Software

Gain a 360-degree view of third-party risk by using our SaaS software to centralize, track, automate, assess and report on your vendors. 

Managed Services

Let us handle the manual labor of third-party risk management by collaborating with our experts to reduce the workload and mature your program. 

Overview
Document Collection
Policy/Program Template/Consulting
Virtual Vendor Management Office
Vendor Site Audit

Ongoing Monitoring

Let us handle the manual labor of third-party risk management by collaborating with our experts.

VX LP Sequence USE FOR CORPORATE SITE-thumb
Venminder Exchange

As Venminder completes assessments for clients on new vendors, they are then made available inside the Venminder Exchange for you to preview scores and purchase as you need.

CREATE FREE ACCOUNT

Use Cases

Learn more on how customers are using Venminder to transform their third-party risk management programs. 

Industries

Venminder is used by organizations of all sizes in all industries to mitigate vendor risk and streamline processes

Why Venminder

We focus on the needs of our customers by working closely and creating a collaborative partnership

1.7.2020-what-is-a-third-party-risk-assessment-FEATURED
Sample Vendor Risk Assessments

Venminder experts complete 30,000 vendor risk assessments annually. Download samples to see how outsourcing to Venminder can reduce your workload.

DOWNLOAD SAMPLES

Resources

Trends, best practices and insights to keep you current in your knowledge of third-party risk.

Webinars

Earn CPE credit and stay current on the latest best practices and trends in third-party risk management.  

See Upcoming Webinars

On-Demand Webinars

 

Community

Join a free community dedicated to third-party risk professionals where you can network with your peers. 

Weekly Newsletter

Receive the popular Third Party Thursday newsletter into your inbox every Thursday with the latest and greatest updates.

Subscribe

 

Venminder Samples

Download samples of Venminder's vendor risk assessments and see how we can help reduce the workload. 

resources-whitepaper-state-of-third-party-risk-management-2023
State of Third-Party Risk Management 2023!

Venminder's seventh annual whitepaper provides insight from a variety of surveyed individuals into how organizations manage third-party risk today.

DOWNLOAD NOW

First 10 Things a New Vendor Manager at XYZ Mortgage Lender Is To Do

7 min read
Featured Image

If you're a new vendor manager, there's a transition period before you're comfortable in your role. We all must start somewhere. So, we've put together a top 10 list of things to do if you're especially a new vendor manager at a mortgage lender.
This list encompasses actual guidance we offered to a new vendor manager. In fact, the vendor manager was a newly created role at the organization. The role was given to an employee who had some mortgage lending experience but had zero experience in vendor management. 

The Top 10 Things To Do If You're New

The goal of this top 10 is to bring you up to speed in a new discipline that plays a vital role in the overall vendor relationship.

1. Understand your regulator’s oversight requirements.
By using the guidance outlined in the CFPB Third Party Oversight guidelines, you’ll have a deeper appreciation of the foundational work you're about to focus on. Don’ t discount other guidance, such as the OCC guidance - it's considered the gold standard in third party risk oversight requirements.

2. Check if there is a policy, procedure and program already in place.
After all, this is the foundation of your existing program. If you don’t have one, don’t worry we can guide you through that too.
 

3. Meet with the department heads who would typically be involved in vendor management.
This would include Operations, Legal, Accounts Payable and Compliance.

Questions to Ask:
 What is the contract approval process? Who owns this process? Has the policy and procedures been tested by internal audit to confirm the org follows the policy and procedures? If not, why not? How many vendors are currently in use? Are risk assessments conducted? Where are the contracts saved? Is there a centralized system to manage contracts or do multiple lines of business own them?

4. Take stock of all vendors. 
This can be achieved by meeting with Accounts Payable for current YTD payments and cross referenced by whatever excel report and copies of contracts you can get your hands on.

Word of warning:
 If you are inheriting a poorly managed legacy vendor management program, the information you gather is only as good as the last update. Use this information as a loose guide but do not rely on it as the final inventory. In a decentralized system, there is an increased amount of risk that oversight and taking stock of all vendor accounts is accurately managed.

