vendor due diligence and oversight bootcamp

Effective vendor risk management is essential to protecting your organization, customers and all proprietary information. In addition to being a sound business practice, it’s also a regulatory expectation. Your due diligence and ongoing monitoring are important parts of that process.

Join us and Venminder's due diligence and third party risk experts for our due diligence bootcamp where we'll show you “how” to accomplish some of the most challenging due diligence tasks for vendor risk management

Register Now

DAY ONE
September 11, 2018

Session 1:
1-2pm ET

The Gold Standard Vendor Risk Management Lifecycle
There's a definite lifecycle to third party risk management that can serve as your guide to a comprehensive process. There's a beginning, a middle and an end to your overall service provider relationship. In this session, the presenter will cover the stages in the industry’s gold standard lifecycle and just where and when due diligence fits in.
By Dana Bowers and Branan Cooper, Venminder

A Vendor Due Diligence and Oversight Dive
Due diligence and ongoing monitoring is a requirement by all the regulatory bodies. In this session, the presenter will cover what they mean, the activities that should be considered, how criticality and risk of a vendor can influence how much due diligence you do, the various oversight items to consider and why it all is not just a “check the box” item.
By Branan Cooper, Venminder

Session 2:
2-3pm ET

Foundational Vendor Vetting
It’s important to verify that your vendor’s key information is accurate, up-to-date and that they are performing in a manner consistent with your expectations. In this session, the presenter will cover the necessary research and appropriate documentation you need so that you can properly evaluate the potential, or even current, vendor.
By Branan Cooper, Venminder

Effective Vendor Contract Management
Your vendor contracts should be in compliance with industry regulations and standards. A well-written contract is absolutely essential to helping protect your organization and customers. In this session, the presenter will cover when you should be reviewing vendor contracts and, in your review, the major elements that regulators and auditors are most likely to call out for deficiencies.
By Kelly Vick, Venminder


DAY TWO
September 12, 2018

Session 3:
1-2pm ET

Vendor Financial Health
Financial viability of your vendor is the backbone to your vendor’s overall performance. You must not only collect your vendor’s financial statements, but analyze their financial health to determine that they can continue to provide safe, secure and quality products/services at the level you require. In this session, the presenter will cover what documents to collect on your vendor, key information to review and red flags to watch out for.
By Mike Bowers, Venminder

Understanding and Analyzing Vendor SOC Reports 
Collecting, analyzing and understanding your vendor’s SOC reports is crucial to ensure the vendor is a safe partner. It's expected that you have your third party’s actual SOC reports on file, as well as a qualified review of the audit reports acknowledging your understanding of strengths and weaknesses. In this session, the presenter will cover the different type of SOC reports, when to review them and what to look out for.
By Aaron Kirkpatrick, Venminder

Session 4:
2-3pm ET

What You Should Know About Vendor Business Continuity and Disaster Recovery 
If your own business impact analysis shows that your organization can't operate effectively while a vendor is unavailable, then you should be thoroughly evaluating their business continuity and disaster recovery plans and understand the procedures they have in place to handle a business impacting event. In this session, the presenter will cover what you need to do to ensure your vendor has adequate plans in place, and that they’ve taken precaution and tested those plans.
By John Dalelio, Venminder

Vendor Cybersecurity Preparedness 
Cybersecurity is a regulatory hot button issue. However, by taking the necessary precautions and understanding your vendor’s cybersecurity posture, you can reduce the risk of your vendors becoming your weakest link. In this session, the presenter will cover how to review your vendor’s cybersecurity to uncover if they are prepared to prevent, detect and respond to a cybersecurity issue.
By Lisa-Mae Hill, Venminder


DAY THREE
September 13, 2018

Session 5:
1-2pm ET

Vendor Due Diligence Site Visits
Do you have a high-risk vendor that will not or cannot provide due diligence documentation? Are you wondering how to perform ongoing due diligence of this vendor? The answer may be a site visit. The vendor site visit is one of the traditional due diligence standards in vendor oversight. They assist with verifying your vendors are doing what they say. In this session, the presenters will cover understanding what site visits are (and what they are not), learning when site visits are appropriate (and necessary) and how to scope and conduct site visits.
By Mike Morris and Mary Beth Marchione, PKM

