IT Vendor Selection in Nigeria: Common Mistakes and How to Avoid Them
Three months after paying 70% upfront, the software development company stopped responding. The website was still half-built, the code barely documented, and the “launch date” kept shifting by another two weeks. Then they went completely silent.
This scenario plays out across Nigerian businesses constantly. A fintech loses six months and ₦8 million to unusable code. A manufacturing company’s ERP system collapses because the vendor’s “experienced team” consisted of one overwhelmed developer. A healthcare facility’s patient system crashes weekly from oversold infrastructure.
Global breach reports consistently show that third-party vendors are responsible for a large share of data breaches, underscoring the importance of vendor selection as a critical security decision. The IBM Cost of a Data Breach Report tracks these patterns year after year.
The cost goes beyond money. It includes operational disruption, internal credibility damage, and the opportunity cost of delayed digital transformation. When you choose the wrong IT vendor, you waste the initial investment, the time spent managing the relationship, the time spent repeatedly explaining requirements, and eventually have to start over.
IT vendor selection in Nigeria demands more scrutiny than markets with mature vendor ecosystems. The stakes are higher, the risks more pronounced, and the consequences more severe.
Here’s how to choose IT vendors who will actually deliver.
The Real Cost of Choosing Wrong
Before examining what to look for, understand what poor vendor selection costs Nigerian businesses:
Project failures that require complete restarts. You lose what you paid the failed vendor, plus months of operational time, the cost of finding and onboarding a replacement vendor, and the internal resources spent managing the disaster. A ₦5 million project failure easily becomes a ₦15 million problem by the time you’ve fixed it.
Downtime and lost revenue. When your e-commerce platform crashes during a sales period because your hosting vendor oversold their infrastructure, you lose sales, customer trust, brand reputation, and create customer service nightmares that persist long after the technical issue is resolved. Proper business continuity planning accounts for vendor failures.
Internal credibility damage. When an IT project fails, the executive who championed it loses credibility with leadership. Board members question your judgment. Your CEO becomes skeptical of future technology initiatives. This internal political cost often exceeds the financial loss.
Vendor disappearance and money lost. Unlike established markets where failed vendors face reputational consequences and legal action, Nigerian vendors can simply shut down and reappear under a new name. Your ₦10 million deposit disappears with them, and legal recourse proves more expensive than the original loss.
A Lagos logistics company hired what appeared to be a solid development firm for their dispatch system. Portfolio looked impressive, proposal was detailed, and meetings were reassuring.
Four months in, features were incomplete, the interface didn’t match specs, and performance was poor. The vendor blamed “changing requirements” despite written documentation. After eight months and ₦12 million, the project was abandoned. The replacement vendor’s assessment: code so poorly structured that rebuilding cost less than fixing.
Total cost: ₦23 million and nearly a year lost. This pattern is common in Nigeria’s growing tech ecosystem, where rapid expansion has created both opportunities and risks.
This wasn’t inevitable. Warning signs existed during selection – the company just didn’t know what to look for.
What You Must Evaluate Before Hiring an IT Vendor
Vendor selection requires evaluating capability across multiple dimensions. Price matters, but it’s rarely the determining factor in project success.
A. Technical Capability You Can Verify
Portfolios mislead. Screenshots prove nothing. Demo environments don’t reflect production reality. Anyone can claim expertise in the latest technologies.
Verify technical capability through these approaches:
Request access to live systems they’ve built. Not screenshots or demos – actual working systems where you can test functionality and evaluate performance. If they hesitate, that’s a red flag. Be wary of vendors displaying impressive client logos when those engagements were minor. Ask for substantial work examples.
Ask specific technical questions. Competent vendors ask clarifying questions, identify challenges, and propose solutions. Incompetent ones confidently promise everything is “very simple” and “no problem.” Excessive confidence without probing questions indicates they don’t understand how involved the work actually is.
Speak to the people who will build your project. Sales teams are articulate. Developers reveal reality. If they won’t let you interview the technical team, assume the impressive “team” doesn’t exist.
