.gif?width=1920&name=Sample-Graphic-Animation%20(1).gif)
Available on
Podcast Transcript
Hi – this is Hilary with Venminder.
In this podcast, you'll learn about the role of vendor owners in an organization and how to best support them through each stage of the third-party risk management lifecycle.
Here at Venminder, we have a team of third-party risk professionals who understand some of the most effective ways to collaborate with vendor owners.
When an organization outsources a product or service to a third-party vendor, there’s a lot of day-to-day activities involved in managing the relationship. These activities span across the three stages of the third-party risk management lifecycle: onboarding, ongoing, and off boarding. And a vendor owner is involved in each one.
Before we continue, I’d like to point out that a vendor owner can also be known as a vendor manager or even product owner. Whichever title you use, it’s more important to ensure that the third-party risk management team is supporting this role throughout the stages of the lifecycle.
So, let’s review some helpful tips that can improve collaboration between a vendor owner and the third-party risk management team:
In the first stage of the third-party risk management lifecycle, known as onboarding, the vendor owner is responsible for various tasks, such as:
- Identifying potential vendors
- Completing the inherent risk assessment
- Ensuring the collection of due diligence documentation
- And establishing an exit strategy prior to the contract execution
The third-party risk management team can best support the vendor owner by providing guidance on the processes and tools used to complete these tasks. They should also act as a liaison between the vendor owner, subject matter experts, and the vendors.
For example, a vendor risk review might reveal issues that need to be remediated. The vendor owner would then need to work closely with a qualified subject matter expert through that remediation process.
The ongoing stage of the lifecycle is typically the longest of the vendor relationship and involves more tasks for the vendor owner. The vendor owner will manage and report the vendor’s performance, as well as identify any new or emerging risks. Periodic risk re-assessments and due diligence reviews are also necessary during this stage.
A good way to collaborate with vendor owners is to continually check in with them and ask about any vendor issues that need to be addressed or escalated to senior management. A vendor that is failing to meet service level agreements would likely need to be reported to senior management to determine whether contract termination is an option.
The final stage of the lifecycle is offboarding, which occurs when the vendor relationship needs to come to an end. This stage involves various termination tasks that the vendor owner must perform. The vendor owner is ultimately responsible for managing the steps in the contract’s exit strategy, whether that’s bringing the activity in-house or switching to a new vendor. The third-party risk management team should be collaborating with the vendor owners throughout this stage to ensure that the exit plan is carried out successfully. Vendor owners and the third-party risk management team should also review any lessons learned from the vendor relationship to see if there’s any need for future improvements.
Overall, it’s important to remember that third-party risk management is a team effort. Vendor owners are the ones who interact with vendors on a regular basis, but they need consistent support and collaboration through all activities of the third-party risk management lifecycle.
I hope you found this podcast insightful. Thanks for tuning in; Catch you next time!
