Latest Blog Articles

Read the Latest Blog Posts
Knowledge. Useful. Quick. 

Stay up-to-date by reading useful articles from industry thought leaders who tackle common challenges and discuss current or proposed industry regulations.

  • Inherent Risk vs Residual Vendor Risk

    16 hours ago
    Peanut butter and jelly. Batman and Robin. Some things shouldn't exist alone, and the same goes for third-party vendor inherent risk and residual risk. A robust vendor risk assessment will identify inherent risk and help you determine residual risk, so it's essential to understand the difference between the two.

  • 3 Reasons to Keep Third-Party Risk Management Independent at Your Organization

    yesterday
    When it comes to third-party risk management (TPRM), organizations will generally use one of three primary operating models . A decentralized model is often the least effective, as functions are distributed across various teams without a single authority to oversee the activities. Fortunately, this model is the least used, according to results from our 2022 State of Third-Party Risk Management survey.

  • June 2022 Vendor Management News

    6 days ago
    Stay up-to-date on the latest vendor management news happening this month. Check out the articles below to stay in the know.

  • Why You Need to Do Vendor Due Diligence

    7 days ago
    Utilizing third-party vendors to support business activities is nothing new. While vendors can provide tremendous value in terms of saving time and money, they can also present extensive risks. Whether your organization is searching for a brand-new vendor, or has a longstanding relationship with another, vendor due diligence is a must. You simply can’t rely on a vendor to openly divulge their risks, so it’s essential to collect and review due diligence at the beginning and throughout the relationship.

  • Which Vendors Should Be Out of Scope in Third-Party Risk Management?

    8 days ago
    It's no secret that for many organizations, the time and resources for vendor relationship management are stretched thin. This is especially true when vendor inventory numbers are in the hundreds or even thousands, so it’s best to determine which of your vendors (or other third parties) can be safely excluded from third-party risk management (TPRM) activities. However, it may not always be obvious which of these relationships should be in or out of scope. The good news is that organizations can use some tried and true guidelines to determine who should be in scope for vendor risk management. Read on to learn more and help ease the burden of your TPRM responsibilities.

  • 3 Areas to Watch If Your Vendor Is Acquiring Another Vendor

    14 days ago
    Today, organizations merge suddenly and frequently for a variety of reasons - some of those reasons can be a really good thing, but some can introduce a variety of risks that can cause performance to fall short of expectations.

  • Vendor Information Technology and Its Role in Cybersecurity

    15 days ago
    In the season two premier of Mad Men, the secretaries at the fictional ad agency Sterling Cooper are seen marveling at a new piece of office equipment – a brand new Xerox machine, roughly the size of a riding lawn mower. One character states in amazement that it’s capable of printing birthday invitations… on colored paper. Business technology has come a long way since the early days of these large machines with limited capabilities.

  • Identifying, Assessing and Mitigating Vendor Financial Risk

    21 days ago
    Within third-party risk management programs, financial health is interconnected with other risk domains and must be concurrently monitored with these domains to ensure proper risk mitigation on vendors. Performing adequate financial due diligence and screening can identify long-tail risks that impact a vendor’s overall operations which can lead to downstream issues in other areas of their business.

  • Outsourcing Vendor Management: When Does It Make Sense?

    22 days ago
    Increasing competition, shrinking margins and unpredictable global events can make navigating today's business environment difficult. While there is no one solution to these issues, leveraging external expertise and capacity can help organizations minimize costs and improve risk management outcomes, especially when it comes to vendor risk management.

  • How to Mitigate Third-Party Risks

    28 days ago
    Your vendor contract is one of your most important tools for mitigating third-party risk. Besides describing the products and services provided by the vendor, it should also contain details about how the vendor will manage identified risks, either through preventative (meant to prevent an action) and/or detective (meant to identify an action after it happens) measures and controls.

  • How to Level Up Your Third-Party Risk Management Compliance

    29 days ago
    Compliance is one of those business activities that can often feel like a juggling act. Not only do you have to ensure that your organization is complying with industry regulations and state and federal laws, but you also need to keep an eye on your third parties.

  • 5 Things Every Vendor Owner Needs to Manage Vendor Risk Successfully

    one month ago
    An effective vendor risk program depends on each stakeholder fulfilling their responsibilities, but this is often more easily said than done. Vendor risk management is a complex process with many interdependencies and moving parts. And, it’s not all that uncommon to see a breakdown in the process.

  • Vendor Lifecycle Management: Overview, Mistakes and Tips

    one month ago
    The vendor lifecycle is a series of intricate processes that ensures consistent and proper management of your vendor relationship. Not only is it a best practice to actively manage this lifecycle, but it’s also a regulatory expectation. Whether you’re in the process of performing due diligence, managing the contract or offboarding the vendor, you likely have vendors in each stage of the lifecycle at any given time. With all these moving pieces, it’s essential to understand how to manage the entire vendor lifecycle at all different stages.

  • May 2022 Vendor Management News

    one month ago
    Stay up-to-date on the latest vendor management news happening this month. Discover information to help improve or freshen up your third-party risk management program. Check out some informational articles below.

  • SEC 2022 Exam Priorities: Overseeing Vendor Information Security Practices

    one month ago
    At the end of March, the Securities and Exchange Commission’s (SEC) Division of Examinations (referred to as EXAMS) released its 10th annual Examination Priorities Report , identifying five significant focus areas that they believe bring heightened risk. Of these focus areas, information security and operational resiliency are perhaps most obviously relevant to third-party risk managers. Let’s review some of the specific activities that the SEC expects of organizations.
More