Third Party Thursday

April 8, 2021

Who Is Involved in Third-Party Risk Management

Podcast: Play in a new window| Download

Understanding the key roles involved in third-party risk management is important to you and your organization. Learn their responsibilities and how they fit into your third-party risk management program.

Available on
Listen-on-Apple-Podcasts-badge.jpg  google-play-badge 2.jpg


Podcast Transcript

Hi – my name is Abbe with Venminder. Abbe Clark Headshot

In this 90-second podcast, you’re going to learn about the main players in the world of third-party risk management.

At Venminder, we have a team of certified industry experts who understand all the facets of third-party risk management, including the various roles and responsibilities and how they impact the success of your third-party risk management program!

The following are the 6 main roles in third-party risk management and a little about each one:

1. First, let’s discuss regulators. Federal regulatory agencies review your governance documentation, such as policies, and work product, to ensure the entire organization has considered every aspect of the third-party risk management lifecycle. They’re looking for evidence of a well-run program.

2. Second, the auditors. There are external auditors and internal auditors. An auditor will evaluate the vendor management program prior to a regulator or examiner to identify inconsistencies or gaps that must be addressed.

3. Third is the executive leadership team and board of directors. These groups set the "tone-from-the-top." Some will approve the vendor management policy and assign the roles and responsibilities for the overall program.

4. Next, we have the dedicated vendor risk management team. This group of personnel helps lead the development of governance documentation and ensures the organization is following industry best practices and regulatory guidelines.

5. Fifth, there are vendor owners. Vendor owners perform the daily management of the vendor, which includes tasks like tracking vendor performance. They should assist in vendor monitoring and the risk evaluation processes.

6. The sixth role I’d like to point out are subject matter experts. It's rare for one person to have all of the qualifications and experience necessary to review the different types of documents collected from vendors. So, your organization will need to turn to subject matter experts to assist.

Now, we’ve discussed the 6 roles that we see most often involved in third-party risk management and a little about their responsibilities.

Thanks for tuning in; catch you next time!


Subscribe to our Third Party Thursday Newsletter


Join hundreds of clients and see how Venminder can help.