SlideShare uma empresa Scribd logo

Vendor Management Checklist Manifesto

Continuity Control
Continuity Control

Regulatory examiners are expecting to see and review your financial institution's vendor management program, which is to include a process for assessing specific vendor risk, vendor selection, contracting, and ongoing oversight. This webinar will demonstrate that implementing a repeatable process will provide consistency and reduce your institution's Compliance Tax by saving you time and resources, including helping to ensure your valuable dollars are spent wisely. Objectives: - Understanding of the regulatory requirements for the vendor management program - High level overview of the key elements - Provide guidance in developing your program

NegóciosTecnologiaEconomia e finanças
1 de 32
Vendor Management Compliance Checklist Manifesto May 20, 2010
Today’s Presenters ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Agenda ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Overview Vendor Management Regulatory landscape
Vendor Management Program Vendor Management Program The responsibility to properly oversee outsourced relationships lies with the board of directors and senior management. FFIEC Outsourcing Technology Services June 2004
Why Vendor Management Why Vendor Management ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
The notion of a Compliance Tax The notion of a Compliance Tax
What is the Compliance Tax? Compliance Tax ™ : the ever-growing amount of work, resources and costs (internal staffing, consulting fees, training and employee productivity loss) required for a financial institution to meet regulatory requirements Based on Asset Size: 500 million Average amount of employee time spent on compliance activities: 3%
The Checklist Approach The Checklist Approach
Power of a checklist What’s the Checklist Manifesto? ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Power of a checklist What’s the Checklist Manifesto? Boeing “Checklist Factory” Aviation is the origin of the checklist Boeing develops 100 checklists a year Take weeks to develop, but are adopted by the industry
Applying the Checklist Manifesto to Vendor Management Key Factors and Elements
Key Factors of Vendor Management Program ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Vendor Risk Management Program Elements ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Vendor Risk Assessment Vendor Risk Assessment ,[object Object],[object Object],[object Object],[object Object]
Classification Factors Classification Factors ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Performing the Risk Assessment Performing the Risk Assessment ,[object Object],[object Object],[object Object],[object Object],[object Object]
Policy/Written Program Policy/Written Program ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Applying Checklists to the Process Applying Checklists to the Process
Vendor Selection Checklist ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Vendor Selection Checklist ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Contract Review Checklist ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Vendor Performance Checklist ,[object Object],[object Object],[object Object]
Implementing Your Own Compliance Checklists
[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],Implementing Your Own Checklists
Stepping you Through the Process Stepping you Through the Process
Step by Step Directions
Step by Step Directions The What: Vendor Risk Assessments The Who: Operations Officer And When: Annual What: Vendor Performance Monitoring Who: IT Manager When: Weekly Search written procedures for :
Step by Step Directions Organizing Checklists: 1 st Oversight Activities Annual Vendor Risk Assessment 2 nd Periodic Activities Monthly and quarterly Review contract renewals 3 rd Routine Activities Daily and weekly Monitoring vendors
 
Summary and Q & A
Thank You! ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]

Recomendados

SOC presentation- Building a Security Operations Center
SOC presentation- Building a Security Operations CenterSOC presentation- Building a Security Operations Center
SOC presentation- Building a Security Operations CenterMichael Nickle
 
Business Impact Analysis
Business Impact AnalysisBusiness Impact Analysis
Business Impact Analysisdlfrench
 
KRI (Key Risk Indicators) & IT
KRI (Key Risk Indicators) & ITKRI (Key Risk Indicators) & IT
KRI (Key Risk Indicators) & ITMax Neira Schliemann
 
IT System & Security Audit
IT System & Security AuditIT System & Security Audit
IT System & Security AuditMufaddal Nullwala
 
IT Audit For Non-IT Auditors
IT Audit For Non-IT AuditorsIT Audit For Non-IT Auditors
IT Audit For Non-IT AuditorsEd Tobias
 
