A business that an organization hires, purchases goods and services from, or otherwise contracts to provide something can be referenced by many names: supplier, vendor, third party, contractor, reseller, provider, merchant, partner. The last example—partner—is especially apt, because a key supplier can become a valuable asset for the company it’s working with. A strong partnership forms, and both the contracting organization and the supplier greatly benefit from the arrangement.
Whether it’s a supplier, vendor, or partner, entering any contract with a third party creates inherent risk. That level of risk varies by contractor, and the best way to measure this risk (and see if it’s being mitigated) is to conduct assessments. Supplier risk assessments and vendor risk assessments come with their own expectations and requirements, and both can play an important role in your supplier diversity efforts. Here is a look at the differences between the two assessments:
Suppliers and Vendors
The terms “supplier” and “vendor” are often used interchangeably in risk discussions—even by businesses that specialize in third-party risk management. We are going to distinguish between the two for this post, but be aware that this distinction may not be applied by others. The definitions are:
- Supplier: A third party that provides valuable goods and services key to your product and production. For example, an automaker may not make its own tires for the cars it builds and instead buys them from a supplier.
- Vendor: A third party that provides ancillary goods and services and that helps your organization sustain successful operations but does not necessarily affect the consumer product you manufacture or deliver. For example, the same automaker needs office supplies for its corporate headquarters and likely purchases them from a vendor.
Supplier Risk Assessments
If a supplier is hypercritical to the successful production of your good or successful delivery of your service, or if it is inherently extra risky (such as a third party that handles customer payment info—necessary to sell the good or service but also loaded with risk), then it’s a prime candidate for a supplier risk assessment. The process can audit many different areas, including adherence to industry certifications and standards, the financial health of the supplier, geographic and geopolitical factors, a supplier’s contingency plans in case of emergency (so that it still delivers its product to you), and cybersecurity. A supplier risk assessment evaluates a multitude of factors and provides actionable information that you and the supplier can use to mitigate that risk.
Vendor Risk Assessments
An organization may contract literally thousands of third parties and can’t possibly assess more than a small fraction of its suppliers, much less its vendors. Fortunately, with many vendors, the risk they present is minimal—if the third party that provides an automaker’s office supplies goes out of business, finding another vendor to deliver yellow legal pads is relatively simple. That said, some vendors are vital to your operations and/or present increased risk and might need to be assessed. For example, a vendor that provides physical security to your facilities could be replaced but not easily and not before potentially exposing your business to great damage and liability.
Suppliers, Vendors, and Diversity
Both suppliers and vendors are necessary for dynamic, profit-boosting operations in this day and age, and both can boost your supplier diversity program. However, you can’t simply bring either on board just for the sake of hiring a diverse business—these third parties should boost your bottom line. Risk assessments, whether they are for suppliers or vendors, help your most vital partners be successful (which, of course, supplements your success), stay active in your diversity program, and address your risk requirements. That’s a winning combination for supplier diversity professionals striving to find, develop, and continue working with top diverse suppliers and vendors.
How actively do you assess suppliers and vendors for risk?