Third Party Thursday

March 18, 2021

The Stages of the Third-Party Risk Management Lifecycle

Podcast: Play in a new window| Download

There is a beginning and end to every third-party relationship. In this informative podcast, you’re going to learn the stages of the third-party risk management lifecycle and a little about each one.

Available on
Listen-on-Apple-Podcasts-badge.jpg  google-play-badge 2.jpg


Podcast Transcript

Hi – my name is Jessie with Venminder. JR_circle

In this 90-second podcast, you’re going to learn the stage of the third-party risk management lifecycle.

At Venminder, we have a team of industry experts who specialize in managing all components of vendor relationship every single day.

Let's review the lifecycle and what all is involved to properly manage your vendors:

1. First is the supporting elements. These include oversight and accountability of the process, independent reviews and documentation and reporting.

2. Leading into the lifecycle is scoping. Your scope will define what a vendor, service provider or third party is to your organization, and whether or not a vendor should go through the lifecycle.

3. Next, is inherent risk and criticality assessment. Consider inherent risk and criticality. Inherent risk is the assessment of risk, based solely on the nature of the relationship, while criticality is determining the business impact your vendor relationship may have on your organization.

4. Moving on to due diligence & residual risk determination. Due diligence involves discovering if adequate controls are put in place to mitigate risk and allows you to determine and evaluate any remaining, residual risk.

5. The next stage is vendor selection and contract management. Now that you've completed a risk assessment by identifying both the inherent and residual risk levels, and if the relationship's residual risk is acceptable, it's time to consider the contract.

6. We now have the ongoing monitoring component. This stage is when you keep your ear to the streets and ultimately circle back for periodic assessments. When appropriate you should request, collect and reassess vendor due diligence.

7. When the time comes to end the relationship, then you’d leave the cycle which is termination. It may be because of a vendor’s failure to perform, a contract term is up or something else, but there should be some consideration into how the termination processes may look for each vendor.

By following the stages of the third-party risk management lifecycle, you're setting your organization up for success. 

Thanks for tuning in; catch you next time!


Subscribe to our Third Party Thursday Newsletter


Join hundreds of clients and see how Venminder can help.