Insights
Leverage Existing Investments to Mitigate Vendor Onboarding Risk
Vendor management, meet employee onboarding
Key Takeaways
Behavioral health demands outpace supply, causing stress for providers, payers and patients
Today’s challenging economy makes finding efficiencies more important than ever, and vendor onboarding and relationship management are great places to start. The challenge is streamlining without adding potential compliance issues and risk to your organization.
One straightforward way to achieve both objectives is to leverage the parallels between vendor and employee onboarding. Taking advantage of best practices from other areas of your business can help you maximize the value of prior investments in process and technology while mitigating the risk of breaches and noncompliance.
Like employees, vendors have access to systems or portals that integrate with sensitive data and technology, yet companies often fail to communicate security standards or ensure visibility into vendor data access. As a result, third-party vendors are a frequent source of security breaches. And digital transformations often increase the number of vendors companies work with, further exacerbating these security risks.
Providers and payers can act independently to alleviate the issue,
or go one step further to build a partnership
Partnership includes sharing pain points, successes and data across the table and collaborating to build new, concerted solutions
Data and digital tools are key enablers
Vendor risks don’t go away once the onboarding process is complete. As the nature of their work evolves or new processes are introduced, risks often increase. Vendor risk management should be conducted throughout the entire lifecycle of the relationship. Offboarding poses new risks as well, like failing to ensure that vendors no longer have access to company data and systems.
As with onboarding, here are some areas where Human Resource (“HR”) and Procurement departments can find synergies:
• Relationship management: Similar to employees, vendors should
be able to easily share a change of address, update contact
information, and inform the company of other relevant changes.
Regular check-ins and reviews can help head off issues before
they arise and decrease duplications in your database and
reports.
• Offboarding: HR and Procurement can collaborate to design
policies and procedures to reduce the security risk when
employees and vendors are offboarded. Companies rarely have a
fully automated employee offboarding process and often fail
to terminate access for former employees. Likewise, 60% of
organizations don’t consider third-party risk when offboarding
a vendor.
By combining efforts across employee and vendor offboarding policies and procedures, businesses can significantly reduce risks – especially in high turnover environments.
Don't stop at onboarding
Watch our on-demand training and learn about trends that will impact your strategy, including the significance of accurate and complete data, how tech innovations are impacting the space, and changes in ESG reporting frameworks and climate risk disclosure. Watch now.
BACK TO Insights
Many organizations have prioritized their employee onboarding experience, making process and technology improvements that can offer a head start for vendor management upgrades. Relevant examples include background and reference checks, confirming employee data, and training new hires based on roles and responsibilities. The challenge is unlocking those capabilities in a different part of the business.
1
Optimize cooling and heating
Today’s employees want to work for climate and social justice-friendly organizations. In a time when talent retention is a chief concern among executives, you don’t want to lose this competitive hiring edge.
Regardless of market conditions, investors are demanding action on ESG – by pausing your ESG efforts you risk falling out of favor with your investor owners and may even experience decreased access to capital.
Overseas, the EU just announced its final approval of the Corporate Sustainability Reporting Directive (CSRD). In the US, it’s only a matter of time before the SEC finalizes its climate disclosure ruling.
ESG is now part of the social license to operate, and customers reward sustainable businesses with their dollars – by cutting ESG initiatives you risk alienating this influential consumer demographic.
You risk alienating
your consumers
You may fail to meet investor demands
You’ll be left behind on emerging regulations
You could spur high employee turnover
No matter where your business operates, it’s going to be far
more expensive to invest in the necessary strategies to achieve compliance down the line than if you start getting ready now. With a possible economic downturn just around the corner, this expense may prove to be extra burdensome if you hold off.
While it’s critical to plan and prepare for the risks vendors can introduce through their entire lifecycle, starting with the knowledge and tools your organization already has in place can help you cut costs and gain efficiencies.
Independent third-party risk assessments are often beneficial and sometimes mandated. Through assessments of your policies, procedures, and technologies, we can help your business identify the gap between where you are and where you need to be.
We welcome your questions and look forward to providing helpful solutions that add value with less investment and more expertise.
The bottom line
by Vincent Tarantino and Shelia McClendon
Read on for high-impact strategies to reduce your GHG emissions footprint in four key areas:
• Energy efficiency
• Renewable energy
• Transportation
• Materials
Be sure your cooling and heating schedule aligns with times when your employees are actually on site. Many businesses have air conditioning or heating on 24/7, while most employees are only there from 9 to 5. For additional energy efficiency savings, consider installing a Building Automation System.
1
AssesS
Purchase RECs
If you can’t purchase renewable energy through your local energy supplier or utilities provider, your next-best option is to purchase Renewable Energy Certificates (RECs). RECs are simply an attribute you buy - one REC is created for every megawatt hour of renewable energy generated.
There are two kinds of RECs, bundled and unbundled. Bundled RECs are sold when renewable energy is produced. This means they are tied to the actual creation of renewable energy at a specific time, location, and facility. As such, they are far more impactful than their unbundled counterparts. You can purchase them through your local utility or by contracting with third-party energy suppliers in some states.
Unbundled RECs are sold separately from the renewable energy itself and are available nationally. Although purchasing unbundled RECs can be a cost-effective way to achieve your sustainability goals, they aren’t typically adding new renewable energy to the grid and therefore don't have as positive an impact.
Bottom line – use unbundled RECs sparingly and only as a last resort.
4
During vendor onboarding, your company collects all of the information needed to approve a supplier. One of the most important aspects, of this process, is ensuring prospective suppliers comply with your organization’s regulations and standards as well as local, state, and federal laws.
There are many ways to assess existing employee tools and determine which ones can be used to strengthen vendor management policies and procedures and establish effective vendor relationships. Examples include:
Making the most of your employee onboarding investment
How to get started
Assess what you already have and consider how it can be leveraged.
DEtermine
Determine gaps and decide what needs to be created, along with the resources and time required to implement.
2
Prioritize
Prioritize based on areas that represent the greatest exposure and lowest implementation costs.
3
gain
Gain an independent perspective based on best practices and current trends.
4
Employees
vendors
system access
Policies & Procedures
Reference Checks
Security & Compliance
Do you provide distinct levels of access for your temporary contractors vs. employees?
Should you deploy the same access principles for vendors who are serving a one-time need for a single project vs. vendors who are on-going business partners?
How do you collect and validate reference checks, testing, etc. required for employees?
Should you have the same documentation for vendors?
What type of policy and procedure training do you require for your employees?
What sections of the training could you retool for vendors?
Do you require security and compliance training for employees?
Organizations with high levels of sensitive data wouldn’t provide badges to new employees until they pass a security tests. Should you also require this training for vendors?
Learn about current trends in risk and compliance
Get in touch.