Latest Blog Articles

Read the Latest Blog Posts
Knowledge. Useful. Quick. 


Stay up-to-date by reading useful articles from industry thought leaders who tackle common challenges and discuss current or proposed industry regulations.

  • Peanut butter and jelly. Batman and Robin. Some things shouldn't exist alone, and the same goes for third-party vendor inherent risk and residual risk. A robust vendor risk assessment will identify inherent risk and help you determine residual risk, so it's essential to understand the difference between the two.
  • When it comes to third-party risk management (TPRM), organizations will generally use one of three primary operating models . A decentralized model is often the least effective, as functions are distributed across various teams without a single authority to oversee the activities. Fortunately, this model is the least used, according to results from our 2022 State of Third-Party Risk Management survey.
  • Stay up-to-date on the latest vendor management news happening this month. Check out the articles below to stay in the know.
  • Utilizing third-party vendors to support business activities is nothing new. While vendors can provide tremendous value in terms of saving time and money, they can also present extensive risks. Whether your organization is searching for a brand-new vendor, or has a longstanding relationship with another, vendor due diligence is a must. You simply can’t rely on a vendor to openly divulge their risks, so it’s essential to collect and review due diligence at the beginning and throughout the relationship.
  • It's no secret that for many organizations, the time and resources for vendor relationship management are stretched thin. This is especially true when vendor inventory numbers are in the hundreds or even thousands, so it’s best to determine which of your vendors (or other third parties) can be safely excluded from third-party risk management (TPRM) activities. However, it may not always be obvious which of these relationships should be in or out of scope. The good news is that organizations can use some tried and true guidelines to determine who should be in scope for vendor risk management. Read on to learn more and help ease the burden of your TPRM responsibilities.
  • Today, organizations merge suddenly and frequently for a variety of reasons - some of those reasons can be a really good thing, but some can introduce a variety of risks that can cause performance to fall short of expectations.
  • In the season two premier of Mad Men, the secretaries at the fictional ad agency Sterling Cooper are seen marveling at a new piece of office equipment – a brand new Xerox machine, roughly the size of a riding lawn mower. One character states in amazement that it’s capable of printing birthday invitations… on colored paper. Business technology has come a long way since the early days of these large machines with limited capabilities.
  • Within third-party risk management programs, financial health is interconnected with other risk domains and must be concurrently monitored with these domains to ensure proper risk mitigation on vendors. Performing adequate financial due diligence and screening can identify long-tail risks that impact a vendor’s overall operations which can lead to downstream issues in other areas of their business.
  • Increasing competition, shrinking margins and unpredictable global events can make navigating today's business environment difficult. While there is no one solution to these issues, leveraging external expertise and capacity can help organizations minimize costs and improve risk management outcomes, especially when it comes to vendor risk management.
  • Your vendor contract is one of your most important tools for mitigating third-party risk. Besides describing the products and services provided by the vendor, it should also contain details about how the vendor will manage identified risks, either through preventative (meant to prevent an action) and/or detective (meant to identify an action after it happens) measures and controls.
  • Compliance is one of those business activities that can often feel like a juggling act. Not only do you have to ensure that your organization is complying with industry regulations and state and federal laws, but you also need to keep an eye on your third parties.
  • An effective vendor risk program depends on each stakeholder fulfilling their responsibilities, but this is often more easily said than done. Vendor risk management is a complex process with many interdependencies and moving parts. And, it’s not all that uncommon to see a breakdown in the process.
  • The vendor lifecycle is a series of intricate processes that ensures consistent and proper management of your vendor relationship. Not only is it a best practice to actively manage this lifecycle, but it’s also a regulatory expectation. Whether you’re in the process of performing due diligence, managing the contract or offboarding the vendor, you likely have vendors in each stage of the lifecycle at any given time. With all these moving pieces, it’s essential to understand how to manage the entire vendor lifecycle at all different stages.
  • Stay up-to-date on the latest vendor management news happening this month. Discover information to help improve or freshen up your third-party risk management program. Check out some informational articles below.
  • At the end of March, the Securities and Exchange Commission’s (SEC) Division of Examinations (referred to as EXAMS) released its 10th annual Examination Priorities Report , identifying five significant focus areas that they believe bring heightened risk. Of these focus areas, information security and operational resiliency are perhaps most obviously relevant to third-party risk managers. Let’s review some of the specific activities that the SEC expects of organizations.