re interested in some benchmarking data to build a business case, download the white paper here.

Download white paper

Brendan Batch
Brendan is the Head of Enterprise Strategy & Development at Felix. Dealing with a range of private and Government entities, Brendan works on improving business process efficiency, minimising risk, and increasing collaboration and transparency across business units. He's always open to chat about how software innovation can improve your business.
Follow me:

Related Articles

Technology, Risk mitigation, Value creation
Getting buy-in for procurement software: The Stakeholder playbook

Our previous post taking inspiration from the Ever Given saga, touched on some tips to build a business case for procurement software.  No matter what job title you have, chances are you’ve already known you need a solution, now it’s just a matter of convincing others to share your vision. 

Technology, Value creation
Ideas for procurement performance and vendor spend reports

Big data, small data, lots of data. What are we supposed to do with all this data? It can get overwhelming quickly. Many construction companies miss out on critical insights because they're managing procurement manually with excel and email.

Value creation
Using Felix to support transparent communication with vendors during the tendering process

Vendor communication is an important part of the tendering process. While an RFQ is open and sitting with vendors, information may change and when it does, vendors should be informed.

Let's stay in touch

Get the monthly dose of supply chain, procurement and technology insights with the Felix newsletter.