We know of a situation where a large retail chain was unable to determine whether the company it had hired to track certificates of insurance (COI) was doing its job. The reporting was so difficult to decipher that the company had no idea of its overall state of third-party compliance. After months of haggling with the vendor, the company was ultimately obligated to hire an outside auditor to uncover the truth. Not surprisingly, the audit revealed serious problems and the company had to make a sudden and expensive change to a different service provider.
Extreme? Let's hope so, but you have to wonder why a company you hire to do an important job would deliberately make it hard to see what they are doing on your behalf. Oh, think I know...they don't want you to know too much or they might get found out(!)
Of course, you need to know what the actual state of compliance is at all times, otherwise you are flying blind. The only way to do that is to be provided with an online platform you can access anytime from anywhere in real time. And once there, all key performance data must be readily available. At minimum, you need to know four key pieces of information:
This information is the basic starting point for any compliance tracking system. If not easily accessed and displayed you might wonder why it is not.
An implicit benefit in full disclosure is that the vendor is conveying confidence in its ability to perform the contracted service successfully. After all, by being fully transparent the vendor runs the risk of revealing its own weaknesses, if any. A professionally managed compliance vendor should harbor no such reservations.
Prior to signing the contract, ask the vendor to show you the kind of reports that will be available and how frequently they are updated. Determine what KPIs will be available and their ease of access. Absent this basic information, you're at risk twice – you don't know what your own exposure is, and you don't know what your vendor is doing about it.