Software

Gain a 360-degree view of third-party risk by using our SaaS software to centralize, track, automate, assess and report on your vendors. 

Managed Services

Let us handle the manual labor of third-party risk management by collaborating with our experts to reduce the workload and mature your program. 

Overview
Document Collection
Policy/Program Template/Consulting
Virtual Vendor Management Office
Vendor Site Audit

Ongoing Monitoring

Let us handle the manual labor of third-party risk management by collaborating with our experts.

VX LP Sequence USE FOR CORPORATE SITE-thumb
Venminder Exchange

As Venminder completes assessments for clients on new vendors, they are then made available inside the Venminder Exchange for you to preview scores and purchase as you need.

CREATE FREE ACCOUNT

Use Cases

Learn more on how customers are using Venminder to transform their third-party risk management programs. 

Industries

Venminder is used by organizations of all sizes in all industries to mitigate vendor risk and streamline processes

Why Venminder

We focus on the needs of our customers by working closely and creating a collaborative partnership

1.7.2020-what-is-a-third-party-risk-assessment-FEATURED
Sample Vendor Risk Assessments

Venminder experts complete 30,000 vendor risk assessments annually. Download samples to see how outsourcing to Venminder can reduce your workload.

DOWNLOAD SAMPLES

About

Venminder is an industry recognized leader of third-party risk management solutions. 

Our Customers

900 organizations use Venminder today to proactively manage and mitigate vendor risks.

Get Engaged

We provide lots of ways for you to stay up-to-date on the latest best practices and trends.

Gartner 2020
Venminder received high scores in the Gartner Critical Capabilities for IT Vendor Risk Management Tools 2021 Report

READ REPORT

Resources

Trends, best practices and insights to keep you current in your knowledge of third-party risk.

Webinars

Earn CPE credit and stay current on the latest best practices and trends in third-party risk management.  

See Upcoming Webinars

On-Demand Webinars

 

Community

Join a free community dedicated to third-party risk professionals where you can network with your peers. 

Weekly Newsletter

Receive the popular Third Party Thursday newsletter into your inbox every Thursday with the latest and greatest updates.

Subscribe

 

Venminder Samples

Download samples of Venminder's vendor risk assessments and see how we can help reduce the workload. 

resource-whitepaper-state-of-third-party-risk-management-2022
State of Third-Party Risk Management 2022

Venminder's sixth annual whitepaper provides insight from a variety of surveyed individuals into how organizations manage third-party risk today.

DOWNLOAD NOW

3 Vendor Risk Management Items the Examiner Expects to See

3 min read
Featured Image

One of the most difficult parts of third party risk management - or perhaps the most anxiety-laden – is the idea of being exam ready at all times. To do so, one needs to figure out what the examiners might reasonably expect to see. 

3 Main Examiner Expectations

Here are 3 main examiner expectations:

  1. All Documents are Current – The examiner will want to see that all your documents are current and easy to find. For example, if your policy is to be reviewed by the board on an annual basis, make sure you've got clear evidence (i.e., a footnote saying "board approved 4/2018" and meeting minutes to support it) that it's been done in the past 12 months. I know that sounds like a no-brainer, but board meetings are always action packed and things could slide inadvertently.

  2. Correct and Updated Guidance Citations – The examiner will check to see that you take regulatory guidance into account throughout your vendor risk management program. It's always worth double checking to make sure you haven't missed a critical piece of information in guidance. There's a lot out there, so taking the extra time is important.

  3. Understanding the Scope of the Exam – The examiner will assume you understand what they are there for and need. If the examination is coming up and you've received the initial notification letter or request for information, be certain you understand the scope and have a firm grasp of what items they are expecting. It's worth bouncing it off someone else in your organization – perhaps the compliance officer or legal counsel – just to make sure you're on the same page. If there's any doubt, even the least little bit, circle back with the examiner and ask for clarification.

7 Tips Once the Examiner Is Onsite

Once the examiner is onsite, here are some tips to follow:

  1. Establish a good working relationship with the examiner as the examination unfurls.

  2. Educate them on how your processes work and what you're trying to accomplish – that's particularly important if things have changed since the last exam.

  3. Have documentation that clearly demonstrates that your work product matches what is outlined in your policy and program documents – believe me, I've been guilty of having work product that is all well and good, but drastically different than what I'd carefully laid out in the program documentation and that's a huge "no, no”. Keep the documentation and the work product in sync.

  4. Make sure you have evidence, particularly if there are gaps. For example, if you’re missing due diligence items, show proof of the attempts to gather information. Even routine emails can clearly show your efforts to collect the necessary due diligence or minutes from risk committee meetings where you've updated senior management on your progress.

  5. Carefully relay information to other departments on how the examination is going and clearly communicate your expectations or needs in terms of their level of involvement.

  6. Assure the examiners that you'll get them the information they need in a timely manner and then deliver on it.

  7. As issues arise, deal with them in an organized manner and set clear expectations around timeframes for follow up and even remediation, if needed.

After the You Receive Exam Results

Once you have your examination results, the examiner expects you to thoroughly review and implement any necessary changes. This feedback is critical and should not be taken lightly. Exam time can be stressful but with a little preparation and a lot of documentation, you'll be ready to handle it.

Examiners will require your vendor risk management program to be in top shape - download our infographic.  

Creating an Effective Vendor Contract Management System eBook

 

 

Subscribe to Venminder

Get expert insights straight to your inbox.

Ready to Get Started?

Schedule a personalized solution demonstration to see if Venminder is a fit for you.

Request a Demo