Vendor management. Sounds as though it could be a bit of a dry subject but judging by recent outings, it is proving a bit of a hot topic.

And that’s reassuring because a) surprise, surprise, it is very important and b) it isn’t done particularly well, which is an awkward combination.

First off, a definition. Gartner defines vendor management as the discipline that enables organisations to control costs, drive service excellence and mitigate risks to gain increased value from their vendors throughout the deal lifecycle. All pretty commonsensical stuff.

Your 7-point action plan

1. Document and analyse current suppliers
2. Segment and prioritise suppliers
3. Develop relationship strategy
4. Develop collaboration and combined objectives
5. Review and refine KPIs and development plan
6. Review risk management
7. Build true relationships

But why are most law firms still approaching vendor management in an ad-hoc fashion, going “issue by issue” or reserving everything for an annual review meeting? These meetings tend to focus on cost, recent issues or operationally irrelevant key performance indicators (KPIs). Record keeping is decentralised and very few conversations with suppliers cover strategic aims, combined objectives, innovation or true partnership. Besides, we all know that if you are reviewing supplier performance against contractual KPIs then the writing is on the wall for the relationship.

Most firms recognise the cost of services purchased for the business but not the enabling impact they have or enhancement value they add. Given that review meetings tend to be focused on cost and day-to-day relationship issues rather than the more strategic Gartner framing, law firms could lay themselves open to the accusation of knowing ‘the cost of everything and the value of nothing’.

So how should a firm go about recognising the value and determining the risk of the supply chain which is needed to deliver its services?


Step 1 – Create Visibility

The first step is to create visibility and understanding around existing suppliers and the services they provide, and to determine their importance in underpinning the services that the law firm provides to its clients.

It is fair to say that until the introduction of GDPR many firms did not even maintain a centralised list of suppliers or contracts. The work done to assess suppliers’ compliance with GDPR can be a great starting place for vendor management.

We would recommend the following tasks:-

Create a coherent list of all current services/contracts detailing:

  • Description of service
  • Supplier contacts
  • Business owner (internal)
  • Expenditure per annum
  • Key dates (Termination, Review, Rollovers etc)
  • Key contractual clauses
  • Risk profile
    • Importance of service
    • Risk to business if service fails
    • Supplier risk profile
    • Formal risk reports from 3rd party report providers

Introduce centralised record keeping

  • Bank of contracts
  • History of contractual changes
  • Minutes of meetings
  • Records of major issues raised
  • Document any ‘Lessons learned’ in the duration of the relationship
  • Document known supplier risks and mitigations

Step 2 – Segmentation and Prioritisation

 Once you have a list of all the suppliers and services this needs to be segmented and prioritised so the appropriate approach can be taken with each supplier.

This aims to identify strategic partners, important suppliers and unimportant transactional suppliers.

  • Strategic Partners – a small number of strategic partners e.g. bankers, accountants, core technology providers
  • Important Suppliers – Suppliers needed for the business to operate but who could be replaced e.g. important but commodity technology suppliers such as telecoms vendors
  • Transactional Commodity – Commodity suppliers who are selected on the basis of price and can be easily changed with no impact e.g. standard photocopy paper suppliers

We’d suggest a simple scoring mechanism based on:

  • Expenditure
  • Risk Rating
  • Innovation / continual approval
  • Relying on systems / processes to operate.

Step 3 – Management Strategy and Collaboration

With suppliers now in their appropriate tiers, you can deploy a vendor management strategy so that the appropriate time is invested into these relationships. Using the Pareto rule you should expect to invest 80% of your time into your most strategically important suppliers with about 20% going into your more transactional suppliers.A typical approach for each supplier could be:

  • Tier 1  Strategic
    • Monthly meetings
    • Issues & Resolutions
    • Performance Review (Quality, KPI, Obligations, Risks & Mitigations) (See step 4)
    • Innovation activity
    • Review of delivery on combined objectives
  • Tier 2 – Important
    • Quarterly Meetings
    • Issues & Resolutions
    • Performance Review (Quality, KPI, Obligations, Risks & Mitigations)
  • Tier 3 – Transactional
    • 6 monthly or annual meetings
    • Performance review (basic service level agreement monitoring)
    • Cost Review

This approach will change the dynamics of vendor management: relationships with strategic suppliers become collaborative where suppliers are treated like true partners and not merely subservient suppliers. Equally, suppliers should see their customers as partners and not as a cash machine.

The focus of these relationships has to be a ‘win-win’ with recognised combined objectives.

Step 4 – Review and refine KPIs and development plan

We said at the beginning of this article that when a firm relies increasingly on KPIs it’s a sign that there are wider problems, with the firm looking for something to ‘prove’ the lack of service delivery

But you obviously still need a method of assessing and managing the vendor relationship as part of a more rounded approach. Rather than relying on staid SLAs such as ‘99%’ uptime, we would advocate for your strategic suppliers using a balanced scorecard technique; this enables an assessment of suppliers across various areas and supports the more collaborative style you’re after.

The balanced scorecard should encompass elements such as:

  • Targets
    • ‘Traditional’ adherence to standards
  • Compliance with Obligations
    • Assessment of how the supplier delivered to contractual obligations
  • User Satisfaction
    • Regular assessment of end-users’ views of service (regular surveys etc)
  • Business Risk
    • Regular reviews of supplier risk
    • Review of the risk to business if service fails
  • Innovation
    • Assessment of supplier/service innovation activity
  • Combined objectives
    • Assessment of delivery of shared objectives
  • Operation hygiene
    • Identification of common/re-occurring challenges
    • Definition of processes to address issues
    • Mitigation and management of risk


There’s a fair bit to take in here but a full-blown vendor management strategy as described above is only required for a handful of Tier 1 strategic partners.

And the payback is well worth the effort. Remember, the aim ultimately is to improve the services you as a law firm can provide to your clients – by driving service excellence and increasing value from your vendors, while at the same time mitigating risk and controlling costs.

That is surely reason enough for law firms to take a fresh look at how they manage suppliers and services.