Software

Gain a 360-degree view of third-party risk by using our SaaS software to centralize, track, automate, assess and report on your vendors. 

Managed Services

Let us handle the manual labor of third-party risk management by collaborating with our experts to reduce the workload and mature your program. 

Overview
Document Collection
Policy/Program Template/Consulting
Virtual Vendor Management Office
Vendor Site Audit


Ongoing Monitoring

Let us handle the manual labor of third-party risk management by collaborating with our experts.

VX LP Sequence USE FOR CORPORATE SITE-thumb
Venminder Exchange

As Venminder completes assessments for clients on new vendors, they are then made available inside the Venminder Exchange for you to preview scores and purchase as you need.

CREATE FREE ACCOUNT

Use Cases

Learn more on how customers are using Venminder to transform their third-party risk management programs. 

Industries

Venminder is used by organizations of all sizes in all industries to mitigate vendor risk and streamline processes

Why Venminder

We focus on the needs of our customers by working closely and creating a collaborative partnership

1.7.2020-what-is-a-third-party-risk-assessment-FEATURED
Sample Vendor Risk Assessments

Venminder experts complete 30,000 vendor risk assessments annually. Download samples to see how outsourcing to Venminder can reduce your workload.

DOWNLOAD SAMPLES

About

Venminder is an industry recognized leader of third-party risk management solutions. 

Our Customers

Over 800 organizations use Venminder today to proactively manage and mitigate vendor risks.

Get Engaged

We provide lots of ways for you to stay up-to-date on the latest best practices and trends.

Gartner 2020
Venminder received high scores in the Gartner Critical Capabilities for IT Vendor Risk Management Tools 2020 Report

READ REPORT

Resources

Trends, best practices and insights to keep you current in your knowledge of third-party risk.

Webinars

Earn CPE credit and stay current on the latest best practices and trends in third-party risk management.  

See Upcoming Webinars

 

Community

Join a free community dedicated to third-party risk professionals where you can network with your peers. 

Weekly Newsletter

Receive the popular Third Party Thursday newsletter into your inbox every Thursday with the latest and greatest updates.

Subscribe

 

Venminder Samples

Download samples of Venminder's vendor risk assessments and see how we can help reduce the workload. 

Join the thousands of risk and compliance professionals who subscribe to Venminder

What Should Be Included in Your Vendor Management Budget

4 min read
Featured Image

When it comes to setting a budget for vendor management, some organizations try to say they have no budget. This may come off harsh, but that can't be right. You can’t spend $0 on proper – proper being the key word here – vendor management.

Other organizations aren't sure how much they should be spending or what they should request from their budget committee to give them what they need. So, let's go over some items to consider when setting a vendor management budget.

6 Vendor Management Budget Considerations

1. Employee salary expenses

Sure, you need a team to do it right? It’s sometimes difficult to hire enough of the experienced and highly qualified professionals you need. Another cheaper option is outsourcing a particular part of a function, such as the review of a SOC report, to an external expert.

2. Subscription-based resources

A best practice is to make sure you have a team with the qualifications and time available to address each of the six pillars of third party risk management. To supplement their efforts, you’ll likely need subscription-based resources like an automated monitoring platform that is looking for any negative news, complaints or significant changes in your third parties. Google News alerts simply aren’t enough these days.

You may be wondering how much something like that can cost. It varies, depending on the provider you choose. However, do your due diligence. Find the best subscription-based product for your organization, at a price that is within “budget” and weigh the pros and cons. If catching something sooner rather than later saves your organization from a third party data breach, or something like that, think about all of the underlying cost you save.   

3. Required due diligence documents

Those always include items like OFAC checks, Secretary of State checks, Dun & Bradstreet reports, LexisNexis searches and more. As far as some insight on pricing goes, it’s difficult to give exact, or even ballpark, pricing as it will vary greatly. It truly depends on the company you choose and their quality, any volume discounts, etc.

However, to save cost, you can choose to keep this in-house as you can do some of it yourself at a nominal fee. For example, you can pull a secretary of state check on your own and you can run an OFAC check on their website.

4. Ravel expenses associated with making an on-site visit to your most critical vendors:

There’s a real investment of both salary and travel expenses in doing those sorts of visits. These visits are worth the money though because this is an opportunity to accomplish the following:

  • Test the vendor’s physical security controls at their location
  • Interact with staff you normally wouldn’t which could help with grooming a better vendor relationship long-term
  • Shows the vendor you take third party risk management seriously and need their undivided attention to address issues important to you

5. You should also consider the expenses associated with keeping your team well-educated by attending webinars and conferences:

As far as conferences go, Risk Management Association (RMA), Global Financial Markets Intelligence  (GFMI) and Marcus Evans – to name a few examples – are great, and all have focused conferences. You typically can expect to spend somewhere in the ballpark of $2,500 between registration and travel. The amount will fluctuate. The amount will fluctuate heavily depending on the type of conference, where you have to travel, how many people you’re planning to send and the duration.

Examples of webinar recommendations include American Banker and PRMIA webinars and conferences. They are high quality for usually under a couple of hundred dollars.

And, of course, we recommend our educational webinars and online bootcamps. They’re free and you can earn CPE credit! Check out what’s upcoming here.

6. Engage an audit firm or other experts to occasionally review your program and its performance:

This will help identify, document and provide an opportunity to remediate any problems prior to an official regulatory examination.

Remember, take credit for the investment of time, talent and resources and show your examiner the organization is marking a real effort throughout the year by spending actual money on these items. Yes, all of these steps have costs, but it’s a proactive way of protecting your organizations and your customers.

In addition, it’s preventative measures from receiving any type of enforcement action – reminder, those could cost you significant amounts as organizations typically receive things like large penalties/fines, sometimes mandatory monetary relief to customers for any wrongdoing and even pay a great deal in legal fees to respond to and address complaints. It can really add up.

Overall, good results in vendor management usually means there’s been a focus and investment in the program.  

Make sure you have all the necessary components in your third party risk program. Download the checklist.

New call-to-action

Subscribe to Venminder

Get expert insights straight to your inbox.

Ready to Get Started?

Schedule a personalized solution demonstration to see if Venminder is a fit for you.

Request a Demo