Like many others, you may find the introduction of spring to be a great time to do some spring cleaning. While you’re dusting off the shelves and clearing the clutter it may not hurt to incorporate this into your vendor risk management program as well. It’s time to dust off your policy and program. Here are a few steps to approach this.
5 Ways to Dust Off Your Third Party Risk Management Program
- Dust Off Your Policy and Program. Review your policy and program to ensure it includes any changes that may have occurred since the last revision. Has a new regulation been released that warrants for a change to your overall policy?
- Ensure All Your Vendors Are Accounted For. It’s a great time to reach out to Accounts Payable and obtain an updated vendor list. It’s important to review this list on an annual basis to make sure that all vendors that should be accounted for are, and the appropriate level of due diligence is being completed on each.
- Verify Your Contracts Are Organized and Know the Important Dates. It’s important to have a method in place to be alerted regarding key contractual dates such as upcoming renewal notice periods or expiration dates. Missing a key date can cause the organization a great deal of financial burden if it’s a relationship that should have been reevaluated or terminated. Review each contract and confirm it's properly stored in your system so that you aren’t missing anything.
- Review Due Diligence. Can you think of a vendor that you haven’t reviewed in a while or maybe needs a little extra attention due to a recent situation? Now is a good time to do some additional due diligence where necessary. The following is a good list of documents to start with:
- SOC Reports
- Business Continuity Planning (BCP) / Disaster Recovery (DR) Reports
- Cybersecurity Policies and Procedures
Remember to document your reviews and any reach outs to the vendor. Senior management and the board will want to see this at upcoming meetings.
- Confirm All Other Due Diligence Files Are Organized. Take a deep dive and make sure all due diligence is organized in the proper files. Also, confirm the due diligence being monitored and stored on each vendor aligns with your vendor management policy. If you’re having difficulty managing all of this information, it may be a good idea to look into another option, like a third party risk management software, as this tends to make file maintenance a breeze.
Taking these steps should not only assist with feeling more organized, but also more prepared for audits and senior management/board meetings.
Download our checklist to ensure you're prepared for your next audit.