When a major supermarket chain engaged ISG to benchmark their business process outsourcing relationship, the conversation quickly expanded beyond pricing comparisons. Their operations leadership pulled us aside and asked a question we hear often: “Okay, we know what we’re paying, but how do we actually manage a contract this large?”
It’s the right question, and it deserves a practitioner’s answer – not a theoretical blueprint. The honest answer is this: best-practice vendor management is a comprehensive discipline.
Governance structures, risk management, performance cadences, escalation protocols, relationship management – all of it matters. But when an enterprise asks where to start, two tools go into the rollout kit before anything else. And both begin with the same instruction: read the contract.
Tool #1: Deliverable Extraction — Know What You Are Owed
Most clients in large BPO relationships cannot readily answer this question: What is my provider contractually obligated to deliver, in what form, and by when?
Not because they haven’t read the contract — but because deliverables are buried across statements of work, schedules, amendments and transition plans, written in provider-friendly language that obscures accountability.
Deliverable extraction is the discipline of pulling every contractual obligation into a structured, trackable inventory. Done right, it serves two purposes that most organizations don’t anticipate:
Compliance tracking: Are you receiving what you contracted for?
Operational readiness: Are you, as the client, positioned to actually consume it?
A common example involves refining, maintaining and compliance reporting for configuration management database (CMDB) – all items that providers routinely take on. But the questions enterprises rarely ask upfront are the ones that matter most: Is the refinement aligned to your agreed standards? Does it account for future initiatives that may change how assets need to be reported? Does the compliance reporting give you the visibility required to make decisions across the IT environment? And, critically, is your own organization ready to shift from a CMDB maintenance role to one that drives requirements and connects the CMDB to business strategy, including a forward-looking view of how it supports future initiatives?
If the answer to any of these is no, then no matter how strong the contract or the supplier, problems will follow.
This is the underappreciated insight of deliverable extraction: it doesn’t just hold the provider accountable. It holds a mirror up to the client organization and surfaces the operational adjustments needed to take full advantage of what the provider is contracted to deliver.
Tool #2: SLA Tracking — It’s Not as Simple as a Spreadsheet
Every client we work with has some version of an SLA tracker, but having a report is not the same as understanding performance.
SLAs in large contracts are not pass/fail checkboxes. They carry specific calculation methodologies – measurement windows, exclusion criteria, weighting factors, cure periods and credit formulas – that are easy to misread and expensive to misapply. A provider can appear to be meeting a metric while technically breaching it or appear to be in breach when the contract’s own algorithm would excuse the variance.
Before you build any dashboard, you need to do the work of clarifying and aligning the actual algorithms.
You cannot govern what you haven’t inventoried, and you cannot measure what you haven’t defined.
Where enterprises struggle most is in defining the actual algorithm behind an SLA. Language that reads cleanly in a contract – i.e., “response time shall not exceed three minutes in the aggregate” – rarely accounts for the variables that show up in practice: hold time, resource group transfers, escalated situations, seasonal surges. None of these are edge cases; they are everyday operational realities. Until the tracker reflects not just targets and ratings but also the underlying data inputs and calculation logic, you are measuring something — just not necessarily what the contract requires.
This kind of contractual ambiguity is not always intentional, but it always advantages the party that has read more carefully. The clarification exercise often requires legal alignment, and it frequently surfaces language that should be addressed in the next amendment cycle.
What Mature Vendor Governance Looks Like
These two tools – deliverable extraction and SLA algorithm clarification – are not the entire best-practice suite. Mature vendor governance also requires performance review cadences, risk escalation frameworks, change control discipline, relationship tiering and more. But they are the foundation.
When a client asks, “How do I start?” — this is where I tell them to start.
ISG helps enterprises assess their supplier performance and their governance maturity so they can build the right governance structures for their business. Contact us to find out how we can help you.
About the author
