Due Diligence and Ongoing Monitoring

 View Only

  • 1.  Vendor Categories

    This message was posted by a user wishing to remain anonymous
    Posted 05-17-2021 08:05 AM
    This message was posted by a user wishing to remain anonymous

    We're just establishing our vendor management program and are trying to bucket our vendors into categories. What are some of the more common categories (other than perhaps IT and Legal) that folks are using?


  • 2.  RE: Vendor Categories

    This message was posted by a user wishing to remain anonymous
    Posted 05-17-2021 08:33 AM
    This message was posted by a user wishing to remain anonymous

    We include the any possible financial implications that could occur during the relationship and also the GDPR Data Protection aspects also.
    Original Message


  • 3.  RE: Vendor Categories

    Posted 05-17-2021 09:04 AM
    There are several ways to look at it depending on your business.
    these are a few that I have used;
    Facilities
    Realtors & Brokers
    Marketing
    Legal
    Technology
    Subscriptions
    Consultants
    SAAS (not managed by IT)
    PAAS (not managed by IT)
    Government & Regulatory
     




    Original Message


  • 4.  RE: Vendor Categories

    Posted 05-17-2021 09:12 AM
    My firm do not include Legal/Government & Regulatory businesses. Can you please give me your opinion on why these are going through your vendor management process. I actually agree with you and think they should but not sure how to approach this conversation with the people above me?
    Original Message


  • 5.  RE: Vendor Categories

    Posted 05-17-2021 09:41 AM
    The reason we include them is they are in fact a Third Party relationship.  Just because they are in the program does not mean that we do much at all.
    For legal agreements the only ones where we actually conduct comprehensive due diligence is in situations where we will be sharing significant amounts (500 records or more) of customer data.  We do not get involved with M&A activity, board advisory agreements or the selection of outside counsel for specific projects or issues.
    Govt & Regulatory there is nothing we can do but inventory and track. they do not respond to DD requests and we cannot choose to do business with them.  Others are mostly tax related based on where we had branches etc.


  • 6.  RE: Vendor Categories

    Posted 05-17-2021 03:45 PM
    We do not categorize the vendors into buckets. Instead they are organized by unit/division/department within our organization. We ask our Relationships Manager to describe the product or serviced provided by the vendor. A review of that information would provide the ability to break into categories. 

    We include law firms that we contract/engage in the vendor management and oversight process.
    Original Message


  • 7.  RE: Vendor Categories

    Posted 05-17-2021 04:09 PM
    Similar to Mark, we also categorize by business unit who owns the relationship.  In addition we capture vendor category.  Vendor category is a specific listing chosen from a drop down field to maintain data integrity.  We try to avoid free--form text fields as much as possible because it makes creating meaningful reporting more difficult.  Some of our vendor categories includes: accounting, ACH services, appraiser, asset liability manager, broker, call center, collections, consultants, disaster recovery, data warehousing, human resource services....   We looked at what services our vendors were providing and created the categories from that- we also worked with our ERM provider as they had a listing of preprogrammed categories.
             ​
    Original Message