Operations: Procurement and Vendor Management
Learn how companies systematically buy software, services, and equipment—preventing unauthorized spending, managing vendor risks, and controlling costs. ---
What Is This?
Procurement (also called "purchasing") is the formal process by which a company buys goods and services. It includes deciding what to buy, who to buy from, negotiating terms, executing contracts, and tracking that the right thing was actually delivered.
---
Why Does It Exist?
The business problem it solves:
Imagine a company with 50 employees. Without a procurement process:
- Employee A buys a project management tool with the company card without telling anyone
- Employee B buys the exact same tool because they don't know Employee A already did
- Employee C buys a third tool that does the same thing
- The company is paying for 3 subscriptions ($300/month total) for one function
- Nobody knows what data is being shared with which vendor
- The CEO realizes they're hemorrhaging money on duplicate tools
Without procurement:
- Duplicate spending: buying the same tool three times
- Shadow IT: employees buying things the company doesn't know about
- Security risks: buying from vendors without checking if they're secure
- Fraud risks: paying invoices from "vendors" that don't exist
- Broken contracts: getting locked into auto-renewals nobody negotiated
- No visibility: "How much are we spending on software?" = nobody knows
With procurement:
- Every purchase is tracked in a central system
- Duplicates are detected before you buy ("we already have this tool, use that instead")
- Vendors are vetted for security before we give them access to our data
- Contracts are reviewed for hidden clauses
- Purchasing authority is enforced (a $5,000 purchase goes through different approval than a $100 purchase)
- Spending is visible: "here's exactly how much we spent on software this year"
---
Real-Life Example
A marketing agency's procurement disaster, then fix:
Without process:
- Designer buys Adobe CC subscription ($55/month): approved by herself
- Marketer buys Canva for Teams ($120/month): nobody checks if we already have design tools
- Manager buys a freelancer tool without IT vetting it; turns out it doesn't encrypt data in transit
- Company ends up with 4 different project management tools because nobody has a central list
- Quarterly software bill is $8,000 and nobody knows why
- CFO asks "where is all our software money going?" → 3-week investigation to piece it together
With process:
- Designer submits purchase request for Adobe: IT checks—we don't have it, approve
- Marketer submits for Canva: IT checks—we have Adobe which includes Canva, deny
- Manager wants to use a freelancer tool: IT vets it for security, needs small adjustment to contract, gets CEO sign-off
- All software purchases go into a central SaaS management system
- IT quarterly report: "We're spending $3,500/month on software, here's where it goes, here are the renewal dates coming up"
Result: Same company, same headcount. One scenario is chaotic and expensive. The other is controlled and optimized.
---
Step-by-Step Workflow
Step 1: Someone Identifies a Need
An employee (or department) realizes: "We need a new tool to solve problem X."
They submit a purchase request that includes:
- What tool/vendor they want
- Why they need it
- How much it costs
- When they need it by
Step 2: Budget Verification
Finance checks: "Is there money in the budget for this?"
- If yes: move forward
- If no: deny or suggest waiting until next budget period
Step 3: Duplicate and Alternative Check
Operations checks: "Do we already have a tool that does this?"
- If yes: "Use the existing tool instead"
- If no: move forward
Step 4: Vendor Due Diligence
For new vendors, the company asks:
- How secure are you? (Do you have SOC 2 certification?)
- How reliable are you? (What's your uptime guarantee?)
- What data of ours will you access?
- How long have you been in business?
Step 5: Contract Review
Legal or Operations reviews the contract for:
- Auto-renewal clauses (will it automatically renew at the end of the term?)
- Price increases (can they raise prices mid-contract?)
- Data ownership (who owns the data we upload?)
- Liability (if something goes wrong, what are we liable for?)
- Termination (can we cancel early? What are the penalties?)
Step 6: Negotiation
If the contract has unfavorable terms, the company negotiates:
- Asking for a discount
- Removing auto-renewal
- Limiting price increases
- Clarifying data ownership
Step 7: Approval and Signature
Once everything is agreed:
- The contract is signed (usually digitally via e-signature)
- Approval is documented: "Approved by CFO on [date]"
Step 8: PO (Purchase Order) Generation
Finance generates a formal Purchase Order that includes:
- Vendor name and billing address
- What's being purchased
- Cost
- Terms (payment due date, etc.)
