by: Steve Fochler
When I feel overwhelmed with work, I’ll have this recurring dream that I have a major exam and I haven’t studied or attended class. Furthermore, I’ll even dream that I can’t find the classroom where I need to be for the test. Waking from this dream and realizing that it’s not real is such a relief.
Preparing vendor management programs for that next exam can sometimes feel just like my dream—very stressful. Only this time it IS real! Reviewing critical documents, conducting due diligence and assessing vendor risk as part of a comprehensive vendor management program can feel like an overwhelming task, especially if you don’t have the resources and the right tools to get the job done and meet the new regulatory guidelines for third party relationship management.
Many of our clients have numerous, even hundreds of vendors and all have to be categorized and rated for risk. Those classified as critical or material require due diligence which entails reviewing master services agreements, addendums, fee schedules, financials, insurance certificates, SSAE-16 and SOC reports, disaster recovery plans, IT risk assessments and internal audit reports. The list can go on and on….just like my dream. Additionally, vendor relationships and the associated documentation are managed by different departments and people who like to do it their way which may not be what your examiner wants.