Hi – I’m John with Venminder. In this 90-second video, you are going to learn 9 steps to creating an effective third party risk management program.
We recommend and have seen these steps carried out by our clients and across the industry.
Let’s dive right in.
1. Setting Expectations
Step one. Ensure everyone is on the same page by setting your organization’s initial expectations on how third parties will be managed. Decide if your program framework will be centralized, decentralized or hybrid.
2. Define Lines of Defense
Step two is to take the time to understand and define the lines of defense. Make sure each line knows their role.
3. Develop Policy, Program and Procedures Documentation
Step three. Create concrete policy, program and procedures documentation. These will serve as reference points for all lines of defense on how they should manage third parties.
4. Contract Management
Step four – you need to have a strong contract management program that ensures your contracts are not going to hinder your ability to truly manage your vendors.
5. Initial Due Diligence
Step five. Implement due diligence practices like vendor vetting BEFORE you sign a contract.
6. Risk Assessments
Step six. Assess each of your vendors’ level of risk to your organization.
7. Ongoing Due Diligence
Step seven. Maintain your due diligence AFTER you sign the contract on an ongoing basis depending on their level of risk to you.
8. Analyze Due Diligence
Step eight. Don’t just gather due diligence, ensure to thoroughly analyze your vendor documentation to identify issues and risks.
9. Reportable and Actionable
And finally, step nine. Ensure you have processes in place to report vendor issues at your organization and how you will work with your vendor to address them.
Remember that done well a third party risk management program can help your organization better understand it’s risk and take steps to mitigate that risk.
See you next time.