Generally, I would recommend that this type of vendor relationship is considered out of scope for the TPRM program. This type of vendor engagement is both low dollar and low risk. More importantly, it could be categorized as a Payee. The rationale for this is that the time and effort used to perform due diligence are not proportional to the risk.
- The risks and the dollars spent are low, & if the vendor fails to perform, replacement is the best option. Examples might include the bakery that provides donuts, caterers, a florist, or carpet cleaning, or other non-material services.
- The relationship consists of a single, one-time payment; this category is sometimes called "Payee." Litigation awards, donations, and sponsorships (such as posting a sign at a local little league ballpark or placing an advertisement in a school play program.)
Of course, you have to use your best judgment when making these decisions, but excluding this vendor is justifiable from my point of view. I would be interested to learn how others might handle this.
Original Message:
Sent: 04-27-2021 04:40 PM
From: Anonymous Member
Subject: Vendor Payment
This message was posted by a user wishing to remain anonymous
Hello everyone. I'm curious if you all have a vendor in which you used for something once and did any sort of risk rating and/or due diligence on? We have a vendor that we are paying an invoice of less than $30 on who provided mailing services for our shareholder proxies.
Would you add them to your Vendor list and perform due diligence?