An key step in the due diligence process is to review your vendor’s SOC report. There are steps you can take to make the process more efficient when reviewing a SOC report. Listen to this week’s podcast to find out 7 steps to take.
The constant shift can lead to occasional problems in third party risk management. If you take the time to manage the process correctly and implement specific procedures, it could help you avoid costly errors down the line.
Prepping for an audit is stressful, especially if you're scrambling last minute to finish vendor management tasks. In this 90-second podcast, learn 8 steps to help you prepare in advance.
In this 90-second podcast, we cover the three most important reasons why you need to keep third party risk workflows separate from other business processes.
Regulatory risk is used to determine the vendor relationship’s risk rating . Listen to this 90-second podcast to learn more about the categories of regulatory risk and how you can determine your vendors' regulatory risk.
With 2019 well underway, we decided to put together some tips to help you and your organization stay proactive in vendor risk management. This 90-second podcast will give you a quick refresher on third party risk best practices.
How your organization manages and responds to complaints has become critical. It also will help spot issues with vendors. Here are some tips to help you develop an effective complaint management system.
Fourth party risk is an important step in the vendor management process and should be incorporated in your overall strategy. Here are some specific steps you can take with fourth party risk management that will help be be more prepared and protect your organization.
Thoroughly evaluating a vendor’s performance is more than just about the numbers. It can help you discover weak financials which can indicate numerous risk factors. Listen to this podcast for 5 important steps that you can take to measure your vendor's financial health.
Listen to this 90-second podcast to learn from our Venminder's experts about vendor contract management. In this podcast we will walk you through the importance of contracts and what steps you need to take to safeguard your organization.
Sometimes a vendor may not pose enough risk to an organization to make it needed to actively monitor. In this 90-second podcast, we will cover the specific steps you should take in order to determine the vendors that need to be included in your vendor oversight.
Maintaining strong vendor management relationships will help lead to an even more successful partnership for your organization. In this Third Party Thursday 90 second podcast, we’ll cover 8 important tips to maintain good vendor relationships.
One of the primary points of focus for the Consumer Financial Protection Bureau (CFPB), UDAAP has presented some concern to third party risk professionals. In this podcast we cover procedures and best practices to effectively manage UDAAP and your third parties.
With the increase in regulations and vendor oversight requirements, managing your vendors with a spreadsheet will prove to be very inefficient. Here are 7 reasons why spreadsheets will not cut it anymore, especially in 2019.
There are 6 fundamental elements of a strong and well-detailed vendor management policy. In this podcast, we are going to dive a little deeper into how each pillar is defined and some specific ways to incorporate all 6 of the pillars into a organized and effective vendor management policy.
In this podcast we’re going to discuss 4 important vendor risk management frequently asked questions for beginners to help get you started. The questions like: what vendor risk management is, why it’s important, who is involved and how vendor risk is completed.
We'll cover tips for developing a vendor risk assessment template, also referred to as a VRA questionnaire. These are important while assessing how much risk your vendor presents to you. Check out our 5 recommendations.
When getting started in vendor management, there are three unique sets of documents that you're going to want to create and update. The first document that you should focus on writing is your third party risk policy. In today's podcast, we're going to walk you through six specific steps to take in order to write an effective policy.
Are you looking to expand your vendor management team in 2019? There are certain steps you can take in order to find the best and most effective team your organization. In this podcast, we discuss 5 recommendations to recruit potential vendor management team candidates.
Vendor risk management is a complex job. It typically takes an individual who is meticulous in detail, thorough and patient to perform the job well. In today’s podcast, we’ll wrap up the 2018 year and touch on some key attributes we’ve found in good vendor managers that should be continued in the new year.
Since we’re nearing the end of the year, it’s a good time to reflect on 2018 and some of the vendor risk management best practices we’ve found to be helpful. Let’s cover 7 of the 2018 best practices that you should continue into the new year. They range from engaging the first line of defense through continuing education.
Vendor management has many benefits for any organization that may not always be realized. As we wrap up 2018, it is the perfect time to reflect on some of those under-looked reasons to be thankful for your vendor management program. Listen to this podcast for 10 reasons to be thankful for vendor management.
Part of wrapping up 2018 should be to think about your process of reporting to the board. Whether it's through meetings or reports, third party risk management needs to be a part of the board's regular activities. Listen to our 5 recommendations to best prepare for periodic vendor updates to the board.
After a vendor risk management exam, it's common to return to day-to-day business activities without thoroughly evaluating and implementing recommended changes, which can be a mistake. Listen to learn proper vendor management exam follow-up and what you should be doing.
Listen as we discuss basic key facts to know about a vendor's business continuity plan report. We'll cover what a BCP report even is, 7 things you should review in the report, the BIA and what it should include and wrapping it all together with why understanding your vendor's BCP is important.
