Due Diligence and Ongoing Monitoring

 View Only
  • 1.  3rd Party Due Diligence

    Posted 04-22-2022 01:55 PM
    Hello - I am wondering which area does your 3rd party Due Diligence?  It is a VMO or Risk Management area or does Procurement gather those details including compliance reports?  Do you have specific reasons why the area is responsible for this?

  • 2.  RE: 3rd Party Due Diligence

    Posted 04-25-2022 10:03 AM

    We are a credit union and created a position for a Vendor Manager. It's basically a department of one until we get it completely built. Then we will decide if we need to add staff.


    For Due Diligence, I work with our ERM to review financial related risk questions (He is also an accountant), and our AVP of Information Security on the IT and Cloud related questions. Our Compliance Officer reviews/edits any new contracts we engage in.


  • 3.  RE: 3rd Party Due Diligence

    Posted 05-02-2022 07:55 AM
    For our credit union I serve as the Vendor Management Administrator, the position reports up to Information Security & ultimately Risk Management.  I facilitate the full life cycle & engage subject matter experts as needed.  We do use the managed services provided by our software to complete due diligence reviews on approximately 30 vendors (our most critical & highest risk).   Our process is centralized so that our vendor owners can run the day to day operations of the vendor relationship, but the VMA will handle the majority of the due diligence & compliance matters.