Gain a 360-degree view of third-party risk by using our SaaS software to centralize, track, automate, assess and report on your vendors. 

Managed Services

Let us handle the manual labor of third-party risk management by collaborating with our experts to reduce the workload and mature your program. 

Document Collection
Policy/Program Template/Consulting
Virtual Vendor Management Office
Vendor Site Audit

Ongoing Monitoring

Let us handle the manual labor of third-party risk management by collaborating with our experts.

Venminder Exchange

As Venminder completes assessments for clients on new vendors, they are then made available inside the Venminder Exchange for you to preview scores and purchase as you need.


Use Cases

Learn more on how customers are using Venminder to transform their third-party risk management programs. 


Venminder is used by organizations of all sizes in all industries to mitigate vendor risk and streamline processes

Why Venminder

We focus on the needs of our customers by working closely and creating a collaborative partnership

Sample Vendor Risk Assessments

Venminder experts complete 30,000 vendor risk assessments annually. Download samples to see how outsourcing to Venminder can reduce your workload.



Trends, best practices and insights to keep you current in your knowledge of third-party risk.


Earn CPE credit and stay current on the latest best practices and trends in third-party risk management.  

See Upcoming Webinars

On-Demand Webinars



Join a free community dedicated to third-party risk professionals where you can network with your peers. 

Weekly Newsletter

Receive the popular Third Party Thursday newsletter into your inbox every Thursday with the latest and greatest updates.



Venminder Samples

Download samples of Venminder's vendor risk assessments and see how we can help reduce the workload. 

State of Third-Party Risk Management 2023!

Venminder's seventh annual whitepaper provides insight from a variety of surveyed individuals into how organizations manage third-party risk today.


What Vendor Management Information Should I Be Reporting?

3 min read
Featured Image

While vendor management reporting to the board and/or senior management is an important best practice that drives action, it’s also a regulatory requirement. Guidance such as OCC Bulletin 2013-29, FDIC FIL-44-2008, Health Insurance Portability and Accountability Act of 1996 (HIPAA), and the Sarbanes-Oxley Act (SOX) outline these reporting responsibilities.

After you’ve gathered your vendor information, how should you prepare it for reporting? Let’s review some key components around reporting including frequency and what to include.

Frequency & Format of Your Vendor Reporting

Depending on what you are reporting and your audience, the exact frequency of your reporting may vary. For example, you might prefer a quarterly schedule for your audit or committee board, but you may find that a monthly or bi-monthly schedule better suits your risk or compliance committee. No matter the frequency, it's important to maintain a regularly recurring schedule and track the frequency of the reporting meetings in your minutes.

When developing your reports, create a concise and easy-to-follow presentation, and use the same format each time. It’s a best practice to begin your report with an executive summary distilling the key data points into an easy-to-read narrative. Any significant matters involving critical or high-risk third parties should be highlighted. For organizations that utilize a TPRM dashboard, it should directly follow the executive summary. If necessary, additional charts, reports, or individual dashboards may follow the executive summary and primary dashboard.

Vendor information reporting

Types of Information to Include in Vendor Reporting

To create your report, begin with a cover page or title slide with your company information. Next, you should include pages covering the following information:

  • Any vendor risk issues such as significant vendor changes, issues the board should be aware of, concerns with the contract, and other pertinent information
  • An overview of any new or changing regulatory requirements that require changes in your governance documents, processes, or procedures
  • Industry highlights related to third-party risk management (e.g., big news headlines)
  • Third-party risk management program metrics that show the health and stability of the program
  • Vendor portfolio data (e.g., the total number of actively managed vendors, percentages of critical vs. non-critical, etc.)
  • Summarized due diligence and vendor selection information such as current and ongoing vendor selection processes and where each is in the process
  • Information regarding vendor risk assessments, including the number of critical and high-risk assessments or re-assessments in progress or that are at risk or past due
  • A reporting timeline that shares the schedule of the reports and meetings you’re currently delivering to your business lines or vendor owners, senior management team, and any committee who should receive regular reporting

Finally, end the report with a closing to wrap up. Be sure to provide your contact information in case anyone has questions.

It’s essential to maintain a consistent vendor risk management reporting routine to ensure your organization's leaders stay informed about emerging risks and activities. Accurate, easily digestible, timely, and accessible reporting will provide the board and senior management with the information needed to verify the health and stability of the vendor risk management program, enable strategic decisions, and take corrective actions when necessary. Keeping your board and senior leadership informed through regular reporting is a necessary practice to meet regulatory requirements and ensure an effective vendor risk management program.

Subscribe to Venminder

Get expert insights straight to your inbox.

Ready to Get Started?

Schedule a personalized solution demonstration to see if Venminder is a fit for you.

Request a Demo