podcast
Defining The Scope of Your Third-Party Risk Management Program
You may also be interested in:
Infographic: Identifying Critical Vendors - 3 Fool-Proof Questions
Guide: Vendor Due Diligence
Podcast Transcript
Hi! Welcome to Third Party Thursday. I'm Branan Cooper, the Chief Risk Officer here at Venminder.
Today we're going to talk a little bit about defining the scope of your third party risk management program. Defining the scope is one of the most fundamental and also one of the most important activities in your entire third party risk program. It is absolutely crucial that you know who is in the program and who is out and why.
Clarity is important. You need to define specifically who's going to be a part of the program, the selection criteria and also the exclusion criteria is equally important to determine who needs to be out of the program. A best practice is to start with accounts payable. Identify a certain threshold amount and all the third parties then pay that amount or more.
You can then have a list, probably of thousands, but then you go to the various lines of business and consult with them to figure out which ones need to be actively managed. Actively managed is an important concept because, again, you're going to be putting through all the paces of the third party risk management program, including the appropriate selection criteria, doing a risk assessment, ongoing due diligence, ongoing monitoring, reporting to your board and senior management and hopefully managing the contracts in a centralized manner to ensure they include all the appropriate provisions.
It's important then that you also go back to lines of business on a regular basis and reverify them hopefully it's often as annually. If not, more frequent in certain cases. You need to work with senior management to keep them informed, specifically on changes around third party risk management, changes in the risk profile and ones that you may want to terminate a contract on, as an example, are things you want to bring to your board's attention. The board and senior management involvement is directly dictated by regulatory guidance.
Again, I'm Branan Cooper. Thanks for watching. And don't forget to subscribe to receive notification of next week's Third Party Thursday video.

Subscribe to our Third Party Thursday Newsletter
Receive weekly third-party risk management news, resources, and more to your inbox.
Ready to Get Started?
Schedule a personalized solution demonstration to see how Venminder can transform your vendor risk management processes.