Third Party Thursday

JANUARY 9, 2020

4 Similar Yet Different Vendor Management Concepts

Podcast: Play in a new window | Download

Vendor management, enterprise risk management, vendor risk management and third party risk management each have a different meaning. Each concept brings varying components to an organization’s overall structure. Listen to this podcast to dive deeper into each concept.

Available on
Listen-on-Apple-Podcasts-badge.jpg  google-play-badge 2.jpg


Hi – my name is Josh with Venminder.


In today’s podcast, you’re going to learn what vendor management, enterprise risk management, vendor risk management and third party risk management mean and why four very similar seeming terms are actually quite different.

At Venminder, we have a team of experts with many years of experience in each of these areas, so they understand each one has unique components. 

  • First, vendor management. Vendor management (or VM for short) is an operations strategy that allows organizations to control costs, drive service excellence and mitigate risks to gain increased value from their vendors. If you have a VM program, you have processes and procedures in place to select the best vendor fit for your organization and monitor them to ensure they’re performing in accordance with the contract.

  • Second, enterprise risk management. Enterprise risk management (or ERM for short) is wider. It takes into consideration all the varying areas of risk present at an organization like compliance, credit, reputational and more. VM is one of the risks within ERM. If you have an ERM program, it assists with creating risk policy standards, determining the organization’s vendor risk appetite and evaluating all elements of risk beyond vendor risk.

  • Third, vendor risk management. Vendor risk management (or VRM for short) adds an important element to the VM process. That element is risk. And, for VRM to function properly, an organization should have an ERM program in place since the ERM program generates the risk appetite statement the vendor risk management team can use. They build upon each other.

  • Finally, lets discuss third party risk management. Third party risk management (or TPRM for short) is the process of analyzing and controlling risks presented to your organization, data, operations and finances by parties other than your own organization. It looks beyond the risk assessment.

This is just a brief overview of each, but as you can tell, each is different and brings varying components to an organization’s overall structure and management of vendors.

Thanks for tuning in; catch you next time!


Subscribe to our Third Party Thursday Newsletter


Join hundreds of clients and see how Venminder can help.