Due Diligence and Ongoing Monitoring

How is everyone performing due diligence on guest speakers?  What are you collecting?  If they are coming onsite and don't have a COI, what are you doing?

This message was posted by a user wishing to remain anonymous

Depending on how your organization has defined the TPRM program's scope and bounds, I would think guest speakers would be out of scope for the TPRM program, no?

From a materiality perspective, they would have no access to confidential information or systems, no continuity risk, low compliance risk, etc.  The risk profile should then be very low (below materiality threshold).  Moreover, the guest speaker would likely not be able to respond to any control assessment questionnaire or provide documentation.

I would encourage your organization to identify type of vendors or the services they offer that are excluded from your vendor management process. Some examples from our organization include:

• Entities receiving charitable contributions.
• Entities from which travel, meals and entertainment are purchased.
• Dues paid to an association; however the association may still be a vendor if the payment includes products or services received by the Company.
• Providers of magazines or periodicals.
• Any federal, state or local government or entity engaged by the government.

I would speakers to the list, unless the speaker is part of a larger service such as training.

------------------------------
Mark Ewert, CPCU, CIC
Director, Vendor Management
Penn National Insurance
------------------------------