Gain a 360-degree view of third-party risk by using our SaaS software to centralize, track, automate, assess and report on your vendors. 

Managed Services

Let us handle the manual labor of third-party risk management by collaborating with our experts to reduce the workload and mature your program. 

Document Collection
Policy/Program Template/Consulting
Virtual Vendor Management Office
Vendor Site Audit

Ongoing Monitoring

Let us handle the manual labor of third-party risk management by collaborating with our experts.

Venminder Exchange

As Venminder completes assessments for clients on new vendors, they are then made available inside the Venminder Exchange for you to preview scores and purchase as you need.


Use Cases

Learn more on how customers are using Venminder to transform their third-party risk management programs. 


Venminder is used by organizations of all sizes in all industries to mitigate vendor risk and streamline processes

Why Venminder

We focus on the needs of our customers by working closely and creating a collaborative partnership

Sample Vendor Risk Assessments

Venminder experts complete 30,000 vendor risk assessments annually. Download samples to see how outsourcing to Venminder can reduce your workload.



Trends, best practices and insights to keep you current in your knowledge of third-party risk.


Earn CPE credit and stay current on the latest best practices and trends in third-party risk management.  

See Upcoming Webinars

On-Demand Webinars



Join a free community dedicated to third-party risk professionals where you can network with your peers. 

Weekly Newsletter

Receive the popular Third Party Thursday newsletter into your inbox every Thursday with the latest and greatest updates.



Venminder Samples

Download samples of Venminder's vendor risk assessments and see how we can help reduce the workload. 

State of Third-Party Risk Management 2023!

Venminder's seventh annual whitepaper provides insight from a variety of surveyed individuals into how organizations manage third-party risk today.


What to Have Available for Vendor Management Examiners

4 min read
Featured Image

The best strategy for preparing for an examination is vigilance. Vigilance in the third-party risk world means you’re always prepared and ready to answer any auditor's or examiner’s document request well ahead of time. By keeping everything up to date, you avoid the crush to meet your examiner’s deadlines.

Often, particularly at smaller organizations, keeping everything refreshed can be very difficult (and sometimes downright impossible) since third-party risk activities are often combined with the many other duties of the compliance officer. Let’s get very practical about what to expect, what to do and when.

Pre-Exam Preparations to Consider

First off, make no mistake, examinations involve a great deal of prep work. You should schedule meetings with the various lines of business, your compliance team, your internal audit team and senior management. Senior management may even want you to prep your board on what to expect.

Take the time to assemble a thorough set of documentation so you’re able to quickly and easily find any items your examiners request. This requires a highly organized approach and one that is best put together well in advance. The bad news is that every exam today has a vendor risk management component. The good news is that your prep work will pay off big time when you’re on top of your program and have all your documentation in one place – especially if you have it in a vendor management platform

Pro-tip: While we're all eager to impress examiners or hope to get things over with quickly, don't share items until asked. Once requested, supply the document quickly and take the time to review each item thoroughly. Even getting a second set of eyes to look at it before you send it to them can help. Then, take your time reviewing the documents with your examiner. (Remember, examiners cannot read your mind!)

Exam Materials You Need for “Game Day”

Anticipate what you know examiners are going to ask you for by reviewing the last examiner’s document request, follow-up request and final report. Based on your organization’s prior exams, you should be able to determine the most important highlights the examiners will want to touch upon. Keep in mind, it’s never too early to get these items prepared. 

Your preparation should include:

1. Anything noted in the examiner’s document request list. Start with the examiner's document request list and look for any items, specifically or otherwise, that could involve third-party risk management.

2. A copy of your vendor management policy, program, and any other associated governance documents. Be absolutely certain your third-party risk management governance documents are current and board approved within the last year.

3. A flowchart. This should show the processes and procedures your organization uses for vendor vetting, vendor onboarding, ongoing monitoring and your risk assessment process.

4. A complete inventory of your third parties. This list should be accurate, recent nd separated by level of risk. It’s a good time to go back and make sure the scope statement in your program document matches whom you have on your vendor list.

5. Samples of your critical/high-risk third parties. Assemble samples of work product, particularly on your highest risk vendors, including proof of risk analysis, risk assessments and ongoing monitoring. Start with your core systems vendors. This is a critical component of third-party risk management which is often overlooked and should never be!

6. Evidence of adequate review and timely tracking of important documents. Record the processes and procedures your organization uses to track the workflow in your vendor risk management program.

7. Evidence of reports. Ensure you have handy copies of reporting supplied to both senior management and the board, as well as the minutes of meetings where these are presented reflecting the reporting and discussion.

8. Educational materials. Include any education or training your team has undergone and any training you’ve developed for your lines of business, senior management and the board.

9. Regulatory guidance. Review your regulatory guidance – not just your prudential regulator's but also the FFIEC IT Examination Handbook – it's the play-by-play of what the examiner may reasonably ask or expect to see.

10. A point person. Decide beforehand who the point person for the overall exam will be and decide on who will represent each section of the exam. It’s the point person’s responsibility to set up meetings with your personnel when the examiner gives you an ad hoc request.

Yes, exams can be stressful. However, preparation is the key to success. Don’t be afraid to meet with the examiners to clarify any questions or even educate them, if needed, on ways in which your practices may have changed or may be different from what they are accustomed to reviewing.

It’s always better to clarify items ahead of time rather than scrambling when the draft report is issued. In other words, don't just dump all of the documentation to the examiner!

Now that you know how to prep for a vendor management exam, make sure you know what steps to take afterwards too. Download the infographic.

New call-to-action

Subscribe to Venminder

Get expert insights straight to your inbox.

Ready to Get Started?

Schedule a personalized solution demonstration to see if Venminder is a fit for you.

Request a Demo