Across Aventario's 500+ engagement base, organizations consistently self-assess one stage higher on the Vendor Management Maturity Model than independent assessment confirms. The reason is straightforward: the artefacts of higher maturity (a contract repository, a scorecard, a governance forum on the calendar) are easier to produce than the operational discipline that makes them work. A practical assessment looks at the operational discipline, not the artefacts.
Why honest assessment matters.
The most common starting position for a vendor management transformation is overconfidence about the current state. The artefacts of mature vendor management are everywhere: SharePoint folders full of contracts, scorecards in BI tools, quarterly business reviews on the calendar, risk registers in Excel. The artefacts exist; the discipline that makes them produce value frequently does not.
An honest assessment looks past the artefacts and asks operational questions. Twenty-five of them, organized across the five capability dimensions that decide actual vendor management performance.
Dimension 1 — Portfolio visibility (5 questions).
- Can finance answer "what is total spend with vendor X across the group" in under 10 minutes, including subsidiaries and shadow contracts?
- Is there a single source of truth on every active IT vendor, with annualized spend, contract end date, scope, and tier classification?
- Is the portfolio inventory refreshed at least quarterly and reconciled against finance master data?
- For your top 20 vendors, do you know — without asking the vendor — what their current rate card and pricing model are?
- Can you produce a portfolio-level concentration view (% of total spend with top 5, top 10) on demand?
Dimension 2 — Governance discipline (5 questions).
- For each tier-1 strategic vendor, is three-tier governance (operational, managerial, strategic) running on calendar with the contractually-specified attendees?
- Are SLA reports independently verified against ticket-level or telemetry data, not vendor-self-reported and accepted?
- Are scorecards reviewed at managerial governance with documented decisions, or do they arrive as status reports and depart unactioned?
- For tier-2 and tier-3 vendors, is there a lighter but consistently-applied governance model — not no model?
- Are escalation paths documented and used, including the trigger thresholds at which escalation is mandatory?
Dimension 3 — Commercial intelligence (5 questions).
- Is there a benchmark refresh schedule for tier-1 vendors, with documented results from the most recent cycle?
- Is run-rate-vs-baseline tracked as a standing KPI, with cumulative change-request uplift broken out?
- For every active contract, is the renewal date visible 12+ months in advance, with a structured decision (renew, renegotiate, retender, exit) recorded?
- Has at least one structured benchmark-driven renegotiation been executed in the last 12 months?
- Do you have access to current market pricing data — internal or external — for the top five service categories you procure?
Dimension 4 — Risk management (5 questions).
- Is there a risk register for tier-1 strategic vendors covering all seven categories (financial, operational, security, regulatory, concentration, exit, reputational)?
- Is the risk register reviewed monthly at managerial governance, with material movements escalated?
- For each tier-1 vendor, do you know what the cost and timeline of replacing them would be?
- Is concentration risk visible at the portfolio level, with a deliberate target for top-vendor concentration?
- Have you, in the last 24 months, made a vendor-replacement or scope-rebalancing decision driven by the risk register?
Dimension 5 — Capability and tooling (5 questions).
- Is there a named, accountable owner for vendor management — a function, not a side responsibility — reporting to an executive sponsor?
- Does the function have dedicated capacity, not just goodwill from procurement or IT operations?
- Is there a contract repository / CLM tool actively used, not just a SharePoint folder that nobody opens?
- Is performance data captured systematically, not assembled manually for each governance meeting?
- If the most senior vendor manager left tomorrow, how much institutional knowledge would walk out the door?
Scoring.
| Yes answers | Maturity stage | Implication |
|---|---|---|
| 0–5 | Stage 1 — Reactive | No function. Each relationship is managed by whoever contracted it. |
| 6–11 | Stage 2 — Defined | Procurement exists; some governance for tier-1; renewals discovered late. |
| 12–17 | Stage 3 — Managed | VMO exists; three-tier governance for strategic vendors; independent verification. |
| 18–22 | Stage 4 — Integrated | CLM/SRM tooling deployed; benchmark data flows; risk register monitored continuously. |
| 23–25 | Stage 5 — Optimized | Predictive analytics; strategic vendor integration; joint innovation programs. |
Distribution across our assessment base: roughly 15% at Stage 1, 45% at Stage 2, 30% at Stage 3, 10% at Stages 4–5 combined.
The structural moves between stages.
Stage 1 → 2 (typically 6–9 months).
Stand up the basic procurement discipline. Centralize the contract repository. Establish a renewal calendar. Begin distinguishing strategic from tactical vendors. This is mostly about visibility — knowing what you have.
Stage 2 → 3 (typically 12–18 months).
The hardest jump. Stand up a dedicated vendor management function with explicit accountability. Implement three-tier governance for strategic vendors. Begin independent SLA verification. Build the seven-category risk register. This is where most organizations stall because it requires creating a function, not just adding artefacts.
Stage 3 → 4 (typically 12–24 months).
Tool the function. Implement CLM and SRM platforms. Build the data plumbing that lets performance data flow automatically. Integrate vendor management with category strategy, finance, and risk. The constraint at this stage is usually IT investment for the tooling, not the operational discipline (which already exists from Stage 3).
Stage 4 → 5 (rare).
Move from reactive risk management to predictive. Integrate vendor roadmaps into the buyer's strategic roadmap. Joint innovation programs with strategic vendors. Most organizations do not need to reach Stage 5; it is only economically justified where vendor performance is existentially material to the business.
What honest assessment usually reveals.
Most DACH mid-cap organizations score 9–14 on this assessment — Stage 2 with elements of Stage 3, or low Stage 3. Self-assessment, before independent verification, typically lands one full stage higher.
The most common pattern is a Stage 3 score on Capability and Tooling (the visible artefacts) combined with a Stage 2 score on Governance Discipline (the invisible operational reality). The fix is rarely about adding artefacts; it is about making the existing artefacts produce decisions.
FAQ.
Where do most organizations score?
Roughly 75% of DACH mid-caps score in Stage 2 or low Stage 3 (6–14 yes answers). Self-assessment is typically one full stage higher than independent assessment confirms.
What's the hardest stage transition?
Stage 2 to Stage 3. It requires creating a dedicated vendor management function with operational discipline — not just adding governance artefacts on top of existing procurement.
Should every organization aim for Stage 5?
No. Stage 5 is only economically justified where vendor performance is existentially material to the business. For most mid-caps, late Stage 3 to early Stage 4 is the right target — and the typical 18–36 month achievable horizon.
