Software

Gain a 360-degree view of third-party risk by using our SaaS software to centralize, track, automate, assess and report on your vendors. 

Managed Services

Let us handle the manual labor of third-party risk management by collaborating with our experts to reduce the workload and mature your program. 

Overview
Document Collection
Policy/Program Template/Consulting
Virtual Vendor Management Office
Vendor Site Audit


Ongoing Monitoring

Let us handle the manual labor of third-party risk management by collaborating with our experts.

VX LP Sequence USE FOR CORPORATE SITE-thumb
Venminder Exchange

As Venminder completes assessments for clients on new vendors, they are then made available inside the Venminder Exchange for you to preview scores and purchase as you need.

CREATE FREE ACCOUNT

Use Cases

Learn more on how customers are using Venminder to transform their third-party risk management programs. 

Industries

Venminder is used by organizations of all sizes in all industries to mitigate vendor risk and streamline processes

Why Venminder

We focus on the needs of our customers by working closely and creating a collaborative partnership

1.7.2020-what-is-a-third-party-risk-assessment-FEATURED
Sample Vendor Risk Assessments

Venminder experts complete 30,000 vendor risk assessments annually. Download samples to see how outsourcing to Venminder can reduce your workload.

DOWNLOAD SAMPLES

About

Venminder is an industry recognized leader of third-party risk management solutions. 

Our Customers

900 organizations use Venminder today to proactively manage and mitigate vendor risks.

Get Engaged

We provide lots of ways for you to stay up-to-date on the latest best practices and trends.

Gartner 2020
Venminder received high scores in the Gartner Critical Capabilities for IT Vendor Risk Management Tools 2020 Report

READ REPORT

Resources

Trends, best practices and insights to keep you current in your knowledge of third-party risk.

Webinars

Earn CPE credit and stay current on the latest best practices and trends in third-party risk management.  

See Upcoming Webinars

On-Demand Webinars

 

Community

Join a free community dedicated to third-party risk professionals where you can network with your peers. 

Weekly Newsletter

Receive the popular Third Party Thursday newsletter into your inbox every Thursday with the latest and greatest updates.

Subscribe

 

Venminder Samples

Download samples of Venminder's vendor risk assessments and see how we can help reduce the workload. 

resource-whitepaper-state-of-third-party-risk-management-2021-cropped
State of Third-Party Risk Management 2021

Venminder’s State of Third-Party Risk Management 2021 survey provides insight into how organizations are managing third-party risk management in today’s increasing regulatory and risky climate.

DOWNLOAD NOW

podcast

The 3 Vendor Risk Management Frameworks

CPE Credit Eligible

Learn different types of vendor risk management frameworks. 

There are three vendor risk management frameworks that we typically see: centralized, decentralized and a hybrid approach. Listen to this podcast to learn the differences and to find out which framework you should have.

Available on
Listen-on-Apple-Podcasts-badge.jpg  google-play-badge 2.jpg

 

Podcast Transcript

branan cooper chief risk officerHi, Welcome to this week’s Third Party Thursday. My name is Branan Cooper and I am the Chief Risk Officer at Venminder. Today we’re going to discuss the 3 vendor risk management frameworks.

There are three vendor risk management frameworks that we typically see – centralized, decentralized and a hybrid approach. I’ve found that organizations with a more disciplined and organized program, tend to prefer a centralized, or even hybrid, vendor risk management approach. These types of approaches allow the third-party risk manager to set standards, while allowing for regular communication through the relationship manager to their contact at the vendor. This ensures both consistency and accountability.

  1. A centralized vendor management framework approach brings discipline to a program which by nature requires constant monitoring of cyber risk, fraud, business continuity, disaster recovery, financial health and potential litigation issues which may impact your firm both from an operational and reputational standpoint. As third-party risk management becomes increasingly more specialized, it is a requirement to have subject matter experts who can manage these various disciplines. It is really no longer the case that you have one department who specializes in contracts but has limited IT or risk management experience but is still to be responsible for the entire program.

    With a centralized framework, communication is significantly improved. It means one size can fit all and ensures a consistent approach, however, leaving the business units out of the equation means they will not fully appreciate the risk of doing business with a particular third party. This can be a concern when they are truly the ones interacting with the third-party on a daily basis. In the fully centralized framework, there’s a real danger of creating a disconnect between what you need in third-party risk management versus what the relationship manager is discussing with the vendor each day – things that are a high priority to you may get drowned out by the business needs or vice versa.

  2. A decentralized vendor management framework approach is when various lines of business select and work with the vendor directly. This is common in organizations who run multiple branches and have branch managers responsible for their own profit and loss. While it may mean that there are more individuals involved - which lightens your workload, this is often the most discouraged approach as it may offer little in the terms of working through a disciplined vendor risk management framework, and third-party risk management professionals are often the last to know about a new vendor onboarding.

    With a decentralized program, it is essential the vendor management office is routinely checking to be sure standards are being adhered to, or you could quite simply be setting yourself up for a recipe for disaster. In a fully decentralized framework, the vendor management office lacks control and authority to make things happen. Unfortunately, in that scenario, even if you set terrific standards, there will inevitably be varying degrees of consistency and that can lead to some real problems as different vendors receive disparate demands and treatment.

  3. The hybrid vendor management framework approach is the one method I tend to recommend, especially for a larger institution, as it can be the most practical. This means a well-organized and disciplined vendor management office, setting the guidelines and checking the results while working very closely with the business units to ensure consistency and timeliness of practices. If the vendor management office has the backing of senior management and accountability to the board, that makes the task all that much better.

    With the hybrid method, it will ensure that the expectations of vendor management are closely adhered to and given the appropriate amount of attention. Since it’s nearly impossible to dictate standards or to completely leave it to the relationship manager, the hybrid vendor management framework works best, in my opinion – and in a large organization, it would be impractical to assume that any one team could manage the volume and have the product knowledge to make this a successful fully centralized approach, so a reasonable alternative is to create a hybrid framework. In fact, that’s the model we employed successfully at a couple of my prior institutions.

Hopefully that gives you a good idea of how the different vendor management frameworks work. Thanks for tuning into this week’s Third Party Thursday; if you haven’t already done so, please subscribe to our series.

38116-newsletter

Subscribe to our Third Party Thursday Newsletter

Receive weekly third-party risk management news, resources and more to your inbox.

 

New Call-to-action

Ready to Get Started?

Schedule a personalized solution demonstration to see how Venminder can transform your vendor risk management processes.

Request a Demo