Governance risk and compliance
Governance risk and complianceGovernance risk and compliance
Governance risk and complianceMagdalena Matell
 
Isms awareness training
Isms awareness trainingIsms awareness training
Isms awareness trainingSAROJ BEHERA
 
Information System audit
Information System auditInformation System audit
Information System auditPratapchandra
 

Recomendados

SOC presentation- Building a Security Operations Center
SOC presentation- Building a Security Operations CenterSOC presentation- Building a Security Operations Center
SOC presentation- Building a Security Operations CenterMichael Nickle
 
Business Impact Analysis
Business Impact AnalysisBusiness Impact Analysis
Business Impact Analysisdlfrench
 
KRI (Key Risk Indicators) & IT
KRI (Key Risk Indicators) & ITKRI (Key Risk Indicators) & IT
KRI (Key Risk Indicators) & ITMax Neira Schliemann
 
IT System & Security Audit
IT System & Security AuditIT System & Security Audit
IT System & Security AuditMufaddal Nullwala
 
IT Audit For Non-IT Auditors
IT Audit For Non-IT AuditorsIT Audit For Non-IT Auditors
IT Audit For Non-IT AuditorsEd Tobias
 
Governance risk and compliance
Governance risk and complianceGovernance risk and compliance
Governance risk and complianceMagdalena Matell
 
Isms awareness training
Isms awareness trainingIsms awareness training
Isms awareness trainingSAROJ BEHERA
 
Information System audit
Information System auditInformation System audit
Information System auditPratapchandra
 
IT General Controls Presentation at IIA Vadodara Audit Club
IT General Controls Presentation at IIA Vadodara Audit ClubIT General Controls Presentation at IIA Vadodara Audit Club
IT General Controls Presentation at IIA Vadodara Audit ClubKaushal Trivedi
 
Enterprise Security Architecture
Enterprise Security ArchitectureEnterprise Security Architecture
Enterprise Security ArchitecturePriyanka Aash
 
ISO 27001
ISO 27001ISO 27001
ISO 27001n|u - The Open Security Community
 
Information security management system (isms) overview
Information security management system (isms) overviewInformation security management system (isms) overview
Information security management system (isms) overviewJulia Urbina-Pineda
 
SOC-2 Compliance Status Report sample v10.0
SOC-2 Compliance Status Report sample v10.0SOC-2 Compliance Status Report sample v10.0
SOC-2 Compliance Status Report sample v10.0Mark S. Mahre
 
ISMS Awareness Training (2) (1).pptx
ISMS Awareness Training (2) (1).pptxISMS Awareness Training (2) (1).pptx
ISMS Awareness Training (2) (1).pptxvasidharta
 
Third Party Risk Management
Third Party Risk ManagementThird Party Risk Management
Third Party Risk ManagementEC-Council
 
What is GRC – Governance, Risk and Compliance
What is GRC – Governance, Risk and Compliance What is GRC – Governance, Risk and Compliance
What is GRC – Governance, Risk and Compliance BOC Group
 
ISO 27001 - Information security user awareness training presentation - part 3
ISO 27001 - Information security user awareness training presentation - part 3ISO 27001 - Information security user awareness training presentation - part 3
ISO 27001 - Information security user awareness training presentation - part 3Tanmay Shinde
 
How to Effectively Audit your IT Infrastructure
How to Effectively Audit your IT InfrastructureHow to Effectively Audit your IT Infrastructure
How to Effectively Audit your IT InfrastructureNetwrix Corporation
 
CISA Training - Chapter 1 - 2016
CISA Training - Chapter 1 - 2016CISA Training - Chapter 1 - 2016
CISA Training - Chapter 1 - 2016Hafiz Sheikh Adnan Ahmed
 
Information System Architecture and Audit Control Lecture 1
Information System Architecture and Audit Control Lecture 1Information System Architecture and Audit Control Lecture 1
Information System Architecture and Audit Control Lecture 1Yasir Khan
 
