Policy, Program and Procedures

 View Only
  • 1.  Policy/Audit creation

    This message was posted by a user wishing to remain anonymous
    Posted 03-11-2020 12:58 PM
    This message was posted by a user wishing to remain anonymous

    I have been tasked with updating our Vendor management program. In searching everything we have, out policy needs a complete rewrite, all vendors need risk assessments as well as obtaining documentation from the vendors. We also do not have an internal audit for the policy. I am the only member of the "vendor management team" for our facility and vendor management is only a part of what I do.  Does anyone else have an audit that I could take a look at to assist in creating my own? Or any tips on how to manage the Vendor management program as efficiently as possible? 

    Thank you.


  • 2.  RE: Policy/Audit creation

    This message was posted by a user wishing to remain anonymous
    Posted 03-11-2020 01:43 PM
    This message was posted by a user wishing to remain anonymous

    I have built out the VM program at three corporations; what you are tasked with is a daunting task.  May I ask what industry?  I have found that I could streamline it in the non-financial industry, but with the financial industry you must be cognizant of all regulations/laws relative to the financial industry.


  • 3.  RE: Policy/Audit creation

    This message was posted by a user wishing to remain anonymous
    Posted 03-11-2020 02:15 PM
    This message was posted by a user wishing to remain anonymous

    I work in the banking industry... It is a very daunting task.


  • 4.  RE: Policy/Audit creation

    This message was posted by a user wishing to remain anonymous
    Posted 03-11-2020 04:50 PM
    This message was posted by a user wishing to remain anonymous

    I have guidelines for banking, and also for both servicing and for originations.  All are unique.  Which suits your needs?


  • 5.  RE: Policy/Audit creation

    This message was posted by a user wishing to remain anonymous
    Posted 03-12-2020 10:28 AM
    This message was posted by a user wishing to remain anonymous

    Banking would suit our needs as we're a financial institution.




  • 6.  RE: Policy/Audit creation

    Posted 03-11-2020 03:07 PM
    I am the only one primarily over vendor management for my credit union (though I have a backup if necessary), it is not my only role either - I am in compliance so I have other duties. Our VM policy itself is very short, but our procedures are where the content is. I rewrote them (with assistance from the rest of the compliance dept - two others) a few months ago, along with implementing a new process for reviewing and onboarding vendors. 
    I built a risk assessment within Venminder and it has made risk rating everyone SO much easier. I have to touch all 230+ vendors this year as many of them were way behind in being reviewed, so I understand the daunting part! You are welcome to e-mail me if you want specifics (I could talk a LOT about all that I am doing now), but my overall process for ongoing management is as follows:
    - Set an oversight task in Venminder for every vendor's Contract Review. I line it up with the contract notice date plus an additional two months to obtain documentation.
    - Our process is not fully automated, so I do have a Word document for vendors to fill out. I ask how the vendor accesses our network, what data is received, if NPI is shared, etc and also confirm if we are renewing the relationship. I email this to the vendor owner and ask for due diligence docs as well.
    - Due diligence docs are based on risk rating. For new vendors, we use Venminder's onboarding and base documentation on the preliminary risk rating (I modified the initial questions in Venminder).
    - Once I get my documentation and questionnaire from the vendor owner, I upload it (and clean up old docs in Venminder if necessary), update the contract status, perform my risk assessment and create a note (on the vendor's dashboard page) in Venminder stating Contract review and RA complete, and if any documents are missing (not sent by vendor owner) I note that.

    We don't internally audit our VM program either, but hopefully my info helps. I felt lost in this process when I moved to this department last year, but a peer at another institution walked me through her process and it helped me immensely. I am happy to help since I know there's not a ton of info on banking vendor management out there. Please let me know if I can assist in any other way!


  • 7.  RE: Policy/Audit creation

    Posted 03-12-2020 08:51 AM

    Your quest to update your vendor management program might require that you consider taking a more strategic approach and less tactical to transform your current ineffective program into a more effective comprehensive program.  This approach would include an assessment of your existing program including policy/procedures which will yield program Gaps that can be identified and mapped to a strategic road-map with timeline. 

    The results would provide your management team a more comprehensive view, the opportunity to weigh in and give support, resulting in an approved strategic road-map that can be socialized within the organization for program awareness. 

    Having centralized digital record keeping with effective enterprise procurement processes and tools which include risk assessment and planning, due diligence and third-party selection, contract negotiation and contingency planning, ongoing monitoring, and termination will help you advance your vendor management program goals.




  • 8.  RE: Policy/Audit creation

    Posted 03-12-2020 10:15 AM

    Good Morning,

    I also thought I'd pass along some helpful educational resources to guide you in that process. These include:

     

    I hope you find these helpful!

    --

    Brittany Padgett
    Community Manager