The (Really) Simple Contract Management Blog

    Vendor Contract Management Starts With One List

    Vendor Contract Management Starts With One List

    A few years ago I inherited a vendor portfolio from someone who had left the company three weeks before I started. There was no handoff. There was a shared drive folder called “Vendors” with 312 PDFs in it, a spreadsheet that hadn’t been touched since the previous fiscal year, and an email from the CFO that read, in full: “What are we spending on Iron Mountain and why?”

    I did not know what we were spending on Iron Mountain. I did not know who owned the relationship. I did not know when the contract renewed. I knew it existed, because I could see the PDF.

    That is vendor contract management in most companies. Not a strategy problem. A “where is the actual information” problem.

    The thing nobody tells you

    You do not need a vendor management platform. You do not need a third-party risk module. You do not need an integrated procurement suite with AI-assisted spend analytics.

    You need one list.

    One list that tells you, for every vendor you have a contract with: how much you pay them, when the contract ends, what they’re supposed to deliver, who at your company actually owns the relationship, how much pain it would cause if they disappeared tomorrow, and what you need to do next.

    That’s it. That’s the whole job at the start. Everything else, every fancier system you build later, is a refinement of that list.

    Why this gets ignored

    Infographic showing a vendor contract management list with active vendors, spend alerts, renewals, SLAs, and replacement decisions

    In normal companies, vendor contracts arrive through the path of least resistance. Sales bought the demo tool. Marketing signed up for the email platform. The CEO knows someone at the consulting firm. Finance has the AP record. Legal redlined the MSA at some point and then closed the file.

    Nobody owns the whole picture. The contracts live in five different places, in five different formats, with five different naming conventions. The renewal dates live in calendars that belong to people who may or may not still work there.

    The result is exactly what you’d expect. Auto-renewals fire without anyone noticing. Vendors deliver less than promised because nobody is checking. Spend creeps up because nobody is comparing this year’s invoice to last year’s contract. The CFO asks a simple question and nobody has a simple answer.

    What the list looks like

    Here is the list I built that first month, and a version of it has followed me to every job since. It lives in a spreadsheet. It has one row per vendor contract. It has these columns:

    • Vendor — the company name, not the product
    • Contract type — MSA, SaaS, services, NDA, lease, whatever
    • Annual spend — what we actually pay them per year, in dollars
    • Start date — when the current term began
    • End date — when the current term ends
    • Renewal type — auto-renew, manual, evergreen, or one-time
    • Notice deadline — the date by which I must act if I want out
    • SLA / key obligation — the one or two things they promised to do
    • Internal owner — the person at our company responsible for the relationship
    • Risk tier — high, medium, or low (more on this in a second)
    • Next action — the one thing that needs to happen next, with a date

    Eleven columns. That is the entire system.

    You can build it in Google Sheets in an afternoon. You can build it in Excel if your company doesn’t allow Google Sheets. You can build it on a whiteboard if you only have eight vendors. The format does not matter. The discipline matters.

    How to fill it in without losing a month

    You do not need to read every contract on day one. That is the trap. People sit down to build the list, open the first PDF, get pulled into the indemnification language, and resurface three hours later having processed exactly one vendor.

    Here is the order I work in. Start with the AP report. Pull the last twelve months of vendor payments from finance. Sort by dollar amount. Anything you paid more than a few thousand dollars to gets a row on the list. Anything trivial can wait.

    For each vendor on that short list, pull the most recent signed contract from wherever it lives. You only need four things from the document: start date, end date, renewal language, and the obligation that matters most. Write those down. Move on. The full read-through happens later, when you have time, or when something goes wrong.

    Then ask the obvious question for each row: who at our company owns this? If nobody knows, that is itself a finding. Put your own name in the owner column as a placeholder and chase it down later.

    The risk tier column is the one people skip

    Risk tier is the column that does the most work and gets ignored the most often. People skip it because it feels subjective. It is subjective. Do it anyway.

