Most third party risk managers eventually deal with bad vendor contracts. In most cases, these contracts – which lack important provisions or no longer conform to regulatory requirements or organizational guidelines – pose significant risks to the organization. Many of these risks can be mitigated, be doing so requires a well-defined process, a robust third party risk management capability and the right mindset.
It’s important to note that poorly drafted or outdated vendor contracts exist in most organizations. It’s not a reflection on the company, but a painful reality of the lack of coordination between risk management and contracting groups. In the past, I conducted comprehensive reviews of vendor contracts at major financial institutions. These reviews routinely unearthed numerous contracts that were out of alignment with current corporate standards, regulations and/or best practices. As veteran IT writer John Edwards asserts in a new CIO article, “Like death, taxes and network downtime, bad contracts are a fact of life for most IT leaders.”
John was kind enough to reach out to me for some insights while researching his article, “7 Tips for Getting Out of a Bad Vendor Contract.” The overall guidance and specific steps John presents in his piece are right on the mark, and I encourage you to give it a read. While addressing the interview questions John put to me, I reviewed several considerations that are important for third party risk managers to keep in mind when dealing with unacceptable contracts, including:
Ideally, terminations can be avoided when bad contracts are uncovered. This positive outcome is more likely to occur when a vendor views your organization as a critical business partner and is willing to work with you to find a solution acceptable to both parties.
By downloading this software, you acknowledge that you may be invited to provide usability feedback to help improve its functionality. Feedback does not guarantee changes or compensation.