5. Collect all contracts and addendums.
Document collection is sometimes a thankless task but if you get it right now, you will save yourself hundreds of hours on busy work later. If your contracts are all on paper, consider scanning them and creating an electronic repository.

6. First Pass - Review progress so far.
By now, you should have collected key documentation including the policy and procedures, a list of all vendors from Accounts Payable and have a sizeable collection of contracts and addendums. In addition, you’ve met with key departments that usually have a hand in working with vendors and gathered all their existing working knowledge. 

7. Record all the information into a logical format.
If you aren’t fortunate enough to use a vendor management software, a backup plan is to use an excel report to build out this vendor stock list for now. If your AP department provided a spend report, you’ll probably have vendor name, product, price along with some other basic info listed. Leverage this report and build on it. You should add fields which help define and categorize each vendor.

Here’s an example to get you started:

Vendor Name Product Contract Term Renewal Date  YTD Spend  Category Internal Customer
ACME Credit Partners Credit Report 36 Months 6/1/2017 250,000 Fulfilment TBD
BoreDogic Valuations AVM's  Missing ? 25,000 Fulfilment TBD
SillyTax  4506T 12 Months 4/1/2018 178,000 Fulfilment TBD
Leadshere Leads 12 Months 8/1/2019 20,000 Marketing TBD


8.
Your research is the foundation of your future program.
Assess the data you’ve just worked so hard on! In the example above, we can see that the contract for the credit vendor is coming up for renewal in a couple of months. This should trigger you to speak internally about the contract terms, service level feedback, etc.

For the AVM vendor, we can see that there isn’t a contract on file. Add this to a to-do list. If you haven’t been able to locate it internally, chances are you’ll need to contact the vendor directly. Once you have the updated documentation, update your spreadsheet.

Use common sense, if you see a YTD spend but the contract has already expired, then check to see if there is a new contract or addendum somewhere. The vendor should have the most recent copies and it’s a good exercise while you’re taking stock to gather all the relevant data up front. Foundational work completed now will save busy work later.

9. Define categories for each vendor type.
As your vendor management program matures, you’ll move from this simple accumulation of data and begin to think about risk assessments, initial due diligence on new vendors, ongoing monitoring and annual assessments. 

By defining the vendors and then ranking them in order of spend and category type you’ll be able to identify:

  • Key strategic partnerships your organization has in place
  • Vendor overlap of products and services
  • Consolidation opportunities
  • Up and coming contract expiration dates which will need attention
  • Identify between vendors between standard contracts and End User License Agreement (EULA)
  • Identify gaps in vendor services to support back up / outages

10. Prepare the data and reschedule meeting with senior leadership.
The goal here is to present all your initial findings and then discuss next steps in developing the vendor management program. Per the regulatory framework, senior management and the board must own the risk of each vendor relationship. Without executive endorsement, you’ll have established a centralized repository of contracts but little more.

Engaging the senior leadership early in the process and on a regular basis will help you gain support in the broader oversight responsibilities that you need to establish and adhere to. These include:

  • Building the policy and procedures to support the overall program
  • Establish a contract management system and contract approval process
  • Establish a risk assessment standard which address inherent and residual risk
  • Establish an annual assessment calendar on your critical and high risk vendors

In Summary

Building out a vendor management program from the ground up can be a daunting task. Use common sense and don’t try to overthink the task ahead of you.

Building this initial foundation of organization to your vendor partnerships and securing relationships with your internal customer are very important steps for your future success. This should hopefully help to get you on the road to vendor management excellence. 

For more guidance on risk assessments, download our whitepaper

Writing an Effective Risk Assessment Whitepaper

Subscribe to Venminder

Get expert insights straight to your inbox.

Ready to Get Started?

Schedule a personalized solution demonstration to see if Venminder is a fit for you.

Request a Demo