Due Diligence and Ongoing Monitoring

  • 1.  Standard Oversight Procedures

    This message was posted by a user wishing to remain anonymous
    Posted 09-13-2021 01:52 PM
    This message was posted by a user wishing to remain anonymous

    We are looking to develop a standard procedure template for internal third party relationship owners that documents their oversight. Has anyone done anything similar that could share their SOP?

  • 2.  RE: Standard Oversight Procedures

    Posted 09-21-2021 12:07 PM


    While we don't have a template to share, I would look to your policy for what constitutes oversight. It takes a bit of work, but I would create a simple word document that would include the following information for each vendor.

    • Vendor Name and Risk rating
    • Critical or Non Critical
    • Date of last performance review
    • Attendees at review
    • Results of KPIs or SLAs
    • Reference to the data source supporting the performance
    • Open performance issues and remediation plan with date
    • Date of last risk review (due diligence or annual review)
    • Any missing or pending documentation
    • Any open issues or required remediation with plan and date
    • Contract status – date of termination or renewal
    • Any required escalation, industry news, or regulatory changes

    Of course, you can add more if necessary. Still, if the goal is to have evidence of monitoring, the information above should be sufficient. However, I would love to know how other members provide evidence of first-line management and oversight.