Managing with KPI's and KRI's
Managing with KPI's and KRI's Managing with KPI's and KRI's
Managing with KPI's and KRI's Andrew Smart
 
Security models for security architecture
Security models for security architectureSecurity models for security architecture
Security models for security architectureVladimir Jirasek
 
Iso 27001 awareness
Iso 27001 awarenessIso 27001 awareness
Iso 27001 awarenessÃsħâr Ãâlâm
 
Integrated GRC
Integrated GRCIntegrated GRC
Integrated GRCTranscendent Group
 
SOC-2 Framework - Plan, Budget, Design, Integrate & Audit Security Controls
SOC-2 Framework - Plan, Budget, Design, Integrate & Audit Security ControlsSOC-2 Framework - Plan, Budget, Design, Integrate & Audit Security Controls
SOC-2 Framework - Plan, Budget, Design, Integrate & Audit Security ControlsMark S. Mahre
 
Cybersecurity Capability Maturity Model Self-Evaluation Report Jan 27 2023.pdf
Cybersecurity Capability Maturity Model Self-Evaluation Report Jan 27 2023.pdfCybersecurity Capability Maturity Model Self-Evaluation Report Jan 27 2023.pdf
Cybersecurity Capability Maturity Model Self-Evaluation Report Jan 27 2023.pdfssuser7b150d
 
Third-Party Risk Management (TPRM) | Risk Assessment Questionnaires
Third-Party Risk Management (TPRM) | Risk Assessment QuestionnairesThird-Party Risk Management (TPRM) | Risk Assessment Questionnaires
Third-Party Risk Management (TPRM) | Risk Assessment QuestionnairesCorporater
 
Building an effective Information Security Roadmap
Building an effective Information Security RoadmapBuilding an effective Information Security Roadmap
Building an effective Information Security RoadmapElliott Franklin
 
Vendor Management
Vendor ManagementVendor Management
Vendor ManagementAnand Subramaniam
 
Vendor Management Systems Best Practices
Vendor Management Systems Best PracticesVendor Management Systems Best Practices
Vendor Management Systems Best Practicesjeffmonaghan
 

Mais conteúdo relacionado

Mais procurados

IT General Controls Presentation at IIA Vadodara Audit Club
IT General Controls Presentation at IIA Vadodara Audit ClubIT General Controls Presentation at IIA Vadodara Audit Club
IT General Controls Presentation at IIA Vadodara Audit ClubKaushal Trivedi
 
Enterprise Security Architecture
Enterprise Security ArchitectureEnterprise Security Architecture
Enterprise Security ArchitecturePriyanka Aash
 
Information security management system (isms) overview
Information security management system (isms) overviewInformation security management system (isms) overview
Information security management system (isms) overviewJulia Urbina-Pineda
 
SOC-2 Compliance Status Report sample v10.0
SOC-2 Compliance Status Report sample v10.0SOC-2 Compliance Status Report sample v10.0
SOC-2 Compliance Status Report sample v10.0Mark S. Mahre
 
ISMS Awareness Training (2) (1).pptx
ISMS Awareness Training (2) (1).pptxISMS Awareness Training (2) (1).pptx
ISMS Awareness Training (2) (1).pptxvasidharta
 
Third Party Risk Management
Third Party Risk ManagementThird Party Risk Management
Third Party Risk ManagementEC-Council
 
What is GRC – Governance, Risk and Compliance
What is GRC – Governance, Risk and Compliance What is GRC – Governance, Risk and Compliance
What is GRC – Governance, Risk and Compliance BOC Group
 
ISO 27001 - Information security user awareness training presentation - part 3
ISO 27001 - Information security user awareness training presentation - part 3ISO 27001 - Information security user awareness training presentation - part 3
ISO 27001 - Information security user awareness training presentation - part 3Tanmay Shinde
 
