Software

Gain a 360-degree view of third-party risk by using our SaaS software to centralize, track, automate, assess and report on your vendors. 

Managed Services

Let us handle the manual labor of third-party risk management by collaborating with our experts to reduce the workload and mature your program. 

Overview
Document Collection
Policy/Program Template/Consulting
Virtual Vendor Management Office
Vendor Site Audit

Ongoing Monitoring

Let us handle the manual labor of third-party risk management by collaborating with our experts.

VX LP Sequence USE FOR CORPORATE SITE-thumb
Venminder Exchange

As Venminder completes assessments for clients on new vendors, they are then made available inside the Venminder Exchange for you to preview scores and purchase as you need.

CREATE FREE ACCOUNT

Use Cases

Learn more on how customers are using Venminder to transform their third-party risk management programs. 

Industries

Venminder is used by organizations of all sizes in all industries to mitigate vendor risk and streamline processes

Why Venminder

We focus on the needs of our customers by working closely and creating a collaborative partnership

1.7.2020-what-is-a-third-party-risk-assessment-FEATURED
Sample Vendor Risk Assessments

Venminder experts complete 30,000 vendor risk assessments annually. Download samples to see how outsourcing to Venminder can reduce your workload.

DOWNLOAD SAMPLES

Resources

Trends, best practices and insights to keep you current in your knowledge of third-party risk.

Webinars

Earn CPE credit and stay current on the latest best practices and trends in third-party risk management.  

See Upcoming Webinars

On-Demand Webinars

 

Community

Join a free community dedicated to third-party risk professionals where you can network with your peers. 

Weekly Newsletter

Receive the popular Third Party Thursday newsletter into your inbox every Thursday with the latest and greatest updates.

Subscribe

 

Venminder Samples

Download samples of Venminder's vendor risk assessments and see how we can help reduce the workload. 

resources-whitepaper-state-of-third-party-risk-management-2023
State of Third-Party Risk Management 2023!

Venminder's seventh annual whitepaper provides insight from a variety of surveyed individuals into how organizations manage third-party risk today.

DOWNLOAD NOW

Solutions to Common Vendor Due Diligence Problems

6 min read
Featured Image

Vendor due diligence is a critical activity that must be done before and during the engagement. This complex process of collecting, reviewing, and assessing vendor information and controls helps protect your organization from risk, but it’s understandable that you might see some problems along the way. Solving these due diligence problems falls under the broader umbrella of vendor issue management, which is an essential component of an effective third-party risk management program.

How to Solve Common Vendor Due Diligence Problems 

Whether you’re dealing with a potentially new vendor or one you’ve worked with for years, it’s not uncommon to face a few problems during the due diligence process. Some of these problems may even be identical for both potential and existing vendors, but the solutions should be different because of the leverage you have. 

Consider this – if you’re having a due diligence problem with a potentially new vendor, it might be easier to find another vendor who can meet your needs. 

While it’s good to have a certain level of trust with your vendors, it’s also important verify the information they provide by collecting due diligence documents. This can help identify and mitigate any vendor issues that may occur after the contract is signed. 

vendor due diligence problems

Here are some common problems you may face and some suggested solutions for both potential and current vendors:

Problem

Solution

Vendor is slow in responding to due diligence requests.

  • Potential vendor - Follow-up often. Reiterate the importance of this request and how it's a requirement for your business. At the same time, consider engaging alternate vendors if not already doing so.
  • Current vendor - If audit rights are in your contract, remind your vendor of its contractual obligation to respond to due diligence requests in a timely manner.

Vendor is submitting incomplete questionnaires.

  • Potential vendor - Outline your requirements and make it clear why you need them. This may have been an intended omissions, but the vendor should clarify. You may need to re-word to ensure the question is understood. Consider having SME's on each side to discuss.
  • Current vendor - Inquire about the omission. Sometimes this is done in error. Reiterate the need for answers to move forward with your review.

Vendor doesn't have a complete set of evidence

  • Potential vendor - Consider whether the minimum was provided. It's important to have a list of evidence that differentiates between must-haves and nice-to-haves. Let the vendor who provides the must-haves move forward in the process
  • Current vendor - Be clear on the must-have evidence. If the vendor can't provide it, look into alternative review practices (e.g., in-person or video display of files).

Your organization doesn't have available internal subject matter experts (SMEs) to review the vendor's due diligence.

  • Potential vendor - The due diligence review may be time sensitive, so consider outsourcing the activity. As a long-term solution, cross-train internal stakeholders to expand your resources
  • Current vendor - There may be more time to ensure resources are available with an existing vendor. It should be noted in third-party risk management policy that staff are trained and agree to support this process. Build the team in advance of when skills are needed.

You have identified a lack of controls with the vendor.

  • Potential Vendor - Consider implementing nuanced contract clauses, such as additional cyber testing to their current scheduled. Consider risk acceptance only if the control can be revisited in the future or isn't material to your contract and their obligations
  • Current vendor - Perform an on-site visit or schedule an interview with the vendor's senior leadership to assess depth of the issue. Also, review if this is a breach to your contract.

You've discovered conflicting responses on what the vendor submitted on the questionnaire and the evidence provided in the due diligence document.

  • Potential vendor - If there's enough concern about the conflicting responses, you may decide to pass on this vendor.
  • Current vendor - You'll need to obtain re-affirmation from the vendor. Cite as an issue that you need to be aware of in the future.

Best practices for Problem Solving Due Diligence Situations 

Remember that due diligence should never be treated as a “check-the-box” activity, but rather a mutual conversation between your organization and the vendor. Likewise, there’s not going to be a one-size-fits all solution to every due diligence problem. Each situation will be different, but there are a few best practices that should be considered regardless of the problem: 

  1. Document your efforts. Any vendor communication regarding due diligence requests should be documented. This can help provide additional context if you continuously face the same problem and are deciding whether to end the vendor relationship
  2. Engage a legal expert for contracting. Sometimes your organization will need to proceed with a vendor relationship, despite a few problems during the due diligence stage. It’s important to work closely with your legal team to ensure that your contract includes the necessary provisions that protect your organization from vendor risk. 
  3. Establish a formal risk acceptance process. Vendor relationships can bring a lot of value to an organization, but they always carry some risk that must be mitigated or accepted. Make sure to have a risk acceptance process in place that can be repeated with other vendors as needed. 
  4. Continuously monitor your vendors. Monitoring your vendors’ for both risk and performance is essential, even if you don’t have any due diligence problems. A vendor’s risk and performance can change throughout the relationship, and ongoing monitoring will help you identify any issues that can arise before your next assessment or due diligence review.

Vendor relationships aren’t perfect, and often have some challenges throughout the lifecycle. It’s not always sustainable to find alternate vendors, so it helps to understand some possible solutions to common due diligence problems. In the end, you’ll create a better partnership with your vendors and keep your organization protected from risk.

Subscribe to Venminder

Get expert insights straight to your inbox.

Ready to Get Started?

Schedule a personalized solution demonstration to see if Venminder is a fit for you.

Request a Demo