Why vendor selections go wrong
The most common failure mode in vendor selection is not picking the wrong vendor. It is being unable to defend the pick. Six months after the contract is signed, when implementation hits its inevitable problems, the question that returns is: "why did we choose them?" If the answer is "the team felt good about it" or "they had the slickest demo," the conversation that follows is uncomfortable for everyone.
A defensible vendor selection produces a memo that answers the question once, with evidence, before the contract is signed. The memo does not have to prove the choice was perfect. It has to show the choice was reasoned. That difference is what separates organisations where vendor decisions stick from organisations where every vendor decision becomes a litigation of the previous one.
The five steps of a defensible process
1. Define the requirement, not the wishlist
Most vendor selections fail at this step because the requirement is written as a list of features rather than a description of what the organisation needs the vendor to do. "Must support SSO" is a feature; "must integrate with our existing identity provider without a separate user lifecycle" is a requirement. Features make every vendor look qualified. Requirements force vendors to demonstrate they can actually meet your operating context.
The discipline that pays off is writing the requirement in business outcomes, then translating to features only where necessary. "The team must be able to resolve customer tickets in under five minutes from receipt, including identity verification" is a requirement. "Must support SSO, automated routing, and case templates" is the feature list that follows from it.
2. Set weighted criteria before you see the vendors
This step matters more than any other for objectivity. Define the criteria, set the weights, and write down what "good" looks like for each, all before any vendor demo. If you wait until after the demos to set criteria, you will unconsciously bias the criteria toward the vendor you already prefer. This is one of the best-documented patterns in behavioural decision-making.
Six to eight criteria is the right number. Fewer than five oversimplifies; more than ten dilutes the weights so much that nothing distinguishes the vendors. A defensible default for software vendor selection is:
| Criterion | Typical weight | What "good" looks like |
|---|---|---|
| Functional fit | 25% | Covers required features without heavy customisation |
| Total cost of ownership | 20% | Predictable pricing, no penalty clauses |
| Implementation risk | 15% | Realistic timeline, references for similar rollouts |
| Security and compliance | 15% | SOC 2 or ISO 27001, regional data residency |
| Support and SLA | 15% | Documented SLAs, named CSM, business-hour cover |
| Vendor stability | 10% | Funded, growing customer base, predictable roadmap |
Adjust the weights to your situation. A regulated business will weight security at 25% or more. A small team will weight implementation risk and support higher than total cost. The weights are the place where the organisation's actual priorities should show through.
3. Compute three-year total cost of ownership
Comparing vendors on sticker price is the second-most common cause of regret in vendor decisions. The vendor who looks cheapest in year one often has the highest TCO once implementation, internal effort, and ongoing support are added. A defensible vendor selection compares TCO over a three-year horizon, broken down into:
- One-off implementation. Vendor implementation fees, professional services, data migration, custom integration work.
- Year 1 licence or subscription. Including any first-year discounts; note them as discounts, not as the steady-state price.
- Year 2 and Year 3 licence or subscription. Including the auto-renewal pricing if known, with assumed escalation if not.
- Internal effort. Estimate the full-time-equivalent days your team will spend on implementation and ongoing administration, multiplied by your loaded daily rate. Often the largest hidden cost.
The TCO comparison is what reveals the real cost structure. A vendor charging $40,000 per year with $20,000 implementation may have a three-year TCO of $140,000 once internal effort is added; a vendor charging $25,000 per year with $80,000 implementation may have a three-year TCO of $155,000 once their longer roll-out absorbs more internal time. Sticker price would have called the second vendor cheaper. TCO calls the truth.
4. Score, then risk-adjust
Score each vendor 1 to 5 against each criterion. 1 means does not meet; 3 means meets; 5 means exceeds. Calculate the weighted total. Then list two or three risks specific to your top one or two vendors: implementation risk specific to their architecture, contractual lock-in, key-person risk in their support team. Assign each risk a likelihood and a dollar impact. The expected monetary value (likelihood times impact) is your risk-adjusted view.
The vendor with the highest raw weighted score is not always the right pick once risk is included. A clear weighted leader with a serious unmitigated risk often deserves to lose to a slightly lower-scoring vendor whose risks are more controllable. The memo that explains this trade-off explicitly will defend the decision in ways a pure score ranking cannot.
5. Write the memo
The memo is the artifact of the decision, not a formality after it. It exists because in two years, when the vendor relationship is being reviewed, the people in the room will want to know why this vendor was chosen. The memo is the answer.
What goes in the vendor selection memo
Four pages is enough for most decisions.
Page 1: Executive summary and ranking
The recommendation in one sentence. The ranking table showing all shortlisted vendors with weighted score, TCO, risk EMV, and adjusted score. The one-paragraph "why now" that frames the decision context.
Page 2: Weighted scoring matrix
Each criterion against each vendor, with weight, score, and weighted contribution. Followed by a short description of what "good" looked like for each criterion. This is the page that proves the scoring was structured, not gut feel.
Page 3: TCO and risk
The three-year cost comparison across all shortlisted vendors, broken down into the four cost lines. Followed by the risk register for the leading vendor with likelihood, impact, and mitigation. This is the page that proves the financial and operational analysis was complete.
Page 4: Recommendation and decision record
The formal recommendation, the rationale paragraph, and the decision record (owner, assumptions to revisit, review date). The decision record is the part that future-proofs the decision. When the vendor relationship is reviewed in 18 months, this record is the starting point.
The two questions reviewers will ask
Every vendor selection memo eventually faces two questions from a senior reviewer. "Why this vendor over the runner-up?" and "What changes the answer?" A memo that answers both questions explicitly, in writing, ends most procurement debates before they start.
Four mistakes that weaken vendor selections
1. Demos before criteria
Watching vendor demos before defining what you are evaluating is the most common bias trap. Even experienced procurement teams shift their criteria after demos to favour vendors who presented well. Define criteria and weights first, then run demos against the criteria, then score.
2. Single-year cost comparisons
Comparing only year-one pricing rewards vendors who discount aggressively to win the deal and recover margin later. Compare on three-year TCO including implementation and internal effort. The ranking often reorders.
3. No do-nothing or incumbent baseline
If the incumbent is not in the comparison, the case for switching is incomplete. Even when the incumbent will clearly not win, scoring them forces the team to articulate why a change is worth the disruption. "Continue with current vendor" is the equivalent of the do-nothing option in a business case.
4. Risks named but not mitigated
A risk register that lists risks without mitigation is a risk register that lost its nerve. For each risk, name the action you will take, the trigger that fires it, and who owns it. An unmitigated risk on the page invites the reviewer to either reject the recommendation or stall it pending more analysis.
Run the comparison in fifteen minutes, not three meetings.
The SocraticFlow Vendor Selection Memo Builder takes your weighted criteria, vendor scores, TCO, and risks, and produces a four-page memo with the matrix, TCO table, and decision record. Free to use; the audit-ready PDF is $39 at launch, $29 for founding members on the waitlist.
Try the Vendor Selection Memo Builder →