- PO number
This PO is sent to the vendor. It's the official authorization to deliver/provide the service.
Step 9: SaaS Inventory Logging
For software, the tool is logged in a SaaS management system:
- Vendor name
- Cost
- Renewal date
- Who has access
- What data we're sharing with them
Step 10: Renewal Tracking
As renewal dates approach:
- Automatic reminders are sent to the person who requested it: "Your Adobe subscription renews in 30 days. Do you still need it?"
- If they say no, the subscription is canceled
- If they say yes, renewal goes through
---
Where Time Gets Wasted (Common Bottlenecks)
Shadow IT (Rogue Purchases)
Employees buy software tools on their personal credit cards or the company card without going through procurement. The company discovers them months later on credit card statements.
The procurement process feels slow and bureaucratic. Employee thinks "it's only $20/month, easier to just buy it."
Duplicate spending, security risks, audit problems.
---
Slow Approval Chains
A simple $500 software purchase requires approval from 4 different people. Each one has it for 2 days. Simple purchase takes 2 weeks.
Overly rigid approval structures; people don't check their email frequently.
Employee is blocked waiting for tool; frustration grows; they might buy it unauthorized.
---
Contract Negotiation Delays
Vendor sends a contract. Legal reviews it. Legal proposes changes. Vendor takes a week to respond. Legal reviews again. This process takes 6 weeks.
Email-based negotiation; unclear who is responsible for responding; no version control.
Deal is delayed; opportunity window might close.
---
Duplicate Tool Subscriptions
Finance doesn't know what software the company has. Three teams buy three different project management tools.
No central inventory; no check for existing tools before purchasing.
Paying for the same function three times; wasted license seats; team fragmentation.
---
What Can Be Automated?
Automation 1: Duplicate Tool Detection
When someone requests a new tool, the system checks the SaaS inventory and alerts if a similar tool is already owned.
Someone manually searches past purchasing to see if a tool like this exists.
Request submitted → system searches inventory → if match found: "We already have [tool]. Use that instead."
Example:
- Employee requests Asana → system searches → finds we have ClickUp → alerts requester
- Employee requests Canva → system finds we have Adobe (includes Canva) → alerts requester
Automation 2: Automated Vendor Document Requests
When a vendor is new to the company, an automated request is sent asking for: security certificate, insurance certificate, tax ID, etc.
Someone manually emails the vendor with a checklist of documents needed.
Vendor added to procurement system → automated email sent with document request → vendor uploads documents → system tracks what's been received.
Automation 3: Credit Card Statement Scanning
Monthly credit card statements are scanned automatically for unauthorized SaaS subscriptions.
Someone manually reviews credit card statements looking for subscriptions.
Credit card statement uploaded → system identifies recurring charges → flags charges that aren't in the SaaS inventory → alerts CFO.
Example:
- Zapier sees a charge to Slack from a different email account than the one they know about
- Charge flagged: "Unauthorized Slack subscription ($99/month)?"
- Operations investigates and finds a team member bought it personally
Automation 4: PO Auto-Generation
When a contract is signed, a purchase order is automatically generated in the accounting system.
Someone manually types up a PO based on the signed contract.
Contract signed → system reads the contract → generates PO automatically with vendor info, cost, terms → PO is sent to vendor.
What AI Can Do
AI Opportunity 1: Contract Risk Review
AI reads a contract and flags risky or unusual terms automatically.
Lawyer reads contract manually and highlights concerns.
AI reads contract → highlights: auto-renewal clauses, price increase language, unusual liability terms, non-standard data ownership, etc. → lawyer reviews AI's findings (faster than reading whole contract).
AI Opportunity 2: Security Questionnaire Pre-Fill
AI reads a vendor's past security questionnaire responses and auto-fills a new vendor's questionnaire.
Someone manually fills out the 50-question security questionnaire for each new vendor.
AI has seen 20 vendors' responses to "How do you encrypt data in transit?" → when Vendor 21 is asked, AI suggests: "We use TLS 1.2 encryption for all data in transit" (based on common practice).
AI Opportunity 3: Vendor Performance Scoring
AI monitors vendor uptime, response times, and SLA compliance → generates a health score quarterly.
