REQUEST A DEMO
venminder_eBook_resources_Mini_Vendor_Management_Handbook
New Call-to-action
New Call-to-action
Post-Hero.jpg

Venminder Blog

Filter by Topic

Filter by Date

Subscribe--Bg.jpg

Subscribe to the Venminder Blog

Risk Assessment

10 Best Practices for Successful Vendor Risk Assessments

Jun 13, 2018 by Venminder Team

The vendor risk assessment is a very crucial step in the vendor vetting and ongoing monitoring due diligence phases. The assessment will give you a better understanding of the risk posed by each vendor relationship.

10 Best Practices For Successful Vendor Risk Assessments

  1. Compare your list from the Accounts Payable Department to your vendor list.  Make sure you haven’t overlooked a vendor when completing risk assessments.

  2. Bucket your actively managed vendors into groups. Once you have your list from accounts payable, begin to sort the vendors into different buckets based on type (e.g. processors, marketing agencies, cloud storage providers).

  3. Understand the business impact and regulatory risk. Business impact determines if the vendor is critical or non-critical to the organization. Regulatory risk determines if the vendor is low, moderate or high risk. You must understand both and give vendors both designations.

  4. Keep a disciplined approach. The risk assessment is a repeatable process, consistent in form and content.

  5. Assess vendor relationships at the product or service level. In order to thoroughly understand all risk posed, it’s important to complete a risk assessment on each product or service instead of only one vendor risk assessment on an entire vendor relationship.

  6. Determine what the due diligence requirements are the more critical or high risk the vendor is. If the vendor is high risk, for example, you may want to add more contract considerations, more frequent monitoring and more in-depth due diligence annually.

  7. Evaluate risk in the vendor selection phase. In addition to being a continuous part of your ongoing monitoring, go ahead and conduct a vendor risk assessment during the vendor vetting phase too.

  8. Stay abreast of regulatory regulations. Implement new guidance into your vendor risk assessment as necessary.

  9. Keep senior management and the board informed. If you make significant changes to the risk assessment, notify them.

  10. Risk rate each vendor. Each relationship should be risk rated however, a full risk assessment template may not be required for all. This is dependent on the parameters of your vendor risk management program.

Implementing these best practices into your program should set the stage for a great foundation.

To learn more about developing a strong third party risk management or vendor risk management program, download our infographic.

Creating an Effective Vendor Contract Management System eBook
Venminder Team

Written by Venminder Team

Venminder has a team of due diligence experts who can significantly reduce your vendor management workload

Follow Venminder Team
LinkedIn
Load More

What we do

Venminder is a leading provider of third party risk management solutions.

Our Software

Our dedicated third party risk software can guide a user through critical processes such as risk assessments, due diligence requirements and task management.

Our services

Our due diligence experts can collect your vendor compliance documentation, analyze their financial health, review SSAE 18s, review BCP, monitor the vendor’s cybersecurity, review contracts and more.

Contact Us

(270) 506-5140
info@venminder.com
400 Ring Road, Suite 131, Elizabethtown, Kentucky 42701
Copyright © 2018 Venminder, Inc