(270) 506-5140 CONTACT US
Login
Best Practices

Are You Testing Your Vendor Management Program?

Jan 10, 2018 by Branan Cooper

We all know the importance of getting regular checkups on our health. It’s a great way to proactively address any potential problems before they become a crisis. Well, third party risk management and compliance are really no different – your practices and protocols require regular attention also. You’d never want to miss an opportunity to find a problem and resolve it early.

2 Ways to Test Your Vendor Management Program

What does never wanting to miss an opportunity to find a problem really mean in practical terms? From my perspective, this means looking for opportunities to test your program:

  1. Does the work product adequately address what you’ve described in your policies and procedures?

  2. Equally important, do those documents cover all of the regulatory guidance and are they up-to-date and board approved?

3 Ways to Check Up on Your Vendor Management Program

  1. Casual Testing: Have your team review your program, answering the questions above.

  2. Annual Internal Audit: More formal testing is an even better idea – work closely with your compliance team and your audit area to ensure that your third party risk management program is regularly evaluated and that any concerns are identified and addressed.
  • Typically, a program is part of the normal cycle of audits done by your internal or external audit area, but if not, consult with them to get a review scheduled.
  • Most companies conduct annual audits of their vendor management program as a common practice, but, if not, establish a recurring pattern that works best for your company.
  • Speaking from experience, this can be a huge undertaking and, having taken my lumps along the way, I know the value of a fully informed audit. It’s better to find things ahead of time with help from your internal team than to have external examiners or, worse yet, your customers/members realize that your practices are not robust.

  1. Update with News: Use the news to help you – in other words, study the headlines and the best practices. Look as well at enforcement actions as an opportunity to examine your own program for any potential deficiencies.


All of this requires discipline and commitment, but it will pay huge dividends in the long run. A healthy program is a real business advantage to your company.

To properly prepare for an upcoming audit, download our checklist. 

Regulatory Developments Impact Your Next Vendor Management Exam eBook

Branan Cooper

Written by Branan Cooper

Branan Cooper is the Chief Risk Officer at Venminder. Branan has nearly 30 years of experience in the financial services industry with a focus on the management of operational and regulatory processes and controls—most notably in the area of third party risk and operational compliance. Branan leads the Venminder delivery team as the third party risk management subject matter expert in residence.

Follow Branan Cooper
Subscribe--Bg.jpg

Subscribe to the Venminder Blog