Quick answer.
IT vendor governance is the structured set of forums, scorecards, escalation paths, and contractual rights that hold a vendor to the performance the contract promised. Without it, even an excellent contract under-delivers — predictably, on a curve that we observe across virtually every ungoverned engagement.
The 18-month governance decay curve.
In the absence of active governance, vendor performance drifts back toward the lowest-effort baseline within roughly 18 months of go-live. The curve is consistent enough across our engagement archive that we treat it as a planning assumption, not a hypothesis. Month 0–3: vendor is on best behaviour, deal is fresh, account team is attentive. Month 4–9: routine sets in, account team turns over, attention shifts to the next deal. Month 10–18: SLA reports start arriving green by default, escalations get slower, innovation commitments quietly drop. Month 18+: you are now the legacy book; the vendor's strategic energy is somewhere else.
Governance is what flattens the curve.
"The absence of escalations in a relationship that is materially under-performing is not health. It's the wrong people not talking."
— Markus Jaksch, COO, AventarioThe Three-Tier Governance Model.
Tier 1 — Operational.
Weekly or fortnightly. Service desk leads on both sides. Tickets, incidents, SLA breaches, change requests. Concrete and small. The verification layer for SLA reports — issues that surface here either get resolved or escalate to Tier 2.
Tier 2 — Managerial.
Monthly. Service owners, account leads, finance representation. Scorecard, financial reconciliation, risk register, change-request pipeline. The layer where small problems get fixed before they become big ones. Most ungoverned vendor relationships skip this entirely; everything either festers in Tier 1 or jumps to Tier 3.
Tier 3 — Strategic.
Quarterly. CIO/sponsor on the client side; vendor executive on theirs. Roadmap, innovation, contract evolution, relationship health. The conversation that determines whether the vendor is investing in the relationship or harvesting it.
The discipline: nothing skips a tier.
The most common governance failure is not the absence of forums. It is the absence of discipline about which forum handles what. Operational issues end up on the CIO's desk; strategic decisions get made in the weekly stand-up; the QBR becomes a status report. The cure is mechanical: every issue gets logged at its tier; escalations are documented and time-bounded; the QBR agenda is set 10 working days in advance and contains nothing that wasn't on it.
SLA compliance monitoring: don't trust the vendor's report.
The single most reliable governance gap we find is unverified SLA reporting. The vendor's monthly report shows green; nobody compares it to the underlying ticket-level data. When the comparison is run, real availability is often a tier below contracted, with the gap absorbed by category definitions, exclusion clauses, and creative time-stop logic.
The fix is small but cultural: every monthly SLA report is independently reconciled against ticket data before it is accepted. The first cycle of doing this is uncomfortable; subsequent cycles produce dramatically more honest reports.
Escalation processes that actually work.
- Defined trigger. What event constitutes an escalation. SLA breach by X%, P1 incident open Y hours, financial dispute over Z.
- Defined path. Who escalates to whom, in what order, with what evidence. No skipping.
- Time-bound resolution targets. Each escalation tier has its own SLA.
- Logged and reviewed. Every escalation generates a record that is reviewed at Tier 2 and rolls up to Tier 3 if it recurs.
Escalations are not a sign of relationship failure. The absence of escalations in a relationship that is materially under-performing is the failure.
The vendor governance scorecard.
Five dimensions, scored monthly for tier-1 strategic vendors:
- Delivery (SLA verified vs contracted)
- Commercial (spend on plan, billing accuracy, savings vs benchmark)
- Risk (security incidents, financial signals, key-person changes)
- Relationship (responsiveness, escalation history, governance attendance)
- Innovation (roadmap delivery, joint planning, capability brought)
Weighted by segment. Visible to both sides. Reviewed at every Tier 3 forum. Vendors who know how they are scored manage their behaviour accordingly.
Governance after outsourcing: the playbook most companies ignore.
The single most damaging assumption in IT outsourcing is that, having transferred the work, the buyer has also transferred the governance. They haven't. Outsourcing transfers execution; governance has to be built deliberately on the buyer side, often by a function that didn't exist before the deal was signed. Without it, the value of the outsourcing decays on the same 18-month curve, only with less visibility because the buyer no longer touches the work.
How Aventario approaches this.
Our Vendor Management-as-a-Service engagement designs the governance model and runs it through the first one or two cycles, then hands over the operating model to the client team. The deliverable is a working three-tier governance capability, not a deck that describes one. Where the client prefers, we stay in the seat as an outsourced vendor management office.
FAQ.
What is IT vendor governance?
The structured set of forums, scorecards, escalation paths, and contractual mechanisms that hold IT vendors accountable to the performance their contracts promise.
What is the Three-Tier Governance Model?
Aventario's governance framework: Tier 1 (operational, weekly), Tier 2 (managerial, monthly), Tier 3 (strategic, quarterly). The discipline is that nothing skips a tier.
Why does vendor performance decay?
In the absence of active governance, vendor account-team attention shifts to newer deals, internal knowledge degrades, and SLA reports drift toward optimistic. The pattern is consistent enough that we treat it as a planning assumption.
Julian Robida is Research Lead at Aventario. Markus Jaksch (COO) contributed expert input drawn from 25+ years of running IT engagements across pharma, automotive, financial services, and the public sector. Aventario is a boutique consultancy in Vienna; we have negotiated over €3B in IT contract volume and delivered more than 500 engagements across DACH and beyond.
