The CVO playbook for a successful vendor adventure — Part 2 / 2

In the first part, we have seen how the CVO must focus first on the defensive line. Now let’s see how the CVO can create value, be accountable by metrics, and whom the CVO should report to.

The Offensive line

Focus on specific projects to bring quick vendor value:

• On-boarding. Evaluate how to accelerate and standardize the vendor on-boarding. It includes IT collaboration and scheduling, security authorizations, employee training on the product, and providing vendors with information and focal points.
• Performance tracking. The contract commitments must be tracked. They vary between product performance, customer support, product upgrades and roadmap, compliance and security fix commitments. Tracking these will give you an edge during contract renewal.
• Cost vs. usage. Track the number of licenses acquired and their actual usage. The procurement team will be happy to receive them.
• Find alternatives. A hard one. For critical vendors, managing the vendor risk and negotiating prices with the vendor can help when you know about a realistic alternative.
  This alternative is realistic if it provides the same kind of service/product at the same level. Besides, the switch cost (in money and time) should be manageable and the vendor should have a high chance of being declared valid by the defensive line in a timely manner.

Promoting a Vendor culture

Nurturing a Vendor culture is a long-term task. It convinces stakeholders to see an agile environment with fast vendor on-boarding and off-boarding.

This Vendor culture can be implemented gradually:

1. Promote vendor requests. Discuss difficulties with co-workers and think about whether a vendor may exist. Bring success stories to executives. Simplify the vendor request process.
2. Highlight your work. When a stakeholder requests a new Vendor, he or she is expecting regular updates. These updates should humanize the vendor integration process by reflecting current roadblocks and how the vendor responds (at a high level).
3. Bring the Voice of the Vendor. Critical vendors are also important stakeholders in the project. Sometimes, strong collaborations between vendors and your company may result in a strong product/service differentiation. Attention to the vendor (e.g., by providing feedback and requests) may be prioritized too. In product development, Product Managers may take this role.

The Metrics

What are the metrics to evaluate CVOs?

• Cost and risk reduction. Track the cost and risk reduction in each defensive field (compliance, security, privacy).
• Integration quality. Measure the time between the business unit requiring a solution and its implementation. This overall time is a good indicator of the vendor selection and the on-boarding process.
• Decompose the vendor path similarly to a customer path. A vendor funnel can be set up with the different steps: request, selection, validation, negotiation, on-boarding, actual usage.
• Business outcome. Guesstimate the impact of vendor insertions/replacements on the business.

Who does the CVO report to?

As seen, the CVO role is versatile, operational, and has many interactions. The CVO should therefore report to the CIO or to the COO. Reporting to an agile position will allow the CVO to quickly implement changes that highlight the collaboration between the teams.

---

The CVO is a complex role. It involves an oversight of vendor selection, validation, on-boarding, renewal, and off-boarding. Many internal actors are involved. And for the company, the potential is huge in value creation and cost & risk reduction.

Somehow, I have a feeling that some CDOs will consider this role as their next move.

Or how fundamental Customer concepts can change our worldview about Vendors

“The limits of my language means the limits of my world” — Wittgenstein

I am fascinated by bilingualism. Sure, by learning two languages simultaneously, on average, a child starts speaking later. But he or she gets so much in return. Not only the ability to speak two languages fluently. The child understands both cultures, the arbitrary of language, and practices brain plasticity to learn new languages (i.e., new worldviews).

It is interesting to think about what corporate bilingualism could mean. Each corporate field has its own professional terms. Professionals that know the professional jargon can integrate, communicate, and play with concepts more easily. Bilingual professionals master multiple fields fluently and learn quickly about new fields.

Consequently, applying fundamental concepts from one world to another enlarges our limits. Here, I analyze the Vendor world while considering Customer concepts. I discuss the Chief Vendor Officer (CVO) role, the vendor relationship, and the vendor culture. In this matter, I use relevant standard customer concepts (e.g., “Customer Success”) and replace the word “Customer” with “Vendor.” This exercise brings us an immediate vocabulary for the vendor world.

The role of the Chief Vendor Officer (CVO)

The CVO department is not limited to today’s Vendor Management Office (VMO), although the VMO is central. It is equivalent to a Vendor Success or Vendor Support office.

The CVO handles the whole Vendor Experience. The CVO must prepare the Vendor Journey from the beginning (vendor discovery) up to the termination (vendor off-boarding). The Vendor Journey is composed of different steps compared to the Customer Journey. The Customer Journey is sometimes simplified to 5 steps: Acquisition, Activation, Retention, Referral, and Revenue (AARRR metrics). The Vendor Journey is different since the company is the customer. It is composed of Selection, Validation, Negotiation, On-Boarding, and Renewal.

The CVO must analyze in a funnel plot how long each step takes to know where to enhance first. As a result, the CVO should talk to internal and vendor stakeholders for Vendor insights. A Vendor Management platform may complete the picture and provide other companies’ feedback on the quality of their relationship with a vendor.

