Policy, Program, and Procedures

 View Only

Welcome to the Policy, Program, and Procedures Community. Here you will find the latest discussions and resources that can help you in this area. This community focuses on creating a policy, program, and procedures; best practices; ideas; tips; guidance; how to implement; and more. Note: You will need to Sign In to join in the discussions and access resources. 

About Third-Party Risk Policy, Program, and Procedures: Successful vendor risk management requires a fully documented set of practices. Regulators and examiners expect you to have three written documents – a policy, program, and procedures. These documents must be updated at least annually or more frequently as guidance changes or significant organizational changes occur. And, it’s important the work product produced matches what the policy and program documentation says.  

Latest Discussion Posts

  • Profile Picture

    RE: Where do your New Vendors come from?

    By: Anonymous Member , 3 hours ago

    This message was posted by a user wishing to remain anonymous We request COIs as part of the onboarding due diligence process and the ongoing DD process. One of the Risk SMEs reviews these to ensure coverage is adequate. More

  • Profile Picture

    RE: Criticality criteria for third party vendors

    By: Jennifer Wilkinson , 7 hours ago

    We use first a materiality assessment of 7 questions that include- Will this vendor access borrower or employee confidential data? Will this vendor have major impact on our ability to operate our business? Are there significant internal resources needed ... More

  • Profile Picture

    RE: Criticality criteria for third party vendors

    By: Debbie Maxwell , 7 hours ago

    Good morning! We use both a matrix and a questionnaire. The risk impact matrix we have created derives from our risk appetite which informs our questionnaire. Within our system, the questionnaire will deliver us a result based on the answers to questions ... More

  • Profile Picture

    RE: Where do your New Vendors come from?

    By: Jennifer Wilkinson , 7 hours ago

    We championed for a procurement team, and we added a vendor request form to our IT ticketing application that routes to TPRM, Procurement, FP&A, legal and IT. The form allows for selection of the following categories: Discovery (NDA only), Prospective, ... More

  • Profile Picture

    RE: Where do your New Vendors come from?

    By: Anonymous Member , 9 hours ago

    This message was posted by a user wishing to remain anonymous At what point do you conduct insurance compliance/insurance verification, and how/by whom is it done? More

Polls

Most Active Users List