    Here is my version. High means if this vendor failed tomorrow, we’d be in a real mess inside a week. Think payroll, hosting, your core product platform, anything with our customer data, anything healthcare or compliance-adjacent. Medium means we’d feel it inside a month but we’d survive. Low means we’d shrug and find a replacement.

    The point of the column is not to be precise. The point is to make sure that when you have one hour to work on vendor stuff this week, you spend it on the high-tier rows, not on the office snack subscription.

    I’ve watched contract managers spend two days arguing about a $4,000 SaaS renewal while the $400,000 hosting contract drifted into auto-renewal because nobody had labeled it as the more important problem.

    The next action column is the one that keeps the list alive

    A list without a next action column dies. I have watched this happen many times. Someone builds a beautiful vendor inventory. Sixty rows, color-coded, dropdowns, the works. Three months later, nobody has opened it.

    The next action column fixes this. Every row must have something in it. “Confirm owner with finance by 6/1.” “Request updated SLA report by 6/15.” “Renewal decision needed by 8/30.” “Nothing this quarter, revisit in October.”

    That last one is allowed. “Nothing right now” is a legitimate next action, as long as you put a date on it.

    When you sort the list by the next action date, you have a working to-do queue. That is the difference between a list that runs vendor contracts and a list that just sits there describing them.

    What to do about renewals before you do anything else

    The single highest-value thing you can do in your first two weeks is find every auto-renewal clause and put the notice deadline on a calendar.

    Not the renewal date. The notice deadline. The date by which you must give written notice if you want to cancel or renegotiate. This is almost always earlier than the renewal date, often by 60 or 90 days, and it is where companies get burned.

    I wrote about this in more detail in my renewal tracking post, but the short version is: if the contract renews on December 31 and the notice window is 90 days, your real deadline is October 2. Put October 2 on the calendar. Set the alert for September 1. Do this for every high and medium vendor before you do anything else with the list.

    What about SLAs?

    The SLA column is the one most people fill in once and never check. That is fine for the first pass. The first pass is just about knowing what was promised.

    The real question is whether anyone is measuring the promise. For a hosting vendor, is somebody pulling the monthly uptime report? For a managed services vendor, is somebody tracking ticket response times? For a printer leasing company, is somebody noticing when they take four days to fix a jam?

    The answer is usually no. The contract has the SLA. Nobody compares the SLA to actual performance. The vendor knows this. They count on it.

    Your list does not need to solve this on day one. Just write the SLA down. Then, when you get around to a vendor review, you’ll have something to measure against.

    The low-tech version works

    I want to be clear that I am describing a spreadsheet. A single, shared spreadsheet, with the eleven columns above, that someone keeps current.

    You can graduate to software later. A real contract repository with search, alerts, and permissions will save you time once you cross a hundred or so active vendor contracts. But you should never buy software to replace a process you don’t yet have. You’ll just end up with an expensive empty database.

    Build the spreadsheet first. Run it for ninety days. If it’s working but starting to creak under the weight, that is the right moment to look at tools. If it’s not working because nobody is updating it, software will not fix that.

    What to do this week

    Pull last year’s AP report. Identify your top thirty vendors by spend. Build the eleven-column spreadsheet. Fill in the rows for those thirty.

    Don’t read the full contracts yet. Just capture the four things from each one: start date, end date, renewal language, key obligation. Tag the risk tier. Name an owner. Write a next action with a date.

    That’s a one-week project for one person. At the end of it you will know more about your vendor contracts than 80% of the companies I’ve walked into. The CFO question, whatever this year’s version of the Iron Mountain question is, will have an answer.

    The list is the system. Everything else is just maintenance.

    I’m Dave, and I write about contract management the way it actually works. No jargon, no sales pitch, just what I’ve learned from 15+ years of doing this job. If this was useful, stick around.

    Dave

    Leave a Reply

    Your email address will not be published. Required fields are marked *