5 Ways to Spring Clean Your Third-Party Risk Management Program

Spring is known as the season for cleaning out garages and attics, purging those long-forgotten cupboards and just generally starting fresh. So, while you’re dusting off the shelves and clearing the clutter, it may not hurt to incorporate these five tips into your vendor risk management program as well as it’s also a good time to clean up your program as needed.

5 Ways to Dust Off Your Third-Party Risk Management Program

1. Dust off your governance documents.

Review your governance documents, such as your policy and program, to ensure it includes any changes that may have occurred since the last revision. Has a new regulation been released that warrants for a change to your overall policy?

2. Ensure all your vendors are accounted for.

It’s a great time to reach out to Accounts Payable and obtain an updated vendor list. It’s important to review this list on an annual basis to make sure that all vendors that should be accounted for are, and the appropriate level of due diligence is being completed on each. 

3. Consider utilizing a vendor management platform.

Having a centralized place to store and manage your due diligence information, as well as contracts, is vital part of an efficient third-party risk management program. A vendor management platform can help streamline your processes, increase transparency, while also helping your organization remain in compliance.

4. Know the important dates. 

It’s important to have a method in place to be alerted regarding key contractual dates, such as upcoming renewal notice periods or expiration dates (a vendor management platform is the secret weapon here too). Missing a key date can cause the organization a great deal of financial burden if it’s a relationship that should have been reevaluated or terminated. Review each contract and confirm each is properly stored in your platform so that you aren’t missing anything. 

5. Review due diligence.

Can you think of a vendor that you haven’t reviewed in a while or maybe needs a little extra attention due to a recent situation? Now is a good time to do some additional due diligence where necessary. Don’t forget to document your reviews and any reach outs to the vendor. Senior management and the board will want to see this at upcoming meetings. The following is a good list of documents to start with:

• Financials
• SOC Reports
• Business Continuity Planning (BCP) / Disaster Recovery (DR) Reports
• Cybersecurity Policies and Procedures

Taking these steps should not only assist with feeling more organized, but also help make you more prepared for audits and senior management/board meetings.

Make sure you are continuously updating your vendor management procedures document for a repeatable process. Download the eBook.