How to Effectively Audit your IT Infrastructure
How to Effectively Audit your IT InfrastructureHow to Effectively Audit your IT Infrastructure
How to Effectively Audit your IT InfrastructureNetwrix Corporation
 
Information System Architecture and Audit Control Lecture 1
Information System Architecture and Audit Control Lecture 1Information System Architecture and Audit Control Lecture 1
Information System Architecture and Audit Control Lecture 1Yasir Khan
 
Managing with KPI's and KRI's
Managing with KPI's and KRI's Managing with KPI's and KRI's
Managing with KPI's and KRI's Andrew Smart
 
Security models for security architecture
Security models for security architectureSecurity models for security architecture
Security models for security architectureVladimir Jirasek
 
SOC-2 Framework - Plan, Budget, Design, Integrate & Audit Security Controls
SOC-2 Framework - Plan, Budget, Design, Integrate & Audit Security ControlsSOC-2 Framework - Plan, Budget, Design, Integrate & Audit Security Controls
SOC-2 Framework - Plan, Budget, Design, Integrate & Audit Security ControlsMark S. Mahre
 
Cybersecurity Capability Maturity Model Self-Evaluation Report Jan 27 2023.pdf
Cybersecurity Capability Maturity Model Self-Evaluation Report Jan 27 2023.pdfCybersecurity Capability Maturity Model Self-Evaluation Report Jan 27 2023.pdf
Cybersecurity Capability Maturity Model Self-Evaluation Report Jan 27 2023.pdfssuser7b150d
 
Third-Party Risk Management (TPRM) | Risk Assessment Questionnaires
Third-Party Risk Management (TPRM) | Risk Assessment QuestionnairesThird-Party Risk Management (TPRM) | Risk Assessment Questionnaires
Third-Party Risk Management (TPRM) | Risk Assessment QuestionnairesCorporater
 
Building an effective Information Security Roadmap
Building an effective Information Security RoadmapBuilding an effective Information Security Roadmap
Building an effective Information Security RoadmapElliott Franklin
 

Mais procurados (20)

IT General Controls Presentation at IIA Vadodara Audit Club
IT General Controls Presentation at IIA Vadodara Audit ClubIT General Controls Presentation at IIA Vadodara Audit Club
IT General Controls Presentation at IIA Vadodara Audit Club
 
Enterprise Security Architecture
Enterprise Security ArchitectureEnterprise Security Architecture
Enterprise Security Architecture
 
ISO 27001
ISO 27001ISO 27001
ISO 27001
 
Information security management system (isms) overview
Information security management system (isms) overviewInformation security management system (isms) overview
Information security management system (isms) overview
 
SOC-2 Compliance Status Report sample v10.0
SOC-2 Compliance Status Report sample v10.0SOC-2 Compliance Status Report sample v10.0
SOC-2 Compliance Status Report sample v10.0
 
ISMS Awareness Training (2) (1).pptx
ISMS Awareness Training (2) (1).pptxISMS Awareness Training (2) (1).pptx
ISMS Awareness Training (2) (1).pptx
 
Third Party Risk Management
Third Party Risk ManagementThird Party Risk Management
Third Party Risk Management
 
What is GRC – Governance, Risk and Compliance
What is GRC – Governance, Risk and Compliance What is GRC – Governance, Risk and Compliance
What is GRC – Governance, Risk and Compliance
 
ISO 27001 - Information security user awareness training presentation - part 3
ISO 27001 - Information security user awareness training presentation - part 3ISO 27001 - Information security user awareness training presentation - part 3
ISO 27001 - Information security user awareness training presentation - part 3
 
How to Effectively Audit your IT Infrastructure
How to Effectively Audit your IT InfrastructureHow to Effectively Audit your IT Infrastructure
How to Effectively Audit your IT Infrastructure
 
CISA Training - Chapter 1 - 2016
CISA Training - Chapter 1 - 2016CISA Training - Chapter 1 - 2016
CISA Training - Chapter 1 - 2016
 
