There are plenty (other) fish in the sea. Why vendor selection is more important now than ever?

Technologies cause rapid changes in business environment. For the last couple of years we’ve evolved an ability of asking the right questions. Instead of wondering about outsourcing as a channel to innovate markets, we start exploring how it could improve and force companies’ strategies and actually why the traditional forms of outsourcing are dead. Proactive innovation driving in many cases means cooperation with vendors. From the back-office suppliers’ position, they are becoming key players in many fields, sometimes even reaching a role of a strategic advisor helping companies transform at many levels.

Writing this post, I’ve been aiming at highlighting the growing significance of vendor selection management. Some examples of the situations below show which mistakes made at the stage of choosing subcontractors, resulted with crises at the later stages.

Main takeaways:

  • Why the vendor has no more choice and must be agile?
  • What are the consequences when you bet on the wrong vendor?

So, how to choose the best vendor, build effective relations and foster cooperation a successful journey for all parts?

According to The Deloitte Global Outsourcing Survey 2018, avoiding traditional roadblocks as extensive upfront planning, lengthy implementation times and long-term contracts enables companies to be more agile, rapidly expand, enter new markets and transform internal operations. In the same survey business leaders admitted that cost optimization is no longer the most important (it is not even in „top five”). Instead of it, businesses are searching for solutions and partners have capabilities to deliver competitive processes, which let them be more agile, efficient and effective.
So… looking for a vendor seems to be like searching well-tailored employee meeting company needs? Apparently, yes — especially in times when outsourcing became playing the leading role in current business environment. Vendor, subcontractor, data processor, supplier, third party — we can name them in many ways.
After all, the most important thing is to realize that…

…Agility equals stability

In the series of McKinsey articles regarding agility, one of five trends is organization as a living organisms. As human body reacts quickly to microbes only when it’s in good, stable shape, business is able to immediately answer the challenges and opportunities only when having a strong backbone. Struggling with data processes needs trustworthy third parties.
Imagine that you give very important task to a new, non-checked, first in a row partner, and then ask yourself…

What could go wrong?

The answers is: everything! The subcontractor’s failures in performance may be fraught with serious consequences regardless of the scale of the business. They may even go beyond the boundaries of the business world by touching, for example, politics.
We all know the cases where 3rd parties’ errors (intentional or not) caused serious crises. For me, one of these situations is undoubtedly a 2016–2017 crisis of one of the biggest telecoms in Poland, with external marketing agency and their call center employees stealing customers’ contact data and selling it to the company’s competition. Does anybody recall the vendor’s name? Probably not. But everyone remembers the the slip-up and the telecom’s name.
And politics? Voting processes are more and more technology (and thus, vendor) dependant. Take the Polish 2014 regional elections. A company was selected by Polish Electoral Commission and given a task to launch an online platform capable of counting votes from over 25k electoral commissions (31M possible votes). There was actually one vendor selection criteria there and yes, it was the price. The prepared voting system caused chaos and resulted in the resignation of all Electoral Commision Members. It was childishly easy to attack by hacker and had errors that completely undermined social trust in the correctness of the electoral processes (e.g. after counting the votes in the elections for the Mayor of the City of Szczecin, the system announced a winner a candidate who was not listed in this district). Vendor’s name is long forgotten, as the company does not exist anymore. But the names and faces of Electoral Commision officials responsible are still well remembered.

The consequences

Vendor rarely takes the bullet and it’s usually the buyer who has to bite it. Of course, you can go to the court and draw the consequences afterwards, but will your customers care? It’s the buyer who is responsible for his vendors performance. If vendor doesn’t perform well, it’s his fault, but it’s the buyer who will suffer the following as collateral damage:

  • Loss of reputation
  • Penalties for non-compliance (regulation)
  • Legal responsibility
  • Operational and business interruptions

A long time relationship with your vendor? Is it manageable?

Vendors cause risks and for me risks mean “it can be managed.’’ It’s possible for companies to have vendor risk management processes, it’s possible to make the processes efficient.
If you got here with your reading, I have great news for you. I am working on another text which will aim at presenting how to build efficient risk management processes and how to do it long term. I will run it for you step by step:

  • Show you how to start
  • Create vendor risk profiles
  • Ensure 3rd party compliance
  • Choose the most risky vendors for audit
  • Mitigate risks coming from 3rd parties

And reveal secret how to build a business relationship based on the value that vendor is continuously providing to the client.


