Due Diligence and Ongoing Monitoring

 View Only

  • 1.  Risk Override Document

    Posted 04-20-2023 08:51 AM


    We have a committee that vets our vendors. It is made up of members of IS, IT, IA, ERM, Compliance, BC, Legal and VM. We review all the documentation to assess the risk, then determine if it is OK to move forward with the vendor. 

    We currently have a prospective vendor that will have our employee information. It is a smaller vendor, but they're not supplying the documentation we need to determine our employees' information will be secure. As a result, the committee is not recommending the vendor.

    With that being said, if executive management wants to accept the risk anyway, they can do so.

    I attended a VM Webinar earlier this week and they mentioned some sort of Risk Assessment document that we could have upper management sign off on to indicate that even though we believe the relationship with a potential vendor poses a lot of risk, management is willing to accept the risk. The document would be signed and dated.

    Do any of you have a document you use for this purpose that you can share? I'm thinking we could use the same document to identify when we do approve a vendor, as evidence they were indeed vetted and approved by the committee.

    TIA

    Cheryl



  • 2.  RE: Risk Override Document

    Posted 04-20-2023 09:12 AM

    Hello! We have a simple document that asks the following questions:

    • Describe the issue that was identified with the vendor:
    • Describe the risk this issue presents to the organization:
    • A risk acceptance must be approved by appropriate bank personnel based on vendor criticality level:
      • The Vendor Owner and ERM sign the document.

     

    Tina O'Donnell, AAP, CCBRS    

    AVP Operational Risk Manager

     






  • 3.  RE: Risk Override Document

    Posted 04-20-2023 09:45 AM

    Sounds perfect. Do you have a copy you can share? My email is below.

     

    Thanks so much!

     

    Cheryl Turner, CRVPM II

    Vendor Manager

    [Email has been removed by the Community Manager due to privacy reasons. You can reach out to the community member directly by clicking on their name, which will redirect you to their member profile to view their contact information.]




    Original Message


  • 4.  RE: Risk Override Document

    Posted 04-20-2023 11:45 AM

    can i please get a copy of that lso?


    Original Message


  • 5.  RE: Risk Override Document

    This message was posted by a user wishing to remain anonymous
    Posted 04-20-2023 12:01 PM
    This message was posted by a user wishing to remain anonymous

    I would be interest in that same document if made available.


    Original Message


  • 6.  RE: Risk Override Document

    Posted 04-21-2023 06:01 AM

    Hi Cheryl
    I have a risk acceptance form but don't want to post it on the forum. I can email it to you if you want to see it. just shoot me an email
    [Email has been removed by the Community Manager due to privacy reasons. You can reach out to the community member directly by clicking on their name, which will redirect you to their member profile to view their contact information.]
    Thanks 



    ------------------------------
    Jenn Wilkinson
    Vice President
    Strategic Vendor Management
    Cenlar FSB

    ------------------------------