Information System Architecture and Audit Control Lecture 1
Information System Architecture and Audit Control Lecture 1Information System Architecture and Audit Control Lecture 1
Information System Architecture and Audit Control Lecture 1
 
Managing with KPI's and KRI's
Managing with KPI's and KRI's Managing with KPI's and KRI's
Managing with KPI's and KRI's
 
Security models for security architecture
Security models for security architectureSecurity models for security architecture
Security models for security architecture
 
Iso 27001 awareness
Iso 27001 awarenessIso 27001 awareness
Iso 27001 awareness
 
Integrated GRC
Integrated GRCIntegrated GRC
Integrated GRC
 
SOC-2 Framework - Plan, Budget, Design, Integrate & Audit Security Controls
SOC-2 Framework - Plan, Budget, Design, Integrate & Audit Security ControlsSOC-2 Framework - Plan, Budget, Design, Integrate & Audit Security Controls
SOC-2 Framework - Plan, Budget, Design, Integrate & Audit Security Controls
 
Cybersecurity Capability Maturity Model Self-Evaluation Report Jan 27 2023.pdf
Cybersecurity Capability Maturity Model Self-Evaluation Report Jan 27 2023.pdfCybersecurity Capability Maturity Model Self-Evaluation Report Jan 27 2023.pdf
Cybersecurity Capability Maturity Model Self-Evaluation Report Jan 27 2023.pdf
 
Third-Party Risk Management (TPRM) | Risk Assessment Questionnaires
Third-Party Risk Management (TPRM) | Risk Assessment QuestionnairesThird-Party Risk Management (TPRM) | Risk Assessment Questionnaires
Third-Party Risk Management (TPRM) | Risk Assessment Questionnaires
 
Building an effective Information Security Roadmap
Building an effective Information Security RoadmapBuilding an effective Information Security Roadmap
Building an effective Information Security Roadmap
 

Destaque

Vendor Management Systems Best Practices
Vendor Management Systems Best PracticesVendor Management Systems Best Practices
Vendor Management Systems Best Practicesjeffmonaghan
 
Vendor management using COBIT 5
Vendor management using COBIT 5Vendor management using COBIT 5
Vendor management using COBIT 5Robert Stroud
 
SUPPLIER SELECTION AND EVALUATION
SUPPLIER SELECTION AND EVALUATIONSUPPLIER SELECTION AND EVALUATION
SUPPLIER SELECTION AND EVALUATIONZamri Yahya
 
IT Strategic Vendor Management
IT Strategic Vendor ManagementIT Strategic Vendor Management
IT Strategic Vendor ManagementBill Whetstone
 
Vendor Management and Contract Negotiations
Vendor Management and Contract NegotiationsVendor Management and Contract Negotiations
Vendor Management and Contract NegotiationsButlerRubin
 
Purchasing, Procurement, Vendor, Contract and RFP Process Management with Sha...
Purchasing, Procurement, Vendor, Contract and RFP Process Management with Sha...Purchasing, Procurement, Vendor, Contract and RFP Process Management with Sha...
Purchasing, Procurement, Vendor, Contract and RFP Process Management with Sha...Optimus BT
 
EY Human Capital Conference 2012: Global Employee Mobility - Managing vendors...
EY Human Capital Conference 2012: Global Employee Mobility - Managing vendors...EY Human Capital Conference 2012: Global Employee Mobility - Managing vendors...
EY Human Capital Conference 2012: Global Employee Mobility - Managing vendors...EY
 
Vendor Management - PCI DSS, ISO 27001, E13PA,HIPPA & FFIEC
Vendor Management - PCI DSS, ISO 27001, E13PA,HIPPA & FFIECVendor Management - PCI DSS, ISO 27001, E13PA,HIPPA & FFIEC
Vendor Management - PCI DSS, ISO 27001, E13PA,HIPPA & FFIECControlCase
 
