LAS VEGAS (12/10/15)--The supervisory committee may not select its credit union’s vendors, but it is crucial that it knows the business plans and policies behind such third-party relationships.
During a Wednesday breakout session at the CUNA Supervisory Committee and Internal Audit Conference in Las Vegas, Tony Ferris said the supervisory committee has to be looking at policy and controls to determine if the vendor adds value to the credit union and its members.
Ferris, managing partner of The Rochdale Group, said current vendor management is a rote “check the box” process. In the future, it will have to support selection, evaluation and monitoring of third-party relationships.
Vendor management has to be effective within the credit union’s business case, he said. “If almost 50% of your operating budget is devoted to vendors, do you know what return you are getting on your investment today?” he asked. “In most cases, no.”
Ferris noted one credit union brings all of its most-critical vendors together for a strategic view of what the credit union wants and needs, and how those vendors fit into its business plan.
“The supervisory committee plays a huge role in asking the questions around why a vendor relationship exists,” Ferris said. What is the business plan? Are there metrics, and if so, what are they tied to? What is the vendor’s reputation? What do we expect to get out of the relationship?
The supervisory committee needs to see the business plan and how the relationships are being monitored, evaluated and managed, he said. And if a supervisory committee can’t see those processes, it should ask if those processes are being performed consistently.
Third-party due diligence is a challenge. “Most vendors aren’t set up for the type of research we need,” he said, “But do we know what we’re asking and why we’re asking it?”
Vendors are expected to answer roughly 400 questions, but credit unions may not know if the answers are right, or even relevant. “Data does not equal intelligence,” he said.
Nearly 340 supervisory committee members and internal auditors from more than 180 credit unions attended the three-day conference, which ended Wednesday, in Las Vegas.