Learn seven vendor risk management expectations for 2019, what to focus on and tips for each. Topics include cybersecurity, regulations, compliance concerns, the OCC fintech charter, changes in political landscape, GDPR and responding to change in general.
A well-developed policy, program and procedure documents are all crucial to the success of an organization’s third party risk management department. Listen for some quick tips to help you develop, or revamp, your third party policy, program and procedures.
The several kinds of SOC reports differ based on what they cover, how the auditor performs the assessment and what level of detail the reports include. This way, the vendor can avoid each client performing their own audit of the vendor's system. Learn the differences between a vendor SOC 1 and SOC 2 report and Type 1 and Type 2.
Yes, third party risk management an expense, but it's also a strategic advantage and the best way to defend your company when risk is posed. In this podcast, we'll go through 11 reasons to consider your third party risk management department/program when budgeting for the upcoming year.
When budgeting for the upcoming year, it's a best practice to consider the costs associated with negotiating key contract terms and pricing within your third party risk management program. Listen as Venminder CFO, Mike Campbell, covers 5 vendor contract considerations for your 2019 budget.
How FFIEC’s Appendix J relates to your vendor risk management program, four key elements of business continuity planning that you should address when contracting with a third party service provider, recommendations to best incorporate it into your vendor risk management program.
Allow your clients to feel much more at ease when selecting you as their preferred vendor of choice to continue doing business with - follow these 5 best practices now for a well-developed and organized third party risk management process.
Vendor vetting and ongoing monitoring are both important stages of the vendor lifecycle and due diligence process, but, why exactly is due diligence so important for vendor risk management? Listen to our third party risk management podcast now to learn the top 5 reasons.
We all hope to never experience a breach at our organization, but if it does happen, do you know what to do? You can minimize the chance of it happening again by using those mistakes to improve your third party risk management program. Listen to Third Party Thursday now for 4 best practices.
We know third party risk management is associated with a great deal of tasks and a large workload, so here are 6 tips that can provide some relief. Once you've established balance, you will feel much more confident, and at ease, about your overall third party risk management program. Listen now.
Listen to this third party risk management podcast where we take into consideration regulatory guidance OCC Bulletins 2013-29 and 2017-7 and FDIC Letter 44-2008 to help guide you through the vendor risk assessment process. Learn how to complete a vendor risk assessment, steps and tips.
You've gone through the 6 steps and best practices for a mid-year third party risk management progress check, so now what? Listen to learn the next steps to take, how to document your findings and how to improve upon the process as a whole.
Gain a better understanding of how to perform a well-detailed check on your third party risk management program and policies to determine the progress you've made. It is essential for the future success of your program to continue to make necessary updates. These 6 steps and best practices will help get you started.
Business continuity planning (BCP) is important to you and your vendors. Listen as we guide you through the appropriate regulatory guidance to follow, what to plan for, what to restore first and how to recover.
For a smooth third party risk examination, 3-4 months in advance of the examiners’ arrival you should prepare or fine-tune these 9 documentation items. We'll tell you what they are and some tips.
What is a SOC report? It's an audit report performed by a public accounting firm and attests to the existence & effectiveness of the controls put in place to safeguard your data. Listen as we break down 6 important parts.
The first line of vendor risk management defense has direct interaction on a day-to-day basis with your third party. Listen to our podcast for 7 best practices for properly engaging the first line of defense.
There are three vendor risk management frameworks to consider: centralized, decentralized and a hybrid approach. We'll teach you the differences and guide you toward the best framework for you.
A non-elective vendor is one you don't have a direct relationship with, but your third party does - making them a risk to you and therefore requiring some oversight. Listen to learn the associated responsibilities.
Various components of vendor risk feed in to your ERM strategy and considerations. Learn steps and tips on how to properly integrate Third Party Risk Management in your Enterprise Risk Management Program.
While the General Data Protection Regulation (GDPR) has a global impact on any company which is collecting, storing, or accessing European resident data. Listen to Third Party Thursday to learn what you need to know.
Recommendations from a seasoned third party risk expert for how to determine how many staff members to have on your vendor management team. Follow our three tips in this podcast.
Tips for fostering a third party risk mindset within your organization - how to create awareness, important members of your company to involve & who the third party risk responsibility lies within every organization.
What makes a third party risk management plan successful? Listen to learn 9 best practices and key components of a well-managed third party risk management plan for you to implement now.
Learn how a well-run complaint management system (cms) can turn an upset customer into your best customer along with five elements to include your vendor management policy on complaint management.
Here are daily vendor management regulatory compliance efforts you can implement in order to keep up with third party risk regulatory reform.
What you need to know about UDAAP (Unfair, Deceptive or Abusive Acts or Practices), how they affect your third party risk management program and items the CFPB is highly critical of.
Tips and recommendations for determining due diligence questions to ask your fintech vendors. We'll also provide insight into setting the standards that should firmly be expected.