Check code quality for software projects. If you have technical staff, review sample repositories. Even non-technical decision-makers can assess documentation quality and organization.
Look for specific relevant experience. A vendor who built five e-commerce sites understands e-commerce. One who built one e-commerce site plus various other projects may not. Depth matters more than breadth. For WordPress solutions, verify substantial WordPress experience, not just general web development.
B. Business Reliability and Stability
Technical competence means nothing if the vendor disappears mid-project or can’t sustain long-term support.
Why one-person operations require different evaluation. Solo developers and freelancers can be excellent choices for well-defined projects, ongoing maintenance, or specialized expertise. The key is matching the project scope to their capacity. A solo developer is perfect for building a company website or maintaining existing systems. They become risky when handling large, complex projects that require multiple skill sets or need guaranteed availability. Ask: Do they have backup arrangements if unavailable? How do they handle knowledge transfer? What’s their project load? Can they realistically deliver your timeline?
How to check vendor stability without financial statements. Visit their workspace if claiming a physical office. For remote freelancers and consultants, this matters less – many excellent developers work remotely. What matters more is an established online presence, a verifiable portfolio, client references, consistent communication patterns, and professional infrastructure (email, contracts, invoicing). The red flag isn’t virtual offices – it’s claiming to be a large team while operating as an individual, or having no verifiable business presence at all.
Verify their client retention and project completion rates. Long-term clients indicate reliability. Ask for references from clients they’ve worked with for more than two years. If all their references are from recent, short-term engagements, probe why.
Assess backup team depth. What happens if the lead developer or project manager leaves? Do they have documentation processes that allow knowledge transfer? Can they demonstrate redundancy in critical roles?
Check their vendor relationships. Ask who they use for hosting, payment processing, or other critical services. If they have established relationships with reputable providers, that’s a positive signal. If they’re evasive about their own vendors, that’s concerning.
C. Support, Communication, and Responsiveness
Support quality matters more than initial delivery. Systems need maintenance, updates, and troubleshooting. Poor support turns good implementations into long-term disasters.
Test responsiveness during sales. If they’re slow when trying to win business, expect worse after payment. Time their email responses and call returns. This is their best behavior.
What good support looks like. Ticketing systems define response times, escalation procedures, multiple channels, clear documentation, proper training, and regular check-ins. Understanding when to hire IT support helps evaluate these capabilities.
The “WhatsApp-only support” trap. Support via WhatsApp messages to a single person’s phone means no accountability, no documentation, no SLA, and no recourse when the support person is unavailable. Insist on professional infrastructure.
Evaluate communication clarity. Can they explain technical concepts in business terms? Do they listen to requirements or push their preferred solution? Do they ask about business processes or just technical specs? Communication during sales predicts communication during implementation.
Consider timezone for foreign vendors. Different time zones create communication delays that slow progress.
D. Security, NDPA, and Compliance Awareness
Every vendor who touches your data creates liability exposure. Under NDPA, you’re responsible for your vendors’ data-handling practices. The Nigeria Data Protection Commission enforces these requirements and has issued guidelines on vendor oversight.
Questions that reveal security maturity. Ask how they handle passwords. Where are they storing backup data? How do they control access to systems? Whether they use encryption. How they handle security updates. Detailed, specific answers indicate maturity. Vague assurances that “everything is secure” indicate ignorance. Review the NIST cybersecurity framework guidelines to understand what good security practices look like.
NDPA compliance understanding. Ask how they ensure NDPA compliance in their implementations. Can they explain data processing agreements? Do they understand data residency requirements? Have they worked with companies in regulated industries? Their level of knowledge indicates whether they’ll create compliance problems or help solve them. Review our NDPA compliance guide to understand what vendors should know.
Data handling and backup procedures. Where is your data stored? Who has access? How often are backups performed? How quickly can they restore from backup? What happens to your data if you stop working with them? These aren’t theoretical questions. They determine whether you can recover from disasters.
Access control and password management. How do they manage access to your systems? Do they use password managers or share passwords via WhatsApp? Do they implement two-factor authentication? Do they remove access when team members leave? Security practices reveal operational maturity.
