Breaking news! There are some vendor management best practices that will set any organization up for vendor management success – regardless of size or industry.
Well, okay, maybe not necessarily breaking news as it’s not like any of these tips are a secret. However, we thought it’d be great to take a moment and reiterate 5 of our top recommendations to achieve vendor management success.
5 Tips for Vendor Management Success
- Follow regulatory guidance closely. Know who your industry’s governing regulatory body is (e.g., OCC, FDIC, NCUA). Not only know who, but also know the guidance and their vendor risk management expectations like the back of your hand. Meaning, analyze the guidelines until you fully understand them. If you don’t fully understand the guidance, ask questions! There are likely others at your organization who can assist.
Also, keep a watchful eye out for any changes or updates to the guidance. You’ll impress your examiners if you’ve implemented the newest requirements before they have to say something about it to you.
- Involve senior management and the board. Keep them informed regarding any vendor activity that seems amiss. You’ll especially want to do this if it’s a high risk or critical vendor, but it doesn’t hurt to provide them notes on any others who may seem to be underperforming, are unresponsive, have poor due diligence, etc. They’ll be able to determine how to properly escalate or address the situation.
- Have well-developed policy, program and procedures documentation. You’ll want a policy written at the board level, a detailed program that’s instructive to the lines of business and procedures that are so comprehensive anyone who reads them can understand their role and responsibilities.
- Learn from your first line of defense. By this, I mean engage with them and learn what they’re experiencing daily as they interact with the vendors. Since the first line is comprised of your business units who communicate with the vendors day-to-day, they can share a great deal of vendor insight that would go otherwise unnoticed. For example, if the vendor isn’t meeting service level expectations, the first line will probably be who notices.
- Analyze due diligence. Don’t have a check-the-box mentality towards due diligence. Once you receive a document, give it a read. Have a subject matter expert write up an analysis and document any findings that you should address with the vendor (e.g., if you find in a SOC report that controls are faulty, this should be documented, and you should reach out to the vendor to determine next steps to strengthen controls).
There are many, many more tips that we could share but these should give you a great start to achieving vendor management success. Until next time, thanks for taking the time to learn more about this breaking vendor news announcement – said in my best newscaster voice!
Further improve your vendor risk strategy by checking out these top 20 resources. Download now.