Press Release

STAMFORD, Conn., June 11, 2009 View All Press Releases

Gartner Says Vendor Risk Management Is Becoming a Core Enterprise Competency

Gartner Identifies Four Key Vendor Risk Criteria Areas and What to Look for in Each

Enterprises are becoming more reliant on external vendors to provide goods and services necessary to run their businesses and maintain competitiveness, but reliance on vendors can be a risky proposition, especially with the current economic challenges, according to Gartner, Inc.

"As enterprises increase reliance on vendors for products and services, the more they become exposed to greater risk relating to delivery disruption or vendors' inability to deliver the goods and services for which they are contracted," said Helen Huntley, research vice president at Gartner. "It is crucial for enterprises that use external vendors to understand the risk factors that enable them to judge the exposure they have with each vendor should the vendor go under or face challenges that may lead to delivery disruption."

Ms. Huntley said that vendor risk management is becoming a core competency for organizations, and they should ensure that they have a contingency plan in place to support their business should the worst happen and the vendor supporting their mission-critical systems fails them. However, enterprises are advised to categorize vendors before assessing vendor risk, because not all vendors are the same. Some vendors may be categorized as tactical — those that are small in cost and exposure or operate in a commodity environment. Other vendors should be classed as strategic, because the enterprise has a high dependence on them, has high spending, and plans to increase business with the vendor over time.

Gartner has identified four high-level vendor risk criteria areas that enterprises should monitor for any indications that a vendor may be in trouble:

Organizational Risk
Organizational risk focuses on changes in personnel within the vendor organization. Changes in staff, especially at senior levels in the organization, can indicate vendor difficulties. The following events can be indicators of potential trouble:

- Management turnover, especially at senior levels in the organization and most notably the CFO

-President, CEO and chairperson of the board are the same individual or are related

-Large layoffs of vendor staff

-Routine rounds of staff reductions

-High employee turnover, and higher-than-normal sales executive turnover

-Senior executives selling off stock

-Significant increase in executives taking on multiple roles as others depart 

-No outside board members

-Ties severed with partner firms

Financial Risk
Financial risk is risk associated with any form of financing or financial reporting. The following financial metrics or actions should be monitored for patterns, as no sign on its own is likely to be significant:

- Stock-price-related metrics

-Vendor credit rating

-Restatement of financials by filing a 10-K or other regulatory change form

-Declaration of bankruptcy

-Late filings

-Current ratio, debt-to-equity ratio

-Net income growth rate and cash flow

-Return on equity, return on investment, return on assets

-Cash in bank

-Vendor's inability to obtain financing or negotiate a loan to continue business

-Days sales outstanding

Support Risk
Support risk focuses on the risks that clients face when products or services are no longer supported or delivered to the standards outlined in the contract or set by vendors overall. Things to look for include:

-Layoffs of personnel critical to your business

-Decline in service-level performance and vendor's failure to meet service levels

-Decline in customer service and level of resources, lower skills and lack of support

-Customer turnover

-Product failures, spare shortages and lack of support for products

-Product deficiency

Strategy Risk
Strategy risk is focused on changes to a high-level set of directives that vendors use to articulate how they will achieve their missions. Abrupt changes to strategy could indicate vendor challenges, such as lack of alignment, financial difficulties or an overall weak vision. The following should be followed closely:

-Changes in sales and marketing approach, size and type of deals the vendor is targeting, strategic investments, product strategy, geographic strategy, vertical strategy or industry focus

-Arrival of new competitions that threaten the strategic basis of the vendor's business

Additional information is available in the Gartner report "Vendor Risk Management: Criteria You Can Use to See Whether Your Vendor is in Trouble." The report is available on Gartner's Web site at

Gartner has launched a major research initiative: Strategic Vendor Management (SVM), which also encompasses Vendor Risk Management (VRM), to help clients understand these issues and create risk mitigation strategies when using external vendors. This new research area for Gartner includes focused reports on how clients can determine if their vendors are at risk of failure or disruption, how to create vendor risk mitigation strategies, and how derive maximum value from their vendor relationships.

About Gartner

Gartner, Inc. (NYSE: IT), is the world's leading research and advisory company and a member of the S&P 500. We equip business leaders with indispensable insights, advice and tools to achieve their mission-critical priorities and build the successful organizations of tomorrow.

Our unmatched combination of expert-led, practitioner-sourced and data-driven research steers clients toward the right decisions on the issues that matter most. We're trusted as an objective resource and critical partner by more than 15,000 organizations in more than 100 countries—across all major functions, in every industry and enterprise size.

To learn more about how we help decision makers fuel the future of business, visit

Comments or opinions expressed on this blog are those of the individual contributors only, and do not necessarily represent the views of Gartner, Inc. or its management. Readers may copy and redistribute blog postings on other blogs, or otherwise for private, non-commercial or journalistic purposes. This content may not be used for any other purposes in any other formats or media. The content on this blog is provided on an "as-is" basis. Gartner shall not be liable for any damages whatsoever arising out of the content or use of this blog.