Besides, the CVO can look back on sudden “vendor churn,” when the replacement of vendors was unexpected (either by the vendor or the company “firing” the other one). Some Vendor insights may reside here also, especially if the vendor is vocal.

The Vendor Relationship

How does the CVO manage the Vendor relationship? He or she is not the single vendor-facing position. Many teams will often interact with a Vendor. It includes: The Business Unit requiring the service, Procurement, Legal, IT, Security, Risk & Compliance, Privacy (if personal data is shared).

So many companies’ stakeholders can lead a coherent action only if they are aligned. To help them, a common platform displaying a Single Vendor View (or a Vendor-360) must be in place. This Vendor Relationship Management platform displays all the information relative to the Vendor.

For complex operations (e.g., performance tracking over time), a Vendor Data Platform may be needed to have a unified vendor profile from various data sources (Data flows, Support, Networking).

A Vendor-centric culture

Why is it important to have a Vendor-centric culture? On one hand, customers are bringing revenue to the company, not the vendors. On the other hand, vendors can bring a lot of value when they innovate and integrate well on how to solve the company’s needs. Being vendor-focused and having a close vendor relationship may reveal new untapped value, mainly for critical vendors. This requires both company and vendor engagement.

How to measure this value? A complex exercise for the CVO is to compute the Vendor Lifetime Value. How much value does this Vendor bring to the Company overall? Should I look for other vendors? Where can I increase this value? For example, good on-boarding and training on vendor products gives extra value from existing products to the company.

---

Vendors will never replace Customers as a first-position focus. Each one has its own role in the value chain. However, fundamental concepts about Customers should be used with Vendors. Suddenly, the vendor is not a simple, interchangeable service provider. The vendor looks more like a partner with common interests that we can measure.

The company is still focused only on the company’s success. Synergies, fruitful collaborations, or any win-win relationships with the vendor should be actively sought. It is somehow harder to execute.

Vendors are the new oil. And the recent rise of Chief Data Officers (CDOs) could show us the path to how to gain faster from vendors: with a Chief Vendor Officer.

Do you remember how we were handling our passwords? We all had our own strategy. Some were using the same password everywhere. Maybe twisting a bit according to the password requirements, such as adding a special character or the website name. Others were writing them down in an unlocked document. Others were forgetting them with each new account access.

Since switching to password managers (thank you, Keepass), I’ve felt lighter and more secure, free of the mental burden of creating and remembering passwords. The transition was interesting. I had to retrieve all my accounts. I suddenly understood that my accounts were all over the Internet, and there was no automatic way to find them (a trick is revealed later). Try to recall; you, too, might have a lot of accounts out there.

That’s the point. As individuals and companies, we steadily increase our use of SaaS vendors. These vendors excel in providing specialized products and services that resolve our needs and pain points. For companies, they are the source of a tremendous potential for efficiency. Such a critical resource must be managed at the top level. Welcome to the Chief Vendor Officer.

The evolution of CxO roles

I know what you are thinking. “What?! Another Chief-something-Officer role?” Indeed, many CxO roles have been created over the years (Wikipedia references almost 50). Even the ‘V’ of the CVO is already used by the Chief Visionary Officer.

Traditionally, CxOs were focused on their discipline (Marketing, Sales, Technology, or Finance). Then, in the past decades, new CxOs were handling a major resource or risk that was present all throughout the company (IT, Security, Knowledge, or Data).

For example, recently, the presence of a Chief Data Officer (CDO) in Fortune 1000 companies has jumped from 12% in 2012 to more than 60% in 2018. This high adoption rate reflects the necessity to manage data in times of Big Data, AI, and privacy regulations.

The exemplary CDO path

Early on, after 2008’s financial crisis, most CDOs were present mainly in the financial sector. Since then, they have been in all sectors. In only a few years, the CDO role has evolved a lot. Data was seen as the new oil, with a lot of potential to provide valuable insights. But first, the data had to be managed.

Thus, the CDO’s concerns were first defensive: security, privacy, regulatory compliance, and quality of the data. After that, the CDO became more offensive, i.e., creating value from data. For example, via data collaboration and fostering data science projects (somehow starting with anti-fraud and customer churn projects).

A lot of skepticism was present when the CDO arrived, since this function was planned to change corporate culture and processes. The need for a Chief Vendor Officer is similar today.

---

How did I find all my Vendors? Today, users have easier access to their data than to their vendors. My Vendor discovery process was simply to retrieve all the confirmation emails in my mailbox sent after an account creation. Finding account creation via a search bar in my data is easy. Knowing which product or service is available out there and is relevant to me is a more difficult problem.

The call for Vendors

We are in a Vendor economy. A lot has been said about Big Data and AI. It is less common that vendors have an edge. While specializing and providing a generic solution, they collect a rich and diverse dataset to better solve the problem they are focused on. For each issue we have, we must first think if this issue is somehow generic and then look for a potential vendor.

