Differences in governance, vendor management, and compliance efforts matter.
Outsourcing does not relieve corporate management of responsibility for governance and oversight of the functions that have been outsourced. While you probably agree with that statement, you may have difficulty defining exactly what it means. For instance, if you were asked to explain the differences between governance, vendor management, and compliance, what would you say?
Governance often refers to the fiduciary aspects of benefit plan management such as oversight of plan investments and plan committee decisions relating to claims management. Commonly, vendor management refers to the limited function of reporting and reconciling benefit feeds to various vendors. Compliance can mean compliance with vendor contracts and service deliverables.
Consider the following structure for understanding the broader levels of vendor oversight responsibility.
Governance We should think of governance as the guiding principles and management oversight structure that the board of directors and senior management team adopt to ensure that the decisions they make about strategy and the goals they set are implemented.
When applied to administering benefits programs, this definition of governance is not solely focused on fiduciary duties such as selecting investment managers and approving plan design changes, which usually are responsibilities delegated to specific plan committees. It also concentrates on the overriding corporate goals of risk management, employee recruitment, retention and satisfaction, and return on corporate investments.
Sarbanes-Oxley mandates that senior management and the board of directors sharpen their focus on corporate controls, but that increased focus on controls can carry an organization only so far. For example, Sarbanes-Oxley does not dictate the company’s commitment to implementing employee or manager self-service features or the level of involvement over escalated employee concerns. The senior level of management must set the tone for the level of service and accuracy expected from outsourced vendors and the resources dedicated to managing outside resources.
Vendor Management Generally, the art of management is the tactical implementation of the governance structure defined above. Implementation includes development of the policies, programs, tools, and organizational structure needed to support the principals and oversight requirements adopted by senior leadership.
Vendor management is the extension of the organization’s oversight policies and programs to vendors. The vendor is concerned with delivery of services through its people, processes, and technology. An organization with strong vendor management oversight programs measures more than the vendor’s level of service demonstrated by service-center statistics it periodically provides. Well-developed oversight programs take a more active role when they also measure:
—Documented processes and controls across the entire vendor organization
—Tracking and implementation of service focused to meet both quality improvements and cost reductions
—Adoption of best practices in technology
—Implementation of HR benefits strategies
—Return on investment
—Contractual monitoring and review
Compliance In an outsourced environment, compliance is the focus on the legal and regulatory aspect of service delivery and is one component of the governance and management functions described above. It includes being confident that outsourced services correspond with plan documents and employee communications. However, compliance oversight alone will not provide a picture of all risks and opportunities. For instance, a compliance review could fail to identify improvements in the data feeds that would eliminate excessive data review and manipulation by the vendors.
An organization can benefit from implementation of a vendor management oversight program that utilizes cross-functional expertise to examine all of the following: employee-focused services; administration processing services; technology management; relationship management; risk management; compliance; and quality management.
Follow-through on the results of a comprehensive vendor management program will drive improvements in quality, cost management, and risk mitigation.