Manual tracking of vendor performance; hard to see trends.
System tracks: vendor uptime (from logs) → response time to tickets → SLA violations → generates quarterly score: "Adobe: 98% uptime, 100% SLA compliance, Grade A."
Beginner Project
Set up a basic procurement system with request form and approval.
Tools Required
- Intake form: Google Forms or Typeform
- Automation platform: Zapier
- Communication tool: Slack or Email
- Spreadsheet: Google Sheets for tracking
The setup:
- Create a form: "Purchase Request"
- Fields: what do you want to buy? Cost? Why? When do you need it by?
- Create a Google Sheet to track requests
- In Zapier: form submission → add row to Google Sheet → send Slack alert to the manager
- When manager approves (via email or Sheet update): send confirmation to requester
What you'll learn:
- How to build a basic request form
- Form → spreadsheet → notification workflow
- Manual approval workflow
Success metrics:
- All purchase requests go through the form (no ad-hoc emails)
- Nothing gets lost (all requests are tracked in one place)
- Manager is notified of requests and can approve/deny
---
What You'll Learn
- How to build a basic request form
- Form → spreadsheet → notification workflow
- Manual approval workflow
Success Metrics
- All purchase requests go through the form (no ad-hoc emails)
- Nothing gets lost (all requests are tracked in one place)
- Manager is notified of requests and can approve/deny
---
Step-by-Step Build Instructions
Advanced Project
Build a full procurement system with duplicate detection, vendor vetting, contract management, and PO generation.
```
Purchase Request Submitted
↓
Budget Verification (Finance checks)
↓
Duplicate Check (Do we already have this tool?)
↓
If New Vendor:
├─ Vendor Vetting (Security questionnaire, insurance check)
├─ Contract Review (Legal reviews for risky terms)
└─ Contract Negotiation (back-and-forth if needed)
↓
Approval (Manager approves based on budget and vetting)
↓
Contract Signature (e-signature)
↓
PO Generation (Accounting system)
↓
SaaS Inventory Logging (Track for renewal)
↓
Vendor Onboarding
↓
Invoice Approval (when bill arrives)
```Tools Required
- Intake portal: Zip Intake or Typeform
- SaaS management: Josys or Vanta
- Contract management: Ironclad or DocuSign
- Accounting software: NetSuite or QuickBooks
- Automation platform: Make or Workato
- Communication: Slack
What You'll Learn
- End-to-end procurement automation
- Multi-step approval workflows
- System integrations
- Inventory management
- Contract lifecycle management
- Risk management
Success Metrics
- 100% of software purchases go through procurement (zero shadow IT detected)
- Average procurement cycle time < 5 business days
- Zero duplicate tools purchased
- SaaS spending visibility: can explain every dollar spent
- Zero risky contract terms are signed unknowingly
---
Step-by-Step Build Instructions
- Set up SaaS inventory: In your chosen tool (Josys, Vanta, or even a Google Sheet), create a list of all current tools:
- Vendor name, cost/month, renewal date, owner, access level
- Build the request form: Create a form that captures:
- What tool? Why? Cost? When needed? Requested by whom?
- Create duplicate check logic:
- Request submitted → automation searches SaaS inventory
- If tool exists: alert requester and request owner (e.g., "Adobe already exists; ask John")
- If new: proceed to vetting
- Create vendor vetting flow:
- Automated email sent to vendor: "Please provide security certificate, insurance certificate, tax ID"
- Vendor uploads documents
- Manual review by ops (or automated check via AI)
- Create contract workflow:
- Contract sent to vendor
- Vendor returns signed contract
- Contract uploaded to system
- AI or manual review for risky terms
- If issues found: negotiation loop
- Once approved: move to PO stage
- Set up PO generation:
- Contract signed → information auto-extracted
- PO generated in accounting software
- PO sent to vendor via email
- Accounting records it in ledger
- Create SaaS tracking:
- New tool added to inventory
- Renewal date is set in a calendar
- 30-day reminder is set: "Tool X renews on [date]. Do you still need it?"
- Create credit card statement monitoring:
- Monthly credit card statement downloaded
- Charges compared to SaaS inventory
- Unmatched charges flagged for investigation