Best practices | February 25, 2021

Effective Vendor Risk Management

In the IT industry, cooperation with external IT providers is part and parcel of the business. Apart from the widely acknowledged benefits of IT outsourcing, including cost savings, access to IT talents and increased efficiency, it also comes with some potential risks. How can we effectively manage and mitigate risk related to cooperation with a third-party provider, especially in the era of accelerated digital transformation? Below we share some useful tips and best practices for vendor managers and IT leaders.


Why does Vendor Risk Management matter?

According to Gartner, “Vendor risk management (VRM) is the process of ensuring that the use of service providers and IT suppliers does not create an unacceptable potential for business disruption or a negative impact on business performance”. In the era of digital transformation, when companies are held back by limited access to IT talents, effective vendor management plays a strategic role.

Potential risks in cooperation with IT vendors

According to a Deloitte report, within the last 3 years 87% of companies have faced a disruptive incident related to cooperation with third-party vendors. In some industries, the costs of such incidents have been colossal, amounting to $1 billion. Potential risks may pertain to many areas, from reputation, to regulatory compliance and data breaches, to finances and operations, which – in the case of major incidents – have a huge business impact.

Main challenges in Vendor Risk Management in 2021

The idea of Vendor Risk Management is widely known; however, the new pandemic-related challenges in 2020 forced many companies to verify their VRM strategies in terms of:

  • Budget planning – the pandemic turned companies’ budgets upside-down so that they needed to either postpone planned IT projects or expedite the implementation of digital transformation solutions. The dynamic situation forced them to plan expenditures for the coming years carefully, and thereby search for cost-effective solutions.
  • Sourcing strategies – both undertaking new projects and putting other ones on hold called for flexibility in terms of resource management and cooperation with third-parties. Companies without vendor management strategies struggled to set up new partnerships and address talent shortage issues.
  • Business models – as the remote workforce has become the new standard, companies were forced to rethink their cooperation models, including their approach to working-from-home policies and cybersecurity-related aspects.
  • Multisourcing – the pandemic-related service delivery stoppages or supply chain disruptions raised the need for multisourcing and diversification of providers’ portfolios. While cooperating with multiple service providers, it is worth taking into consideration such aspects as the political and economic stability of given countries. This measure can help to minimize the risks related to potential delivery disruptions. 

Best practices in vendor management

  1. Take time to assess – in times of crisis when everything happens “right here, night now”, experienced vendor managers know that they need to resist the temptation of expediting the entire third-party engagement process. It will pay off in the long run, helping to minimize potential financial, operational and reputational risks.
  2. Make it Agile – as we all learned in 2020, “flexibility is the best policy”. Agility is the answer to changing circumstances and helps to address aspects such as sourcing strategies and the adoption of new business models. Agile methodologies, like Scrum, facilitate communication, and contribute to minimizing risks related to misunderstanding. This is why the Agile mindset is a perfect match for the nearshoring cooperation model.
  3. Bet on quality – have in your portfolio a provider ensuring quality. Such a partner should be able to act swiftly, respond to changes, and communicate effectively, which is not always the case in the offshoring model. It is worth engaging a nearshoring partner, with similar working culture and operating in the same time zone. 
  4. Be ready for a change – as cooperation with an external vendor develops, new issues may arise. This is why vendor managers should be attentive listeners and observers, so as to identify potential risk gaps on time. Cooperation built on trust is crucial, but it is a process that should be monitored and developed.


In times of uncertainty caused by the global crisis, vendor managers and IT leaders encounter new challenges in the field of budget planning, sourcing strategies and the adoption of new business models. In 2021, vendor managers should not be afraid to revise their strategies, and should be open to new partnerships. It may take some time to build long-term ones, it’s true, but as the saying goes, great things take time.

Agnieszka Bujak
International Business Development Manager

Business Development Manager with ten years of sales experience on international markets. At JCommerce, she is responsible for the development of the company's services in the Benelux countries and in France. In her private life, she loves reading (Scandinavian crime novels and professional literature about sales and negotiations), travelling and cooking.