Go through critical vendor classification and identification with us. Learn standards for identifying your vendors, how to properly identify your scope and 3 questions to ask to determine if a vendor is critical.
Join us as we close out 2017 with this thank you vendor management podcast. And, see what our top 10 most popular videos and podcasts were from our Third Party Thursday series for this year.
The best way to prepare for new regulatory guidance, how to stay in compliance and some commentary on new regulations taking effect in 2018.
The best strategy for preparing for an examination is to constantly be ready. Listen to learn 7 items you should have in your examination preparation playbook.
Learn the key takeaways from important third party risk regulatory guidance released by the OCC, FDIC and FFIEC from our compliance expert.
Learn how to get ahead of the game education wise in third party risk management with these 10 best practices. Staying up to date is a great idea for everyone involved in vendor management.
An ounce of prevention is worth a pound of cure! Perhaps there is no better example than in the world of third party risk management. Here are three ways you can be proactive to prevent problems.
Let's say you find out one of your third parties is named in an enforcement action, even if it is unrelated to your institution, what do you do? Listen to learn the six necessary steps to take.
Learn what regulators & senior gov officials in financial services had to say on creating a culture of compliance, why they strongly recommend it and what this entails.
Learn about UDAAP - Unfair, Deceptive or Abusive Acts or Practices and the role of the CFPB and enforcement actions in the world of third party risk by listening to this informative podcast.
Sometimes people feel too comfortable with a well-known vendor. We cover why even vendors with recognizable brand names require thorough due diligence. No one is immune from third party risk.
Learn key takeaways from two OCC Bulletins issued this year on third party risk management - OCC Bulletins 2017-7 and 2017-21. Is your institution's vendor management program in compliance?
Listen to learn the basics of the third party risk management framework, including how it relates to enterprise risk management (ERM).
Learn how to do proper vendor contract management. We'll provide best practices, the importance of contracts to your institution and what steps to take to protect your institution from contract risk.
Learn 7 key things you should do with every new vendor. These steps are essential to the vendor vetting process and determining how much you know about the company with whom are you planning to do business.
Learn the how, when and why of using vendor information security questionnaires for your third party risk management and how your due diligence process can benefit from it.
In this podcast, you'll learn how your vendor's approach to the CIA triad of information security impacts you and your customers. Being aware will help you against third party risk.
Learn what the scope of a vendor's SOC report means and where to find it along with what typical audit periods are and a few questions to ask yourself while reviewing the narrative.
We’re going to talk through a few key things you need to know about vendor management risk assessments for your institution's third party risk management program.
We’re going to talk through the 10 main steps you need to take to create your proper vendor list for your third party risk management program at your institution. Let's get started.
You may have heard the term “three lines of defense”. But, what is a three lines of defense strategy? We'll go through those three lines of defense you have for vendor management at your financial institution.
We often get asked, "Is there a difference between an ERM and VM?" The answer is “YES” – they are different, but there are some areas of overlap as well. Learn about what some of the differences are.
Third party risk management must flow in a lifecycle. We'll discuss how it's a constant evolutionary process rather than an annual static event - a core aspect that you should incorporate into your program.
We'll discuss fundamental best practices of third party risk management that you need to implement such as education, tailored ongoing monitoring, outsourcing and not cutting corners.
You have to do a lot for your third party risk management now... but why? We'll go through a few reasons for the increased third party risk management regulation and concern.
Even though each vendor agreement includes different contractual terms, 5 security and confidentiality provisions should always be addressed. Let's go through them.
When a third party company doesn't provide financial documents we tend to think there's nothing we can do. But actually, there is and we'll show you that alternate path in this video.
Learn what Complimentary User Entity Controls are, how they're related to SOC reports, what you do with them, why they're important and more.
The Cloud has many benefits, but like everything, there are risks you need to consider. Protecting your institution’s data is ultimately your responsibility so you should know how your vendor safeguards it.
Ensuring your critical vendors can survive in disaster helps ensure your financial institution can also survive. Learn what Business Continuity & Disaster Recovery plans are & how our team reviews them.
When reviewing and negotiating critical vendor contracts, consider many elements. Here's 5 key provisions to give special attention.
You report the vendor's financial health to senior management and board. What happens when the financial health is poor? We will go over the domino effect, the issue in the industry and what you can do about it.
Do you know the difference between a critical and non critical vendor? Learn about defining them for your financial institution. We'll cover why it's important, the business impact, exit strategies and more.
You must define specifically who will be a part of your third party risk management program and also, equally important, who is out.
So, what can you do right now in preparation for next year? There’s actually quite a lot, depending on the maturity of your third party program. Watch this video to learn what you can do now to prepare for 2017.
With all the vendor management industry changes and guidance updates, it's easy to get overwhelmed. In this video, we will talk about basic vendor management best practices to implement.