Welcome to this week’s Third Party Thursday! My name is Alicia Thomas and I’m a Senior Relationship Manager here at Venminder. After an examiner pays you a visit and the report and recommendations are complete, it’s important to not only review the findings and recommendations but to also take follow-up action internally.
We often hear about organizations quickly returning to day-to-day business activities without thoroughly evaluating and implementing recommended changes, which can be a huge mistake. It’s easy to take that big sigh of relief, get back to the day-to-day routine and forget all about the exam until it’s nearly time for the next one. But, that can present problems. In today’s podcast we’re going to discuss exam follow-up and what you should be doing.
Here are 5 best practices:
#1: Address all open items. The findings often identify weaknesses in your program, or maybe areas that aren’t necessarily weak but could be improved on. Address all of the items as this is a sound business decision. Ensure that the open items have someone personally accountable to follow up on each one, perhaps even put it in their performance goals, and require regular progress reports if the recommended action is going to take extended time.
#2: Do not leave an item unresolved. This can lead to a repeat finding, by an examiner or regulator, and even more severe consequences. Be absolutely certain that there is robust, but easy to follow, documentation on the remediation steps.
#3: Track the items or findings. Be sure to document these in a place where anyone who should have access to review the information can easily retrieve and update. Keep senior management, compliance and the board (or audit committee of the board) regularly apprised of progress and any barriers to completion.
#4: Test your changes. Once your team has resolved a finding, make sure there are no gaps in the new process or plan by testing it. For example, if you need to include a new due diligence item or certain provisions in a contract type, then make sure that the new process is actually baked into your practices – such as added to your policy and program documentation too. If the vendor management exam was an external exam, consider having your internal audit team review the changes made or even consult an independent expert auditor. Be sure to engage ones with certified audit experience.
#5: Stay positive and open-minded. It can be disheartening to see findings after an exam; however, this is the time to view this as a real opportunity to grow, learn and improve your processes. Reacting negatively can make for a very poor working relationship with examiners.
Again, I’m Alicia Thomas and thanks for tuning in. I hope you found my tips helpful. If you haven’t already done so, please subscribe to our Third Party Thursday series.