How many vendors does your organization work with? Do all your vendors have the proper credentials and qualifications to do the job you expect them to do? Did your organization exercise its due diligence by screening all your vendors? How and where is all the documentation (including credentialing and screening, legal contracts, training, and education) stored? Do your vendors receive any orientation or periodic training from you? Do your vendors understand your organization’s expectations in terms of compliance? These seem to be simple questions, but not so easy to answer. Depending on your organization’s size and line of business, there may be hundreds—even thousands—of vendors and contractors it interacts with regularly. Hence, it may be complicated and challenging for your compliance team to have all the answers right away—especially when the internal processes are fragmented. From a risk-control perspective, vendor management is not an area that should be missed or taken lightly, given the amount of risk and liability that vendors could potentially cause to your organization’s bottom line.
Because each entity’s set-up or structure varies, vendor management may be under another job function. Some may ask, “So, where does compliance fit in all of this?” Since promoting lawful and ethical behavior and ensuring the organization has hired law-abiding vendors are part of compliance’s responsibility, compliance’s focus on and participation in vendor management will not only help minimize the organization’s exposure to unnecessary liability and risk but also protect it from any reputational damage in the court of public opinion.
It is no secret that government agencies have emphasized the importance of vendor management and compliance through their guidelines and publications, but how to truly operationalize and implement those recommendations is what many compliance teams often struggle with. This article aims to outline the concrete action items that fellow compliance professionals can take to help reduce their exposure to risks and liabilities in connection with vendor management.
Screening and credentialing
As obvious as it may seem, the intake process is the first critical step that sets the foundation for formalizing a business relationship between an organization and a vendor. Considering its significance, it is worth highlighting that the intake process is more than just recording the names and addresses of the vendors. Instead, it often entails multiple key elements dictated by regulatory requirements, industry standards, and compliance procedures, making it an integral part of the organization’s business operations. In certain sectors, such as healthcare which involves more rigorous and stringent rules, credentialing and screening are the necessary steps that healthcare providers must take before a vendor can be engaged to render services or supplies. For instance, a long-term care provider needs to check and ensure that a physician has all the required qualifications and credentials prior to contracting with such physician. In addition, the U.S. Department of Health & Human Services, Office of Inspector General (OIG) mandates that vendors shall be checked against its list of excluded individuals and entities before a provider is allowed to use the vendors’ services.[1]
To streamline the intake process and maintain consistency in practices, creating a standardized vendor form and a checklist with all the required items (e.g., tax IDs/employer identification numbers, license and certification numbers, legal and doing business as names) and necessary steps (e.g., criminal background checks, OIG’s List of Excluded Individuals and Entities,[2] the federal System for Award Management,[3] The Ohio State Medicaid Provider Exclusion and Suspension List[4] ) will be a huge time-saver for teams responsible for handling the information intake, providing clarity, and enhancing efficiency. Whether your organization is utilizing an automated system or manually entering data, it is imperative to verify and validate the credentialing and screening search results.
To ensure accountability, it is equally important to designate appropriate personnel to manage and oversee the intake process. Not only will it clearly delineate duties and expectations, but it will also make team communication much easier and more efficient, particularly when compliance conducts audits on such subject matters. Furthermore, vendor management is a collaborative effort that requires interdepartmental cooperation and cross-functional buy-in. Seeking input and feedback from the groups directly involved in and affected by the new process is an effective way to engage people; they may identify barriers and obstacles that the compliance team is not previously privy to or aware of. After all, a sound system provides a strong foundation for developing efficient business models, leading the organization to reach optimal performance and achieve long-term success.
