Third Party Thursday

JUNE 11, 2020

The 7 Phases in the Third-Party Risk Management Lifecycle

Podcast: Play in a new window| Download

In this informative podcast, you’re going to learn the seven phases of the third-party risk management lifecycle. Our expert will provide you with an overview of each one.

Available on
Listen-on-Apple-Podcasts-badge.jpg  google-play-badge 2.jpg


Podcast Transcript

Hi – my name is Branan Cooper. I am the Chief Risk Officer here at Venminder. branan-cooper-headshot-circle-2018

In this 90-second podcast, you’re going to learn the seven phases of the third-party risk management lifecycle.

At Venminder, we have a team of industry experts who specialize in managing all phases of the lifecycle every single day.

Each of these phases are very much interrelated and have a lot of overlap in terms of what activities are required, so let’s review each one:

1. The first phase is planning. This needs to be a formalized process, with written governance documents, like a policy, program and procedures.

2. The second phase is a risk assessment. Risk assessments are fundamental in identifying all the potential risks of outsourcing a product or service to a third party.

3. The third phase is due diligence & third-party selection. This phase is where you do your homework. Adequate due diligence assists with selecting the best vendor for your organization.

4. The fourth phase is contract management. This phase can help you limit liability for your organization, set expectations and pave the groundwork for right to audit and service level agreements.

5. The fifth phase is ongoing monitoring. Risk fluctuates from time to time. So in this phase, it’s important to periodically request, collect and reassess vendor due diligence.

6. The sixth phase is the exit strategy. Planning your course of action should you need to terminate a vendor relationship. In the exit strategy, you need to contemplate both an immediate or a gradual unwind of the relationship – with the end goal, of course, being to minimize disruption to the business and any harm to the customer.

7. Finally, the seventh phase is termination. You can officially finally terminate the relationship and cease use of the vendor. Now, the vendor leaves the lifecycle.

And there you have it. Planning, risk assessment, due diligence & third-party selection, contract management, ongoing monitoring, exit strategy and termination make up the lifecycle.

Thanks for tuning in; catch you next time!


Subscribe to our Third Party Thursday Newsletter


Join hundreds of clients and see how Venminder can help.