Vendor Oversight: 5 Easy Steps to Plan the Annual Audit Schedule

Based on a few industry surveys, the #1 vendor risk management challenge facing organizations is TIME. Plan and execute early on the steps below and you’ll be on your way to performing audits and reporting back to your board ahead of your peers.

5 Easy Steps

1. Define the risk assessment for each vendor. Consider access to non-public personal information (NPPI), regulatory compliance, business continuity, cybersecurity and financial health.
2. Engage the line of business or business sponsor. Many vendors have strong relationships with key leaders at the executive level. Engaging the line of business provides an opportunity to uncover any performance concerns and business intelligence that the vendor management office may not be exposed to. The business sponsor should also be encouraged to be the vendor management office (VMO) champion and can help engage the vendor on the importance of complying with the audit request.
3. Determine if you will perform onsite audits vs a remote review of documentation. Note that an onsite audit will help provide an additional layer of oversight if there are concerns of additional risk based on criticality, physical security and failing performance regarding the service level agreement.
4. Consider the scheduling calendar. Depending on the popularity of the vendor and time of year, the vendor may be fielding multiple vendor management audit requests for both documentation and onsite interviews. Consider getting ahead of your vendor peers by planning early to avoid national holidays and inclement weather conditions.
5. Regardless of onsite or remote audit review, prioritize which vendors will consume most of your time. This will help you be more organized and efficient. Make sure you’re also very familiar with all your categories of vendors and their criticality and risk levels.
   
   Solid planning and preparation will allow you to efficiently map out your vendor audit schedule and following this common-sense approach will help you avoid the fire drills of reacting to the CFPB or GSE inquiry into your vendor management audit schedule practices.

Download our checklist for a handy tool to use to prepare for your next audit.