Applicant Tracking System Vendor Criteria Checklist
Applicant Tracking System Vendor Criteria ChecklistApplicant Tracking System Vendor Criteria Checklist
Applicant Tracking System Vendor Criteria ChecklistMatt Charney
 
Vendor Management Best Practices: Is Your Program Up to Par?
Vendor Management Best Practices: Is Your Program Up to Par?Vendor Management Best Practices: Is Your Program Up to Par?
Vendor Management Best Practices: Is Your Program Up to Par?EDR
 
Vendor Management System - Introduction2
Vendor Management System - Introduction2Vendor Management System - Introduction2
Vendor Management System - Introduction2Frank Corris
 
Multi Vendor Management
Multi Vendor ManagementMulti Vendor Management
Multi Vendor ManagementMuratSelcuk
 
Vendor Selection Process
Vendor Selection ProcessVendor Selection Process
Vendor Selection Processgrinehart
 
ppt of vendor management
ppt of vendor management ppt of vendor management
ppt of vendor management rohit12692
 
Vendor development
Vendor developmentVendor development
Vendor developmentPadmadhar PD
 
Outsourcing and Vendor management
Outsourcing and Vendor managementOutsourcing and Vendor management
Outsourcing and Vendor managementRaminder Pal Singh
 

Destaque (20)

Vendor Management
Vendor ManagementVendor Management
Vendor Management
 
Vendor Management Systems Best Practices
Vendor Management Systems Best PracticesVendor Management Systems Best Practices
Vendor Management Systems Best Practices
 
Vendor Management
Vendor ManagementVendor Management
Vendor Management
 
Vendor management using COBIT 5
Vendor management using COBIT 5Vendor management using COBIT 5
Vendor management using COBIT 5
 
SUPPLIER SELECTION AND EVALUATION
SUPPLIER SELECTION AND EVALUATIONSUPPLIER SELECTION AND EVALUATION
SUPPLIER SELECTION AND EVALUATION
 
IT Strategic Vendor Management
IT Strategic Vendor ManagementIT Strategic Vendor Management
IT Strategic Vendor Management
 
Vendor rating
Vendor ratingVendor rating
Vendor rating
 
Vendor rating system
Vendor rating systemVendor rating system
Vendor rating system
 
Vendor Management and Contract Negotiations
Vendor Management and Contract NegotiationsVendor Management and Contract Negotiations
Vendor Management and Contract Negotiations
 
Purchasing, Procurement, Vendor, Contract and RFP Process Management with Sha...
Purchasing, Procurement, Vendor, Contract and RFP Process Management with Sha...Purchasing, Procurement, Vendor, Contract and RFP Process Management with Sha...
Purchasing, Procurement, Vendor, Contract and RFP Process Management with Sha...
 
EY Human Capital Conference 2012: Global Employee Mobility - Managing vendors...
EY Human Capital Conference 2012: Global Employee Mobility - Managing vendors...EY Human Capital Conference 2012: Global Employee Mobility - Managing vendors...
EY Human Capital Conference 2012: Global Employee Mobility - Managing vendors...
 
Vendor Management - PCI DSS, ISO 27001, E13PA,HIPPA & FFIEC
Vendor Management - PCI DSS, ISO 27001, E13PA,HIPPA & FFIECVendor Management - PCI DSS, ISO 27001, E13PA,HIPPA & FFIEC
Vendor Management - PCI DSS, ISO 27001, E13PA,HIPPA & FFIEC
 
Applicant Tracking System Vendor Criteria Checklist
Applicant Tracking System Vendor Criteria ChecklistApplicant Tracking System Vendor Criteria Checklist
Applicant Tracking System Vendor Criteria Checklist
 
Vendor Management Best Practices: Is Your Program Up to Par?
Vendor Management Best Practices: Is Your Program Up to Par?Vendor Management Best Practices: Is Your Program Up to Par?
Vendor Management Best Practices: Is Your Program Up to Par?
 