A suggested roadmap to the CVO

So, what should be the role of the CVO? The CDO shows us the path. The CVO should make some orders first and then bring value to the company.

• Be defensive first. The CVO must have the big picture of the vendors and ensure they are responsible for working with them. Not a simple task. As seen, discovering all the vendors is already complex for an individual. Processes need to change to track vendor on-boarding and off-boarding.
  Besides, the CVO must ensure compliance with the regulatory, privacy, and security requirements (shared personal data, vendor data breach, GDPR).
• Then be offensive. Vendors can provide a lot of value. Their selection and on-boarding should be accelerated, with a defensive line at business speed. The vendor’s performance should be tracked against the signed contract. And alternative best-fit vendor searches should be standardized where needed.
  Above all, a vendor culture must be fostered to prefer by default Vendor solutions over internal solutions for non-core expertise subjects.

---

I never click on the “Forgot password?” link anymore. I know my accounts and who to update upon major changes (new address, new credit card number, or even new email address). I am on top of it.

In our companies, we need roles to account for valuable people or resources. The CDO is the voice of data with untapped potential, and the Chief Product Officer or Chief Customer Officer is the voice of the customers. Who is the voice of the Vendor today?

The CVO playbook for a successful vendor adventure — Part 1 / 2

“Congratulations! You will be our first CVO! Unclear what it means, but you will guess it out, right? You start on Monday. By the way, ‘V’ for Vendors.”

So, here we are. Monday morning. A bit lost. Where do I start?

We already defended why a new CVO role is critical in our new Vendor economy. Vendors, in particular IT Vendors such as SaaS services, are omnipresent. Their usage steadily increases. They access some of the company’s data. They provide specialized services to manage tasks more efficiently. Their products can be called tools, platforms, or solutions. And companies need to manage them.

Even if the vendor subject is not gathered by a full-time employee but by a committee, they still need to go through the same steps.

Build a Vendor strategy

The first step of a CVO is to build a Vendor strategy. What do we want to achieve, and on what timeline? This vendor strategy provides key metrics and a clear roadmap. The Vendor strategy answers who will own each part of the vendor relationship and what the vendor lifecycle management looks like.

The Vendor strategy will also include all the roadmap elements as detailed here—both the defensive and offensive lines. Given this roadmap, an efficient tool providing all the aspects of Vendor Management with a Single Vendor View is critical.

The CVO will not manage all aspects of the vendor’s relationship. He is a key figure in establishing a vendor-centric culture and processes. As we will see, the CVO must collaborate closely with many other departments, including: Legal, Compliance, Privacy, Security, IT, and Procurement.

The Defensive line— Vendor discovery first

Before being able to manage our vendors, we need to know who they are. Building a vendor catalog requires a vendor discovery, i.e., retrieving all the vendors. Vendor discovery is not easy; the vendors are not all referenced in a single source of truth. Use a system to find all the vendors. Some SaaS companies automate the process as much as possible.

If that is not enough, you should not restrict yourself only to third-party vendors , i.e., the vendors you have signed an agreement with. You should also find out about their vendors, the so-called fourth parties, since they are also a liability.

Where do we get all these vendors from? Different sources must be considered in parallel:

• The third-party and fourth-party vendors present on your websites can be retrieved automatically. There are excellent tools out there for this.
• The Legal department has all the signed contracts.
• The Finance department knows who was paid.
• The Compliance department may have already set up a Third-Party Risk management program.
• The IT department may have a list of applications and companies present in the organization (e.g., via an application manager).

Still on the Defensive line: Compliance, Privacy and Security

Once most vendors are found, it is time to set up a process to ensure any new vendor will be registered in your system, preferably automatically.

You must ensure different processes are already in place or fill the gap quickly:

• Legal: ensure the contract lifecycle management (CLM) is managed well, including contract renewals (already in place in general).
• Compliance: set up a Vendor Risk management (VRM) program to reduce the vendor’s risk. Decide the vendor criticality criteria (3–5 tiers) and track mainly the critical ones. Choose your vendor risk methodology and evaluate the maturity from time to time (e.g., with the VRMMM model).
• Privacy: ground-breaking privacy regulations that involve vendors have been  passed recently. They are called “data processors” by EU GDPR or “service providers” by California CCPA. Ensure the presence of contracts with strict clauses about personal data protection and assessment questionnaires to better understand the vendor’s data handling.
• Security: the CISO must validate the vendor and their practices in depth to avoid data breaches in accordance with the vendor criticality (e.g., with an assessment questionnaire). The CISO may require you to insert some clauses in the contract (like the Dropbox team).

---

The defensive line should aim to evaluate vendors and give their go/no-go at business speed. It is not always that simple. Automation and clearly defined processes help a lot.

The CVO should focus only on the defensive line, at least during the first year or two. Having a solid infrastructure to handle efficiently the “must-do” regulatory aspects is a must before creating value (part 2).