Welcome to this week’s Third Party Thursday! My name is Kelly Vick and I am the President here at Venminder.
We often get asked, "Is there a difference between an ERM and VM?"
The answer is “YES” – they are different, but there are some areas of overlap as well. In this video, we will talk about some of the differences.
ERM – or Enterprise Risk Management – is defined by RIMS, the Risk Management Society, as “a strategic business discipline that supports the achievement of an organization's objectives by addressing the full spectrum of its risks and managing the combined impact of those risks as an interrelated risk portfolio.”
In simpler words, ERM encompasses all of the areas of risk, not just vendor management. An ERM program seeks to define, align, objectively record, set standards for risk tolerance levels and actively manage all facets of risk. These risk areas typically include:
So as you can see, vendor management is only one element of your overall enterprise risk management program.
While hugely important and ever increasing in scrutiny, vendor management plays an ever-increasing role in some areas of an ERM program.
Vendor management certainly contributes to the company’s overall risk profile in some pretty crucial areas like strategic risk, reputation risk and operating risk.
As well, increased regulatory expectations and the sheer complexity of managing the various activities to appropriately oversee hundreds of different third party vendors make vendor management a critical part of an effective ERM program.
So what is the key item to remember? ERM encompasses all of the areas of risk and vendor management plays a role in some areas of an ERM program.
Hopefully, this clears up any confusion on the important interplay between vendor management and enterprise risk management.
Again…I’m Kelly and I thank you for watching! If you haven’t already, we welcome you to subscribe to our Third Party Thursday series.