Vendor Risk Management

Training Duration: 3 day

Training Delivery Method: On-site, instructor-led course; or online, instructor-led course or hybrid


Some background in risk management

What Problem Does This Training Help Solve?

Helps you manage vendor risks originating from organizational policies and regulatory requirements

Who Should Attend?

Three types of audience: 1. those who implement controls to manage vendor risk 1. Compliance who ensure that controls are effective and KRIs are defined and monitored 3. Assurance area (Internal audit) who test controls to give assurance to the organizational governance

Course Material:

Content-rich manual/course handouts consisting of about 200+ slides

Course Syllabus:

Topics to be covered:

    • What is vendor risk
    • 4-elements: RA, due diligence, contracting, and oversight
    • Management and monitoring of vendor risk
    • VRM Framework
    • VRM governance and policy
    • Types of vendor risks
    • Risk and Control assessment for VR
    • Monitoring variations of risks and controls- KRIs, KCIs
    • Vendor supply chain risk and controls
    • Scenario analysis for vendor risks
    • Vendor contracts and SLAs management
    • Communicating vendor risk
    • IT-related vendor risks
      • Security – Data CIA
      • Encryption
      • Access controls
      • Vendor ERP controls
      • Trans-border transmission of privacy-related information
    • Regulatory Compliance  – GLBA, PCI DSS, SOX, Dodd-Frank CPFB
    • SOC 2 reviews (SSAE 16 and ISAE 3402)
    • Responsibility and accountability
    • Awareness and training for vendor interfacing employees