Vendor Management Policy
Edit Template
VENDOR MANAGEMENT POLICY
OVERVIEW
[COMPANY NAME] is committed to ensuring coordinate and consistent management of critical vendors as part of its overall management, maintain member privacy and confidentiality of member information. [COMPANY NAME] is ensures full compliance with the requirements applicable law and regulations regarding risk management, vendor, and contract management of third-party service providers.
PURPOSE
The purpose of the Vendor Management Policy is to provide written guidelines surrounding the procurement of third-party services and products in accordance with [COMPANY NAME] (the Company) mission, obligations, and ongoing administration of Company functions.
SCOPE
This policy applies to all vendors and service providers. [COMPANY NAME] must enforce this policy and vendors and suppliers are required to follow.
VENDOR
DEFINITION
A “Vendor”, also referred to as a “seller”, is an enterprise that contributes goods or services to other business partners.
POLICY STATEMENT
Business Owners will evaluate all vendor products and services, negotiate the prices, and negotiate the contract terms before contracting with the vendor. The type of evaluation will vary and should be commensurate with risk, complexity and product or service cost. A formal due diligence analysis will be conducted for any relationship where the combined implementation and annual contract costs exceed [TOTAL COST].
A Business Owner has the discretion to alter this amount or waive this requirement up to his/her authorized signing limits. Any alteration of the amount or waiver of this requirement must be documented in the due diligence file of the 3rd party vendor.
Verbal product and service agreements are prohibited. All vendors must provide, depending upon the services and products engaged, a purchase invoice, legal contract and/or service agreement.
The Bu
siness
Owner will appoint, as needed, appropriate staff members to perform a due diligence review prior to entering any arrangement with a third-party vendor and due diligence reviews for existing third-party vendors.
The Business Owner will review the contract(s) along with the supporting due diligence in order to determine if any outstanding issues exist.
If then willing to contract with a vendor, the Business Owner will execute the contract and proceed with implementation of service or product as defined in Section I above (New Product or Service Provider)
.
Business Owners will have the responsibility for the management of the vendor relationship.
The Business Owner, either directly or through the assistance of staff will conduct oversight reviews for third party services in accordance the appropriate laws, regulations, and policies/procedures.
The Business Owner will record the results of the oversight review for the third-party services and will determine the appropriate action. This will include reporting the results to management or the board, if necessary, who will then determine the appropriate action.
Miscellaneous
Appropriate action is defined as one of the following actions:
Approval to continue service with vendor;
Approval to continue service with the vendor, but on conditions of additional information and/or more frequent review;
Begin a process to review other vendors; or
Terminate the service/product for the credit union
LEGAL REVIEW STANDARDS
Vendor reviews may require external legal review. The Business Owner
or the Senior Executives can request external legal counsel. Legal review may be
required when one or more
of the following conditions exist:
The contract exceeds
[TOTAL COST]
in cumulative fees or annual recurring cost;
The relationship and/or the contract is unusually complex in terms of operational matters, legal terms and provisions, fee structures, third party involvement and/or the potential for excessive liability
to the company
;
The vendor is critical to operations and its reputation is not known or it has limited market presence;
Vendor is unwilling to amend or include critical contract changes requested by the
company
.
RELATIONSHIP MONITORING STANDARDS
The Business Owner
assigns a vendor risk rating at the time of engagement and is reviewed periodically through the term of the contract. The Business Owner
should base criticality on the following elements:
Criticality:
Impact to operations if the service or product was suddenly not available and/or excessive liability to the credit union.
Dependence:
Degree of difficulty involved in finding and implementing a service or product replacement.
Financial Commitment:
Higher financial commitment equates to higher risk of financial loss if relationship were to fail.
Performance:
Vendors with substandard or unproven performance require a higher degree of monitoring by the Business Owner.
Regulatory Impact:
Vendor’s ability to impact the credit union’s level of regulatory compliance.
Business Impact:
Vendor’s ability to impact business reputation or strategy.
VENDOR MONITORING STANDARDS
Business Owners will schedule their vendor review dates. Review dates are
flexible and may be set to coincide with the vendor’s fiscal or calendar financial reporting dates, annual contract renewals, service issues or receipt of internal control reports.
Business Owners will record annual
vendor reviews. Material adverse issues should be clearly documented and brought to the attention of management.
Review standards include performance, internal controls and financial.
EMPLOYEE AGREEMENT ON
VENDOR MANAGEMENT POLICY
I acknowledge that I have received a copy of the [COMPANY NAME] Vendor Management Policy. I have read and understand the policy. I understand that, if I violate the policy, I may be subject to disciplinary action, including termination. I further understand that I will contact my supervisor if I have any questions about any aspect of the policy.
Date:
COMPANY EMPLOYEE
Authorized Signature Authorized Signature
Print Name and Title Print Name and Title