Weeding Out Vendor Risk in the RFP Process

Vendor risk management best practices

One day I was working in my garden, when suddenly I realized I was pulling out both weeds and plants. I couldn’t tell the difference anymore.

Gardening is one thing, but what about my growing business and the third-parties we engage to help us flourish? As I thought about the numerous vendors we rely on, I started to think about what “pesky” vendors might be choking out our true partners (i.e., the ones that are truly critical to our success). If any of our vendors are increasing the amount of risk we manage to unacceptable levels, we need to identify them.

On this subject, I’m excited to partner with my friend Chris Pantaenius and his team at Onspring for a webinar called Vendor Risk: Find It Before It Finds You. Together, we’ll provide actionable tips on how to identify and manage sources of vendor risk throughout the RFP, due diligence, contract review and onboarding process.

How to Weed Out Risk with Smart RFPs

One of the big themes I’ll address during the webinar is how to bake risk management into your selection process, in the Request for Proposal (RFP) itself. While it can be tempting to rush through RFP writing, you’ll save yourself several headaches if you take the time to consider risk on the front-end.

Here are a few tips:

1. Requirements and Scope

Make sure you gather requirements from all your key stakeholders. Most of the RFP horror stories we hear happen because the team was rushed, and they didn’t take the time to fully prepare or understand their stakeholders’ needs. They began the RFP before they had budget approval, or before they obtained security requirements from IT. Each time the lack of preparation derailed the whole project in the final hour, wasting everyone’s time.

Instead, set yourself up for success by conferring with all your key stakeholders from the beginning, including legal, procurement, IT, security and compliance.

2. RFP Deal Breakers

One of the best ways to make your RFP process more efficient is to understand your true priorities. Your goal is to determine the key questions that will quickly eliminate unsuitable candidates.

Define your “deal breakers,” the factors which would immediately disqualify a vendor.

When gathering requirements, be sure to differentiate between the must-haves, nice-to-haves, and deal-breakers. Then begin your RFP process with the must-haves, using follow-up rounds if necessary.
Check out the infographic to the right for a few examples of possible deal breakers.

It’s worth the initial work, because if you can weed out unacceptable vendors in the RFP process, you’ll save yourself (and your extended team) a great deal of time in due diligence.

3. RFP Scoring

Not all requirements are created equal. So rather than considering each respondent separately and expressing their value qualitatively, develop a way to assign each respondent a numerical score. You can score by section (for example, functional requirements, security requirements, compliance requirements, etc.) or by individual question. (Learn more about how to do weighted RFP scoring here.)

Quantitative RFP scoring can help you

  • Compare responses objectively
  • Focus on priorities
  • Justify selection criteria
  • More easily identify red flags

Bottom line, by taking the time to include risk management considerations in your RFP format, you’ll be one step ahead when the time comes to closely assess your chosen vendor.

Have a question about third-party risk management? We can answer your questions.

About the author

Dave Hulsen Chief Operating Officer & Cofounder RFP360

Dave Hulsen
Chief Operating Officer & Co-founder of RFP360