E. Commercial Terms and Cost Structure
The quoted price is never the total cost. Understanding the full picture prevents budget disasters.
Hidden costs beyond the initial quote. Implementation, maintenance, hosting, licensing, support, and enhancements are separate costs. Ask for itemized pricing. Question vague items like “configuration fees.”
Payment structures that protect you. Never pay more than 50% upfront. Tie payments to verified milestones, not dates. Include a 10-15% holdback until final acceptance.
Scope creep prevention. Define exactly what’s included. Specify how change requests are handled, priced, and approved. Without clarity, vendors claim everything unlisted is “additional work.”
Data ownership and exit terms. You should own all code, designs, and content. Contracts must state this explicitly. Exit provisions should allow you to leave with your data in standard formats, without ransom demands.
Maintenance fee transparency. What’s covered under warranty, and what’s subject to additional fees? How long does the warranty last? What do support contracts cost? What response times for different tiers?
Nigeria-Specific Factors Most Companies Overlook
The Nigerian business environment creates unique vendor selection considerations:
Foreign vs. local vendors: the real trade-offs. Foreign vendors often bring stronger processes, better documentation, and more mature practices. But they typically lack understanding of Nigerian infrastructure challenges, business culture, regulatory requirements, and local market dynamics. They’re also more expensive and create payment challenges. Local vendors understand the operating environment but vary widely in capability and reliability.
Forex volatility impact on ongoing costs. If paying vendors in foreign currency, factor forex risk into your budget. A $10,000 annual hosting cost might be ₦4.5 million when you sign the contract. Two years later, it could be ₦8 million. Either negotiate naira-based pricing or budget for currency fluctuation.
Infrastructure dependencies on the vendor’s side. Does the vendor have backup power? Reliable internet? If they’re frequently offline due to infrastructure challenges, your project timeline suffers. Ask about their power backup and internet redundancy. For web projects, vendors should understand critical infrastructure, such as CDN and DNS management, that affects performance and reliability.
Local regulatory knowledge. Vendors working in Nigeria should understand NDPA requirements, CBN regulations for financial services, NITDA guidelines, and sector-specific compliance requirements. If they don’t know these exist, they’ll create compliance problems.
Cultural expectations around communication and escalation. Nigerian business culture has specific expectations around relationship management, communication formality, and conflict resolution. Vendors who understand this navigate challenges more smoothly than those who don’t.
The Most Common Vendor Selection Mistakes
Nigerian companies repeatedly make these errors:
Choosing purely on price. The cheapest vendor is cheap for a reason: underpricing to win work they can’t deliver, or cutting corners. This applies especially to cybersecurity services where corners are cut, creating serious risks.
Believing promises without verification. Require proof of every claim. References, portfolio access, SLA documentation, and team credentials.
Poor reference checking. Find clients independently. Ask: What went wrong? What would you do differently? Do you still work with them? Would you hire them again?
No written requirements. Verbal agreements create endless disputes. Document features, functionality, timelines, deliverables, and acceptance criteria. Both parties sign off before work begins.
Accepting vague timelines. Demand specific dates for every milestone. Include delay consequences in contracts.
No SLA discussion before signing. If vendors won’t discuss SLAs during sales, they won’t provide meaningful support after.
No exit strategy. What if the relationship fails? Can you export data? In what format? Who owns the code? Can another vendor maintain it?
Red Flags That Should Make You Walk Away
Some warning signs mean you should stop immediately:
Unwilling to provide references. Every legitimate vendor has satisfied clients. No references means no successful projects.
Vague or changing timelines. Professional vendors provide detailed schedules with specific milestones. Flexible timelines mean no real project plan.
No documentation or processes. Professional vendors have established project management, issue tracking, and communication processes. “We’re very flexible” means they’re improvising.
One-person teams for complex projects. Solo developers are fine for appropriate work. The red flag is individuals taking on projects requiring multiple specialists.
Poor communication during sales. Hard to reach, slow responses, or unclear communication while trying to win business signals worse after contract signing.
