Rsam survey discovers 46% of respondents aren’t using metrics for their vendor risk management program.

How long is your commute from work to home? I live just 7 miles away from my office but it can take anywhere from 30 minutes to an hour. Given the wide time variances, I experiment with many different routes. Regardless which route I may take on any given day, I always time my trip. It’s my commuting metric. If I don’t know how long it takes to drive each route, I would never know the best options.

Every day metrics like timing your commute home applies to more complicated metrics, like how do I know if my Vendor Risk Management (VRM) program is working. In a recent survey, Rsam learned that nearly 50% of organizations don’t have metrics for their VRM program. How can organizations improve their efficiency if they don’t have a baseline to measure objectives? Here are some things to think about when implementing VRM metrics.

What’s your number: When you discover what kind of analytics are important for your program, make sure it’s a metric that can be distilled into a number that is measureable. Improvements to programs are not made from antidotal evidence. Metrics foster objectivity.

Don’t marry your metric: Metrics are put in place to gain efficiencies. If initial metrics aren’t giving your organization value, have a process to keep reevaluating your metrics and be prepared to adjust or remove.

Caring means sharing: In the same Rsam survey, almost 70% stated that there were at least 3 business units that had direct input and requirements for their VRM program. When you create the metrics for you vendor risk program, make sure they account for all stakeholders and the metrics are meaningfully for all parties.