The AdaptiveGRC platform offers a variety of modules to help manage GRC activities for your company.

In order to meet your company's specific needs, our team of experienced developers can tailor the required functionalities to deliver exactly what your company needs. If your company requires a customized module to effectively meet its needs, we can help.

Let us fit the best solution for your company. Fill out the form below.

Streamline Your GRC Activities with AdaptiveGRC
Get Results Faster.

  • Fill out the form.
  • Our consultant will work with you to determine what your company needs.
  • We will schedule a product demo to show you the required features.
  • We will gain your feedback and tailor a tool to your needs.
Fill in the form

    The Controller of your personal data is C&F S.A. with its headquarters in Warsaw, Poland. Your data will be processed in accordance with C&F S.A. Privacy Policy


    Read Gartner reviews to find out what users think about our solutions

    One of the best GRC software with very good price

    Adaptive GRC offers a great deal of flexibility in supporting GRC&AUDIT processes. The product is continuously developed and the customer receives new possibilities and functionalities. In addition, the price is very attractive in comparison to competitive products. The support team takes a flexible approach to the customer's needs.

    Sebastian B. CEO | Computer & Network Security

    Comprehensive platform for managing risk and compliance

    I used AdaptiveGRC Compliance and Risk Management modules for more than a year. Implementation went smooth, and the support team was always very helpful. I especially value the functionality AdaptiveGRC offers - all GRC processes can be managed in one tool, and there is a single database. The tool helped my organization lower operating costs and gain a better understanding of risks in the organization.

    Marcin K. Chief Information Security Officer | Financial Services

    Perfect program for compliance control

    It is amazing that thanks to AdaptiveGRC individual assessment management can be shortened from days to minutes. The tool can generate reports for different stakeholders containing only their desired assessment outcome data. I appreciate much the possibility of generating compliance specification lists for supplier contracts or internal departments.

    Jasween K. Compliance Pharmaceuticals

    AdaptiveGRC supports insurance companies in their risk and compliance management processes

    I used AdaptiveGRC to 1. support insurance companies' compliance management processes following a complex industry-specific regulation. 2. I also used AdaptiveGRC to support the process of managing and monitoring data processors as GDPR came into effect. I experienced a significant increase in efficiency in both cases.

    Verified Reviewer Insurance | Self-employed

    What's in a name...

    As the name is representative, AdaptiveGRC is a complete, interconnected GRC solution that can be adapted to organizations across industries and size. The AGRC team did a superb job designing and building a best-in-class GRC solution that addresses the challenges faced in today's uncertain and ever-changing global business climate. Working with the AGRC team has been a pleasure and the support they have provided is exceptional.

    D Scott C. Business Development | Biotechnology

    Financial institutions could benefit greatly from AdaptiveGRC

    I am happy to be able to use AdaptiveGRC in my work. This dedicated solution is very helpful for anyone that has to fill out the SREP questionnaire. The extra time I gained was priceless. The platform's design was also very appealing to me. The fact that it was so simple to use was a major plus for me. Due to its comparison capabilities with past years' forms, I was able to cut down on the amount of time it took to complete the new questionnaire. What is more, I was able to monitor the progress of the people assigned to the process.

    Anna C. Head of Fin Crimes Team | Banking

    Great support for inurance company

    My overall experience has been great. I also liked the layout of the platform. The time and control I gained is invaluable. I like the fact that it was very easy to use. It definitely allowed me to shorten the time I had to spend on filling out the SREP questionnaire. I also could easily control the status of work of my team members, check their progress, and monitor on daily basis.

    Verified Reviewer Insurance

    AdaptiveGRC - Big Player in GRC

    Easy to install and easy to configure. Out of the box solution. Cloud based or Server. AdaptiveGRC is an enterprise governance, risk management and compliance (eGRC) solution set with unique and unequalled capabilities. AdaptiveGRC can be deployed as one fully interconnected solution suite, or you can choose one or more modules.

    Leigh M. National Accounts | Consumer Goods
    This site is registered on as a development site. Switch to a production site key to remove this banner.