Vendor Management Using COBIT 5

Vendors constitute an important part of an enterprise's external environment. The increased use of outsourcing and cloud computing implies that vendors are taking on an increasingly fundamental role in the operations of an enterprise.

As the scope, scale and complexity of vendor relationships and services increase, the risk related to them and the importance of effective vendor management increase proportionately. Managing external vendors should be a key competency for every enterprise and can lead to optimally mitigated risk and significant benefits.

This publication describes the vendor management process and its activities and then presents the most common threats, risk and mitigation actions. A detailed case study is provided to show the potential consequences of faulty vendor management. Practical sample templates and checklists are also provided to help during implementation of the concepts presented in this publication.

Who Should Use This Guide?

The vendor management process involves many stakeholder functions within the enterprise, including:

• The legal function (validate contracts)
• The compliance, legal and audit functions (consulted during the review of service agreements)
• The risk function (analyzes vendor-related risk)
• The board (budget approvals)
• The procurement function (oversees the overall selection and management process)