Session 6:
2-3pm ET

Industry Review and Importance of Vendor Due Diligence and Oversight 
Oversight must be consistent, otherwise missing a problem at a third party could lead to a UDAAP claim. In this session, the presenter will cover the biggest third party risk struggles organizations are facing, how to handle ongoing vendor risk management, addressing cybersecurity, industry expectations and more.
By Glen Trudel, Ballard Spahr

Tying It All Together for an Effective Third Party Risk Management Program
It’s important to know how to bring everything together as a strong policy and program can drive success in your third party risk management. In this final session, the presenter will cover best practices to implement, common mistakes we see, what the regulators are saying and will expect and recap some of the key takeaways from this bootcamp. 
By Dana Bowers, Venminder


SPEAKERS
dana bowers Dana Bowers
CEO/Founder
Venminder
lisa mae hill Lisa-Mae Hill
Information Security Specialist
Venminder
michael bowers Mike Bowers
Board Chairman
Venminder
john dalelio  John Dalelio
Consultant
Venminder
kelly vick Kelly Vick
President
Venminder
mike morris pkm Mike Morris
Partner
Porter Keadle Moore
branan cooper Branan Cooper
Chief Risk Officer
Venminder
Mary Beth Marchione PKM Mary Beth Marchione
Systems Senior Manager
Porter Keadle Moore
aaron kirkpatrick Aaron Kirkpatrick
Information Security Officer
Venminder
glen trudel ballard spahr Glen Trudel
Partner
Ballard Spahr

CPE CREDITS ELIGIBILITY
NASBA_CPERegistry_logo_blue.jpg


Each session is eligible for 1 CPE Credit. Up to 6 CPE Credits could be earned for participating in the entire LIVE event. CPE Credits will be issued only upon completion of all polling questions and the post-event survey and offered within 5-7 business days.

Sponsorship Identification Number: 140591

INFORMATION


Field of Study: Specialized Knowledge

Each Program Level: Basic

Prerequisites: None

Who Shoud Attend: CEOs, CFOs, Compliance Directors, Risk Directors, BOD, Vendor Management, CPAs 

Advanced Preparation:
None

Delivery Method: 
Group Internet Based

Refunds:
This is a free event.

Cancellations:
In the event that this session would need to be cancelled, you will be personally contacted and registered for the rescheduled event.

Concerns: 
For more information regarding administrative policies such as complaints, please contact our offices at 270-506-5140.

SCHEDULE

DAY ONE

September 11, 2018
1-3pm ET

Session 1:
1-2pm ET

The Gold Standard Vendor Risk Management Lifecycle
There's a definite lifecycle to third party risk management that can serve as your guide to a comprehensive process. There's a beginning, a middle and an end to your overall service provider relationship. In this session, the presenter will cover the stages in the industry’s gold standard lifecycle and just where and when due diligence fits in.
By Dana Bowers and Branan Cooper, Venminder

A Vendor Due Diligence and Oversight Dive
Due diligence and ongoing monitoring is a requirement by all the regulatory bodies. In this session, the presenter will cover what they mean, the activities that should be considered, how criticality and risk of a vendor can influence how much due diligence you do, the various oversight items to consider and why it all is not just a “check the box” item.
By Branan Cooper, Venminder

Session 2:
2-3pm ET

Foundational Vendor Vetting
It’s important to verify that your vendor’s key information is accurate, up-to-date and that they are operating above board. In this session, the presenter will cover the necessary research and appropriate documentation you need so that you can properly evaluate the potential, or even current, vendor.
By Branan Cooper, Venminder

Effective Vendor Contract Management
Your vendor contracts should be in compliance with industry regulations and standards. A well-written contract is absolutely essential to helping protect your organization and customers. In this session, the presenter will cover when you should be reviewing vendor contracts and, in your review, the major elements that regulators and auditors are most likely to call out for deficiencies.
By Kelly Vick, Venminder


DAY TWO
September 12, 2018
1-3pm ET

Session 3:
1-2pm ET

Vendor Financial Health
Financial viability of your vendor is the backbone to your vendor’s overall performance. You must not only collect your vendor’s financial statements, but analyze their financial health to determine that they can continue to provide safe, secure and quality products/services at the level you require. In this session, the presenter will cover what documents to collect on your vendor, key information to review and red flags to watch out for.
By Mike Bowers, Venminder

