The Client: Zurich Insurance Company Ltd (UK)
In 2013, the UK sourcing team of Zurich Insurance was given a tough mandate - find and implement a Vendor Risk Management (VRM) solution across 500+ vendors in just three months! It was a tight deadline - yet, the urgency was warranted, as there were multiple vendor related challenges that had to be addressed quickly. VRM processes had become increasingly complex, manual, and labor intensive. In the absence of an effective VRM system, most critical vendor information was managed on spreadsheets.
Adding to the challenge, the sourcing team had developed a “toolkit” of vendor policies and procedures, which hadn’t been uniformly adopted across the organization’s sourcing and procurement functions.
The sourcing team began looking for a VRM solution that could be quickly implemented out-of-the-box, without any customization. The solution needed to be scalable with end-to-end functionalities for VRM, as well as self-service tools that would enable vendors to upload data on their own.
The implementation timelines were challenging, and the demands were tough. Yet the sourcing team was determined to make it work.
The MetricStream VRM Solution has simplified and strengthened VRM processes across Zurich Insurance’s UK operations. The solution was rolled out over MetricStream GRC Cloud, and as a result, it went live within a few weeks, despite the large scale and scope of the implementation.
Today, the solution is enabling and supporting the following processes at Zurich Insurance:
Through the course of their VRM project, Zurich Insurance identified several best practices:
Zurich Insurance and MetricStream will continue their partnership by rolling out the MetricStream solution across the global organization.
The teams are also working on implementing vendor self-service capabilities which will simplify vendor assessments and assurance processes by enabling vendors to upload their own data.
In the future, the solution will be extended to include more capabilities such as vendor contract management and integration with vendor payment systems.
Developing a strategy, engaging with key stakeholders
The team defined a 3-year strategy for vendor risk management. The first year had already passed - wherein they had defined vendor processes, policies, and procedures. Year two was about finding the right VRM solution and embedding it within the organization. Year three focus was on extending the solution to new areas of the business.
This strategy was laid out with clearly-defined timelines. The sourcing team then set up a structure of how to engage with key stakeholders at each stage of the VRM project in order to keep them informed. The team also implemented good governance and control processes around their VRM strategy to ensure that everything went as planned.
Choosing a VRM solution provider
Zurich Insurance spent a significant amount of time researching and evaluating VRM solution providers to find the right fit for their organization. MetricStream was selected based on their market leadership, solution functionalities, potential for continuous partnership, and compatibility. Moreover, MetricStream had the capability to roll out the VRM solution quickly over their secure and scalable cloud offering.
Onboarding MetricStream was the next challenge. Typically Zurich Insurance conducts extensive due diligence, reviews, and approvals processes before partnering with external third parties which can take several months. However, in this particular instance, as the deadlines were short, due diligence and onboarding processes had to be accelerated. So, the sourcing team began to proactively collaborate with multiple executives in the organization, bringing alive the VRM strategy for them, and helping them understand the urgency of the implementation. As a result, it was possible to expedite the onboarding process with MetricStream to ensure they could meet the VRM implementation deadline.
Building an implementation plan
The UK sourcing team from Zurich Insurance spent two days with the MetricStream team, explaining their vendor processes, as well as their VRM solution requirements, ensuring the team had a clear set of requirements. This approach ensured everybody knew what needed to be done and by when which helped deliver a smooth implementation from start to finish.
Ensuring continuous reporting
Throughout the implementation process, Zurich Insurance kept communicating with the MetricStream team, discussing the project requirements, and making sure that both teams were aligned and understood what was needed. This continuous communication and collaboration was a major success factor in the project - it helped ensure that everyone was interpreting the implementation requirements in the same way.
Creating pilot programs
Together, the sourcing team and MetricStream built a number of VRM pilots that enabled them to see what the end result would like, and determine whether or not that worked for the company. On occasions when things didn’t quite go according to plan, the teams would go back to the drawing board, and discuss what needed to be changed. Whilst the whole process took some time, it was very useful in ensuring the right functionality was delivered and that the rollout was smooth.
Combining training and testing
Most companies test a solution first, and then train their users on it. Yet Zurich Insurance chose to do both simultaneously, given the short timelines of their project. The approach worked well for them - users would get trained on the MetricStream solution, and then go into the system, get comfortable with the tools, identify any bugs, and make sure that they were fixed.