Venminder Blog: Thought Leadership on Vendor Risk Management

Are You Testing Your Vendor Management Program?

Written by Expert at Venminder | 56/10/2018

We all know the importance of getting regular checkups on our health. It’s a great way to proactively address any potential problems before they become a crisis. Well, third-party risk management and compliance are really no different – your practices and protocols require regular attention also. You’d never want to miss an opportunity to find a problem and resolve it early.

2 Ways to Test Your Vendor Management Program

What does never wanting to miss an opportunity to find a problem really mean in practical terms? From my perspective, this means looking for opportunities to test your program:

  1. Does the work product adequately address what you’ve described in your policies and procedures?
  2. Equally important, do those documents cover all of the regulatory guidance and are they up-to-date and board approved?

3 Ways to Check Up on Your Vendor Management Program

  1. Casual Testing: Have your team review your program, answering the questions above.
  2. Annual Internal Audit: More formal testing is an even better idea – work closely with your compliance team and your audit area to ensure that your third party risk management program is regularly evaluated and that any concerns are identified and addressed.
    • Typically, a program is part of the normal cycle of audits done by your internal or external audit area, but if not, consult with them to get a review scheduled.
    • Most companies conduct annual audits of their vendor management program as a common practice, but, if not, establish a recurring pattern that works best for your company.
    • Speaking from experience, this can be a huge undertaking and, having taken my lumps along the way, I know the value of a fully informed audit. It’s better to find things ahead of time with help from your internal team than to have external examiners or, worse yet, your customers/members realize that your practices are not robust. 
  1. Update with News: Use the news to help you – in other words, study the headlines and the best practices. Look as well at enforcement actions as an opportunity to examine your own program for any potential deficiencies.

All of this requires discipline and commitment, but it will pay huge dividends in the long run. A healthy program is a real business advantage to your company.

To properly prepare for an upcoming audit, download our checklist. 
View full post