Understanding and Analyzing Vendor SOC Reports 
Collecting, analyzing and understanding your vendor’s SOC reports is crucial to ensure the vendor is a safe partner. It's expected that you have your third party’s actual SOC reports on file, as well as a qualified review of the audit reports acknowledging your understanding of strengths and weaknesses. In this session, the presenter will cover the different type of SOC reports, when to review them and what to look out for.
By Aaron Kirkpatrick, Venminder

Session 4:
2-3pm ET

What You Should Know About Vendor Business Continuity and Disaster Recovery 
If your own business impact analysis shows that your organization can't operate effectively while a vendor is unavailable, then you should be thoroughly evaluating their business continuity and disaster recovery plans and understand the procedures they have in place to handle a business impacting event. In this session, the presenter will cover what you need to do to ensure your vendor has adequate plans in place, and that they’ve taken precaution and tested those plans.
By John Dalelio, Venminder

Vendor Cybersecurity Preparedness 
Cybersecurity is a regulatory hot button issue. However, by taking the necessary precautions and understanding your vendor’s cybersecurity posture, you can reduce the risk of your vendors becoming your weakest link. In this session, the presenter will cover how to review your vendor’s cybersecurity to uncover if they are prepared to prevent, detect and respond to a cybersecurity issue.
By Lisa-Mae Hill, Venminder


DAY THREE
September 13, 2018
1-3pm ET

Session 5:
1-2pm ET

Vendor Due Diligence Site Visits
Do you have a high-risk vendor that will not or cannot provide due diligence documentation? Are you wondering how to perform ongoing due diligence of this vendor? The answer may be a site visit. The vendor site visit is one of the traditional due diligence standards in vendor oversight. They assist with verifying your vendors are doing what they say. In this session, the presenters will cover understanding what site visits are (and what they are not), learning when site visits are appropriate (and necessary) and how to scope and conduct site visits.
By Mike Morris and Mary Beth Marchione, PKM

Session 6:
2-3pm ET

Industry Review and Importance of Vendor Due Diligence and Oversight 
Oversight must be consistent, otherwise, missing a problem at a third party could lead to a UDAAP claim. In this session, the presenter will cover the biggest third party risk struggles organizations are facing, how to handle ongoing vendor risk management, addressing cybersecurity, industry expectations and more.
By Glen Trudel, Ballard Spahr

Tying It All Together for an Effective Third Party Risk Management Program
It’s important to know how to bring everything together as a strong policy and program can drive success in your third party risk management. In this final session, the presenter will cover best practices to implement, common mistakes we see, what the regulators are saying and will expect and recap some of the key takeaways from this bootcamp. 
By Dana Bowers, Venminder

SPEAKERS
dana bowers Dana Bowers
CEO/Founder
Venminder
lisa mae hill Lisa-Mae Hill
Information Security Specialist
Venminder
michael bowers Mike Bowers
Board Chairman
Venminder
 john dalalio John Dalelio
Consultant
Venminder
kelly vick Kelly Vick
President
Venminder
mike morris pkm Mike Morris
Partner
Porter Keadle Moore
branan cooper Branan Cooper
Chief Risk Officer
Venminder
Mary Beth Marchione PKM Mary Beth Marchione
Systems Senior Manager
Porter Keadle Moore
aaron kirkpatrick Aaron Kirkpatrick
Information Security Officer
Venminder
glen trudel ballard spahr Glen Trudel
Partner
Ballard Spahr


CPE CREDITS ELIGIBILITY
NASBA_CPERegistry_logo_blue.jpg


Each session is eligible for 1 CPE Credit. Up to 6 CPE Credits could be earned for participating in the entire LIVE event. CPE Credits will be issued upon completion of all polling questions and the post-event survey and offered within 5-7 business days.

Sponsorship Identification Number: 140591

INFORMATION


Field of Study: Specialized Knowledge

Each Program Level: Basic

Prerequisites: None

Who Shoud Attend: CEOs, CFOs, Compliance Directors, Risk Directors, BOD, Vendor Management, CPAs 

Advanced Preparation:
 None

Delivery Method: 
Group Internet Based

Refunds:
 This is a free event.

Cancellations:
 In the event that this session would need to be cancelled, you will be personally contacted and registered for the rescheduled event.

Concerns: 
For more information regarding administrative policies such as complaints, please contact our offices at 270-506-5140.