Hello Everyone and thank you for joining me today for our Third Party Thursday podcast. I’m Wendy Davis, Operations Manager here at Venminder.
Today’s topic is on how to balance your third party risk management tasks. I understand there can be a lot to do at times, so I hope today’s podcast is helpful. Balance is incredibly important, especially in this industry, so here are my tips:
- Look for ways to be efficient. Don’t cut corners but be sure you’re not giving the same amount of attention to every third party vendor relationship. It’s simply unnecessary. To be clear, I’m not saying to go ahead and disregard some of your vendors who appear lower risk, but instead make sure the frequency and depth of the ongoing monitoring and due diligence approach is risk-based and appropriate to the product or service being provided.
- Remember that the current way may not be the only way. The process is never one size fits all. This is very important to remember when balancing third party risk management tasks. The way you’re currently managing the vendor lifecycle process may not be the best way at all times and if it no longer seems efficient it should be evaluated as needed or if the regulatory guidance has changed or a new industry best practice has been created.
- Stay true to what your program requires by being consistent and steady. Make sure your work product is matching both regulatory expectations and your policy and program documentation. After all, examiners will expect to see high quality work product that is consistent with your institution’s documented policy.
- Involve others when you need assistance. Your teammates can be a great resource when times get tough, or simply just for an extra pair of eyes on a document review. Everyone brings different skill sets and backgrounds to the table, so they may be able to provide additional guidance or expert advice. Certain items will require a subject matter expert to review them.
- To build on that point, involve outsourced service as needed. If you still need additional support, it may be time to involve outsourced experts. This can be a request for consultative advice or a request to assist with your tasks such as reviewing and analyzing SOC reports, business continuity, disaster recovery and financial reports.
- Take advantage of educational resources. Attend webinars and conferences. Sometimes you can find great material at the free events too. The more education you have in the industry, the more expertise you can apply in your role and streamline the process.
Once you have established balance, you will feel much more confident, and at ease, about your overall third party risk management program.
I hope you found this podcast helpful. Again, I’m Wendy Davis at Venminder. If you haven’t already done so, please subscribe to our Third Party Thursday series.