Software

Gain a 360-degree view of third-party risk by using our SaaS software to centralize, track, automate, assess and report on your vendors. 

Managed Services

Let us handle the manual labor of third-party risk management by collaborating with our experts to reduce the workload and mature your program. 

Overview
Document Collection
Policy/Program Template/Consulting
Virtual Vendor Management Office
Vendor Site Audit

Ongoing Monitoring

Let us handle the manual labor of third-party risk management by collaborating with our experts.

VX LP Sequence USE FOR CORPORATE SITE-thumb
Venminder Exchange

As Venminder completes assessments for clients on new vendors, they are then made available inside the Venminder Exchange for you to preview scores and purchase as you need.

CREATE FREE ACCOUNT

Use Cases

Learn more on how customers are using Venminder to transform their third-party risk management programs. 

Industries

Venminder is used by organizations of all sizes in all industries to mitigate vendor risk and streamline processes

Why Venminder

We focus on the needs of our customers by working closely and creating a collaborative partnership

1.7.2020-what-is-a-third-party-risk-assessment-FEATURED
Sample Vendor Risk Assessments

Venminder experts complete 30,000 vendor risk assessments annually. Download samples to see how outsourcing to Venminder can reduce your workload.

DOWNLOAD SAMPLES

Resources

Trends, best practices and insights to keep you current in your knowledge of third-party risk.

Webinars

Earn CPE credit and stay current on the latest best practices and trends in third-party risk management.  

See Upcoming Webinars

On-Demand Webinars

 

Community

Join a free community dedicated to third-party risk professionals where you can network with your peers. 

Weekly Newsletter

Receive the popular Third Party Thursday newsletter into your inbox every Thursday with the latest and greatest updates.

Subscribe

 

Venminder Samples

Download samples of Venminder's vendor risk assessments and see how we can help reduce the workload. 

resources-whitepaper-state-of-third-party-risk-management-2023
State of Third-Party Risk Management 2023!

Venminder's seventh annual whitepaper provides insight from a variety of surveyed individuals into how organizations manage third-party risk today.

DOWNLOAD NOW

How to Prioritize Vendor Management Tasks

4 min read
Featured Image

All too often it's hard to find a place to begin any new project. Prioritizing tasks can be challenging when all seem incredibly important. So, let’s consider this common situation that most of us have or will experience. You’ve been tasked with starting, revamping, forklift upgrading or improving your organization’s vendor management program. That can be a daunting situation to find yourself in on a good day. On a bad day, something like this could cause you to rethink your career choice.

Take heart! There’s an easy way to find a place to start and then work your way through a process that will get you and your organization exactly where you need to be.

9 Tips on How to Prioritize Vendor Management Tasks

Let’s walk through the following nine tips and in the order to do them:

  1. Get a list of vendors from accounts payable system. This is going to be an exploration into all the vendors that your accounts payable system has paid any dollar amount to over the last two years. The list may be long and distinguished, but it’s a great starting point.

  2. Prune the list. Hopefully your organization’s accounts payable system will allow you to export the data into a spreadsheet. This may be the one and only time I tell anyone “it’s ok to use a spreadsheet”. Once you have the information, sort through the list and eliminate the items that are not vendors. There will be quite a few. For example, if your organization has multiple branches in different locations, it’s likely each branch is giving back to their local community. Maybe they’ve donated $100 to the high school football team. The donation will be captured in the accounts payable system and should be removed from the vendor list. Once you prune the list, you’ll be left with your preliminary vendor list.

  3. Socialize the list. Once you have your preliminary list, share the list with your senior management team and the heads of your lines of business so everyone is on the same page. They will help you refine the list further.

  4. Select a platform. Look into platforms to use for vendor management. Avoid the false trail of spreadsheets and shared file systems. If you start down the road of using Excel spreadsheets and a shared file system, you will crash and burn. I’ve seen well over 100 vendor management programs start from the ground up and it isn’t a question of if you will crash, just a matter of when it will happen.

  5. Collect copies of all contracts. Use your vetted vendor list to do this. Hopefully by this point you have a platform to enter them into so that they’re all in a single repository.

  6. Decide who your critical vendors are. This is a fairly easy thing to do. Just ask these simple questions. If the answer to any one of these questions is, “Yes!” the vendor is a critical vendor for your organization.
    • Would a sudden disappearance of this vendor - due to insolvency or a sudden termination - cause a material disruption to the business?
    • Would the disruption have an impact on your customers?
    • Would the time to recover from the disappearance be outside of your organization’s recovery time objective (RTO) or recovery point objective (RPO)? Your RTO, RPO and MTD (maximum tolerable downtime) can be found in business impact analysis inside of the business continuity plan

7. Socialize your list of critical vendors. Share your reasoning for these vendors being considered critical. Again, give all the stakeholders an opportunity to review and suggest changes.

8. Read and enter the contract information into your platform. You will have to read every contract for every critical vendor. AND…I say it that way for a reason. You will invariably find you have more than one contract for a particular vendor. Each contract is a separate document you need to track. Make sure you enter these six elements regarding every single contract:
  • Start date
  • Termination date
  • Expiration notice date
  • Business line contact
  • Primary vendor contact
  • Due diligence review date

9. Enter all the due diligence. Do this for every critical vendor. You will need to make sure you have all the necessary due diligence documents and ensure they are current. Due diligence tends to include things like:
  • Financials
  • SOC report
  • Business continuity plan
  • Disaster recovery plan
  • Information security assessment
  • Vendor risk assessment

Even when you prioritize properly, at this point, I think you can see why having a platform for vendor management and NOT using spreadsheets and shared file locations is a must. Every day we talk to businesses that are using spreadsheets and shared file locations whose vendor management efforts are failing.

Even though you may get pressure to start with spreadsheets and a shared file location, you need to keep asking for a platform. For all intents and purposes, it’s just not practical. You just can’t track all the dates and documents for every vendor properly.

Simply put, a platform ensures less room for error and makes your life easier.

Make sure you've met all third party risk requirements. Download the checklist. 

New call-to-action

Subscribe to Venminder

Get expert insights straight to your inbox.

Ready to Get Started?

Schedule a personalized solution demonstration to see if Venminder is a fit for you.

Request a Demo