Unrealistic guarantees. “You’ll rank #1 on Google.” “This is very simple, two days max.” “We’ve never had a project fail.” These indicate dishonesty or incompetence.
Pressure tactics. “This price expires today.” “Another client is waiting.” Professional vendors don’t use high-pressure sales.
Misrepresenting capabilities. Claiming to be an agency when operating solo. Pretending to have built systems, they only maintained. The issue isn’t being a freelancer – it’s dishonesty.
A Practical IT Vendor Selection Process in Nigeria
Follow this systematic approach:
Define requirements clearly. Write exactly what you need: business outcomes, users, problems to solve, and success criteria. Create a specification document.
Research and shortlist. Identify 3-5 vendors through referrals, research, and industry connections. Don’t just Google and choose from page one.
Request detailed proposals. Send requirements to shortlisted vendors. Request: technical approach, team structure, timeline with milestones, itemized pricing, sample contract terms, and client references.
Conduct technical interviews. Meet each vendor’s technical team. Ask them to demonstrate similar work. Pose challenges specific to your project and evaluate responses.
Check references thoroughly. Contact at least three references per vendor. Ask about success, timeline adherence, budget management, problem-solving, communication, and post-launch support.
Evaluate systematically. Create a scoring matrix that assigns the most important weighting factors to your project. Don’t just choose who “feels right.”
Negotiate terms and SLAs. Don’t accept standard contracts. Negotiate payment terms, milestones, warranties, support provisions, data ownership, and exit clauses.
Start with a pilot if possible. For large or risky projects, begin with a small, defined scope to test capabilities and working relationships.
Plan onboarding. How will the vendor learn your processes? Who from your team will work with them? How often will you meet? What communication channels?
Set up performance monitoring. Define metrics for measuring vendor performance. Conduct regular reviews. Address problems immediately.
When to Bring in External IT Consultants
Some decisions benefit from independent expertise:
Complex or mission-critical projects. Enterprise systems, critical infrastructure migrations, or revenue-impacting platforms carry too much risk to decide without expert evaluation.
High-security or compliance-sensitive work. Projects involving sensitive data, financial information, or regulatory requirements require specialists to evaluate vendors’ security and compliance capabilities.
Multiple vendor coordination. Projects requiring several vendors (hosting, development, payment, security) or that implement workflow automation across systems need someone to design the architecture, vet vendors, and manage integration.
Limited internal IT expertise. Without technical staff to evaluate vendor claims, hiring a consultant for selection is cheaper than recovering from a bad choice.
Independent technical evaluation. Vendors tell you what you want to hear. Consultants tell you what you need to know. They review proposals, ask hard technical questions, evaluate code quality, assess capabilities objectively, and identify likely successes versus risky bets.
For many companies, an independent second opinion on vendor proposals is cheaper than recovering from one failed implementation.
Contact PlanetWeb Solutions for independent vendor evaluation and selection advisory services. We help Nigerian businesses identify reliable IT partners, negotiate favorable terms, and avoid costly vendor selection mistakes.
Next Steps
Choosing the right IT vendor determines whether your technology investments drive business growth or drain resources through failed implementations and ongoing support nightmares.
Take vendor selection seriously. Document your requirements. Verify every claim. Check references thoroughly. Negotiate protective contract terms. And when the stakes are high, bring in independent expertise.
The cheapest vendor rarely delivers the lowest total cost. The most impressive sales pitch doesn’t guarantee successful delivery. The vendor everyone else uses may not fit your specific needs.
Choose carefully. Your business operations depend on it.
Additional Resources:
- Download our Vendor Evaluation Checklist
- Read our guide on Why Your Company Needs a Service-Level Agreement for IT Support (coming soon)
- Learn about NDPA Compliance Requirements for Nigerian Businesses
- Understand the Key Features of the Nigeria Data Protection Act
- Review Nigeria Data Breach Case Studies
- Explore Cybersecurity for Nigerian SMEs
- Learn about Securing Remote Work in Nigeria
