Vendor Performance Audit

Framework: Vendor Performance Scorecard (VPS)

Output: Scored vendor review, improvement plan or offboarding recommendation

Most vendor relationships drift because nobody's measuring them. This quarterly audit system gives you a structured way to evaluate every significant vendor, surface problems before they escalate, and make data-driven decisions about renewing, renegotiating, or replacing.

When to Run This Audit

• Quarterly for all Priority vendors (ACV > $10K or operationally critical)
• Semi-annually for Standard vendors
• Triggered any time a major incident occurs (SLA breach, security issue, delivery failure)
• Pre-renewal (minimum 60 days before contract end)

Phase 1: KPI Scorecard

Rate each dimension 1-5. Be honest — this is for your decision-making, not the vendor's feelings.

Dimension 1: Delivery & SLA Performance (Weight: 30%)

Evidence required: Pull ticket data, delivery logs, or incident records. Don't score from memory.

Dimension 2: Quality of Output (Weight: 25%)

Dimension 3: Responsiveness & Communication (Weight: 20%)

Dimension 4: Value vs. Cost (Weight: 15%)

Dimension 5: Strategic Alignment & Roadmap (Weight: 10%)

Phase 2: Composite Score & Tier Classification

Weighted score calculation:

VPS = (D1 × 0.30) + (D2 × 0.25) + (D3 × 0.20) + (D4 × 0.15) + (D5 × 0.10)

Max score = 5.0

Phase 3: Issue Log Review

Before finalizing the score, review your incident/ticket log for this vendor over the review period:

• How many incidents were opened? How many are still open?
• What was the average resolution time? Compare to SLA.
• Were any incidents flagged as critical/high-impact?
• Did any incidents result in downstream business impact (revenue loss, client complaints, compliance exposure)?

Incident severity modifier:

• 1+ critical incident with unresolved root cause → drop tier by one level
• 3+ medium incidents unresolved → flag for improvement plan regardless of VPS score

Phase 4: Improvement Plan Template (Yellow & Orange Tiers)

If VPS < 4.0, issue a formal improvement plan:

Improvement Plan — [Vendor Name] — [Quarter]

• Review Period: [start] – [end]
• VPS Score: [X.X] / 5.0
• Tier: Yellow / Orange
• Review Date: [90 days from today]

Key Issues Identified:

1. [Specific issue with evidence]
2. [Specific issue with evidence]

Required Improvements:

1. [Specific, measurable change required] — Target: [metric] by [date]
2. [Specific, measurable change required] — Target: [metric] by [date]

Consequences if not met:

• Yellow: Move to Orange tier; begin parallel sourcing
• Orange: Contract not renewed; active replacement begins

Acknowledgment: Share this plan with the vendor. Get written acknowledgment.

Phase 5: Offboarding Trigger Criteria

Initiate replacement when ANY of the following are true:

• VPS score < 2.0
• Two consecutive quarters in Orange tier
• Critical incident with material business impact and no credible root cause fix
• Vendor signals they are discontinuing the product/service
• Market alternative offers >30% better value at equivalent quality
• Compliance or security failure

When trigger is met: immediately move to replacement sourcing and set a hard cutover date.

Audit Schedule Template

Run this as a quarterly review in your ops calendar.