How CPAs Can Manage Vendors and Still Focus on Their Core Business
Organizations must focus on their core business – and that often means hiring vendors and service providers to perform tasks which fall outside of that core. A prime example of this is upgrading your organization’s information technology structure. While you may know exactly what you want and how to go about getting it done, chances are that most CPAs lack the time or staff to make that goal a reality – without some outside help.
Managing vendors and service providers ranked among the top ten technology initiatives in both the U.S. and Canada according to the AICPA's 2013 North America Top Technology Initiatives Survey Results. Although overall confidence levels have declined, the survey showed some interesting differences between how public accounting firms and those in business and industry in both countries ranked the issue. In the U.S., public accounting firms rated the issue of managing vendors and service providers as the eighth most important; however business and industry organizations rated it tenth.
Here are a few steps you can take to manage vendors and service providers:
- Obtain a SOC Report. Ensure the service organization has the appropriate controls in place for security, availability, processing integrity, confidentiality and privacy. Asking if a service provider has a Service Organization Control Report or for them to obtain one as a requirement to do business is a good first step.
- Assess Vendor and Provider Risk. Identify and learn how to mitigate risks. There are always risks, such as not knowing how to find the right service provider or coming to distrust the vendor on issues of security, confidentiality or processing integrity. In order to avoid complications, it’s critical that you assess the specific risks associated with what you are looking to accomplish. That includes identifying reliable providers, performing the necessary due diligence before engaging a provider and analyzing the costs of engaging a provider.
- Establish an SLA. Before working with the service organization, you should enter into a Service Level Agreement. An SLA is a contract between you and the service organization that outlines the requirements of the service they will be performing. The SLA also establishes performance metrics based on the service to be performed. You can use the SLA to ensure all requirements are outlined upfront and to ensure the work performed is acceptable. You may also want to establish performance decrements, which attach a monetary value to a vendor’s performance.
- Avoid SLA Decay. Taking the time to address the risks can help to validate the sufficiency and completeness of the terms and conditions of an SLA. Organizations will be better equipped to measure compliance with the terms stated within the SLA and will have better leverage to negotiate a flexible contract with the provider which can be reasonably adjusted or exited if need be. Making sure you’ve got the latter covered can provide you with greater peace of mind – in the event that an agreement goes sour.
- Manage the Vendor. Ultimately, you need to ensure the vendor has the resources they need to perform the task at hand. Designate a project manager to oversee the vendor. Ensure that project manager is receiving regular reports on performance from the vendor and is sharing it with your executives. Most importantly, be proactive. It is better to identify a problem and find a solution before it happens, than it is after the fact.
Confidence levels in managing vendors and service providers have declined across the board for both U.S. and Canada, making this initiative one of the most important. In 2013, 56% of survey respondents reported that they were confident or highly confident in the ability of their clients' or their organizations to manage vendors and service providers. That confidence level dipped nine points with only 47% of respondents reporting being confident or highly confident this year. One reason may be that as the economy continues to rebound, organizations may be working with vendors and service providers on a more regular basis.
Bob Green, CPA/CITP, lead partner for SingerLewak’s business risk and technology services practice, recently conducted a Facebook chat for the AICPA on “Accounting software upgrades: Tips for success and pitfalls to avoid.” Watch a replay of the chat to learn more.
Susan Pierce, CPA/CITP, CGMA, Senior Technical Manager – IMTA, American Institute of CPAs. Susan drives the strategic mission of providing value to the IMTA professional, the CITP credential holder and the technology-engaged CPA.
SLA image via Shutterstock