Gain a 360-degree view of third-party risk by using our SaaS software to centralize, track, automate, assess and report on your vendors. 

Managed Services

Let us handle the manual labor of third-party risk management by collaborating with our experts to reduce the workload and mature your program. 

Document Collection
Policy/Program Template/Consulting
Virtual Vendor Management Office
Vendor Site Audit

Ongoing Monitoring

Let us handle the manual labor of third-party risk management by collaborating with our experts.

Venminder Exchange

As Venminder completes assessments for clients on new vendors, they are then made available inside the Venminder Exchange for you to preview scores and purchase as you need.


Use Cases

Learn more on how customers are using Venminder to transform their third-party risk management programs. 


Venminder is used by organizations of all sizes in all industries to mitigate vendor risk and streamline processes

Why Venminder

We focus on the needs of our customers by working closely and creating a collaborative partnership

Sample Vendor Risk Assessments

Venminder experts complete 30,000 vendor risk assessments annually. Download samples to see how outsourcing to Venminder can reduce your workload.



Venminder is an industry recognized leader of third-party risk management solutions. 

Our Customers

900 organizations use Venminder today to proactively manage and mitigate vendor risks.

Get Engaged

We provide lots of ways for you to stay up-to-date on the latest best practices and trends.

Gartner 2020
Venminder received high scores in the Gartner Critical Capabilities for IT Vendor Risk Management Tools 2021 Report



Trends, best practices and insights to keep you current in your knowledge of third-party risk.


Earn CPE credit and stay current on the latest best practices and trends in third-party risk management.  

See Upcoming Webinars

On-Demand Webinars



Join a free community dedicated to third-party risk professionals where you can network with your peers. 

Weekly Newsletter

Receive the popular Third Party Thursday newsletter into your inbox every Thursday with the latest and greatest updates.



Venminder Samples

Download samples of Venminder's vendor risk assessments and see how we can help reduce the workload. 

State of Third-Party Risk Management 2022

Venminder's sixth annual whitepaper provides insight from a variety of surveyed individuals into how organizations manage third-party risk today.


What Vendor Management Information Should I Be Reporting?

2 min read
Featured Image

Vendor management reporting to the board and/or senior management isn’t only a best practice used to inform and drive action, but it’s also a regulatory requirement. Guidance such as OCC Bulletin 2013-29 and FDIC FIL-44-2008 outline these reporting responsibilities.

After you’ve gathered your vendor information, how should you prepare it for reporting? Let’s review some key components around reporting including frequency and what to include.


Frequency & Format of Your Vendor Reporting

The exact frequency of your reporting will depend on the details of which you’re providing and the audience, but keep in mind that you should adhere to a regularly scheduled recurring basis. Quarterly reporting may be appropriate for your audit committee or board, while monthly or more frequent reporting might be performed for your risk or compliance committee. Always make sure to note this frequency in your minutes.

Consider creating your report in an easy-to-follow PowerPoint or Word format, with each page dedicated to a fundamental activity. Any significant matters involving critical or high-risk third parties should also be highlighted.


Types of Information to Include in Vendor Reporting

To create your report, begin with a cover page or title slide with your company information. Next, include pages covering the following:

  1. Overall inventory of third-party vendors (e.g., total number of actively managed vendors, percentages of critical vs. non-critical, etc.)
  2. An overview of any new or changing regulatory requirements requiring changes in your governance documents, processes or procedures.
  3. Summarized due diligence and vendor selection information such as current and ongoing vendor selection processes and where each is in the process
  4. Information regarding risk assessments like the total number of third parties that have risk assessments in progress, total number of risk assessments completed since your last meeting, etc.
  5. Any vendor risk issues such as significant vendor changes, issues the board should be aware of, concerns with the contract and other pertinent information
  6. A reporting timeline that shares the timeline of the reports and meetings you’re currently delivering to your business lines or vendor owners, senior management team and any committee who should receive regular reporting
  7. Industry highlights related to third-party risk management (e.g., big news headlines)

End the report with a closing to wrap up. Be sure to provide your contact information in case anyone has questions.

Repeat vendor risk management reporting as needed to ensure your organization’s leaders stay well informed of emerging risks and activities. Accurate, easily digestible, timely and accessible reporting will provide them with the information needed to make strategic decisions and improvements that will propel your organization to success.

Subscribe to Venminder

Get expert insights straight to your inbox.

Ready to Get Started?

Schedule a personalized solution demonstration to see if Venminder is a fit for you.

Request a Demo