Vendor Management System - Introduction2
Vendor Management System - Introduction2Vendor Management System - Introduction2
Vendor Management System - Introduction2
 
Multi Vendor Management
Multi Vendor ManagementMulti Vendor Management
Multi Vendor Management
 
Vendor Selection Process
Vendor Selection ProcessVendor Selection Process
Vendor Selection Process
 
ppt of vendor management
ppt of vendor management ppt of vendor management
ppt of vendor management
 
Vendor development
Vendor developmentVendor development
Vendor development
 
Outsourcing and Vendor management
Outsourcing and Vendor managementOutsourcing and Vendor management
Outsourcing and Vendor management
 

Semelhante a Vendor Management Checklist Manifesto

Compliance, Risk Management, Licensing
Compliance, Risk Management, LicensingCompliance, Risk Management, Licensing
Compliance, Risk Management, Licensingicomply
 
Privacy & Security Controls In Vendor Management Al Raymond
Privacy & Security Controls In Vendor Management Al RaymondPrivacy & Security Controls In Vendor Management Al Raymond
Privacy & Security Controls In Vendor Management Al Raymondspencerharry
 
Key Performance Indicators for Chief Compliance Officers.pdf
Key Performance Indicators for Chief Compliance Officers.pdfKey Performance Indicators for Chief Compliance Officers.pdf
Key Performance Indicators for Chief Compliance Officers.pdfwilliamshakes1
 
Third-Party Oversight & Governance
Third-Party Oversight & GovernanceThird-Party Oversight & Governance
Third-Party Oversight & GovernanceEDR
 
Risk Assessment Framework
Risk Assessment FrameworkRisk Assessment Framework
Risk Assessment FrameworkJhurt7103
 
Contractor Management Strategies in a Complex World
Contractor Management Strategies in a Complex WorldContractor Management Strategies in a Complex World
Contractor Management Strategies in a Complex Worldbrowzcompliance
 
Questions for a Risk Analyst Interview - Get Ready for Success.pdf
Questions for a Risk Analyst Interview - Get Ready for Success.pdfQuestions for a Risk Analyst Interview - Get Ready for Success.pdf
Questions for a Risk Analyst Interview - Get Ready for Success.pdfinfosecTrain
 
𝐑𝐢𝐬𝐤 𝐀𝐧𝐚𝐥𝐲𝐬𝐭 𝐈𝐧𝐭𝐞𝐫𝐯𝐢𝐞𝐰 𝐐𝐮𝐞𝐬𝐭𝐢𝐨𝐧𝐬
𝐑𝐢𝐬𝐤 𝐀𝐧𝐚𝐥𝐲𝐬𝐭 𝐈𝐧𝐭𝐞𝐫𝐯𝐢𝐞𝐰 𝐐𝐮𝐞𝐬𝐭𝐢𝐨𝐧𝐬𝐑𝐢𝐬𝐤 𝐀𝐧𝐚𝐥𝐲𝐬𝐭 𝐈𝐧𝐭𝐞𝐫𝐯𝐢𝐞𝐰 𝐐𝐮𝐞𝐬𝐭𝐢𝐨𝐧𝐬
𝐑𝐢𝐬𝐤 𝐀𝐧𝐚𝐥𝐲𝐬𝐭 𝐈𝐧𝐭𝐞𝐫𝐯𝐢𝐞𝐰 𝐐𝐮𝐞𝐬𝐭𝐢𝐨𝐧𝐬priyanshamadhwal2
 
Risk and Regulatory Change Management - 360factors EUEC 2015 Presentation
Risk and Regulatory Change Management - 360factors EUEC 2015 PresentationRisk and Regulatory Change Management - 360factors EUEC 2015 Presentation
Risk and Regulatory Change Management - 360factors EUEC 2015 Presentation360factors
 
4. op risk and aml
4. op risk and aml4. op risk and aml
4. op risk and amlcrmbasel
 
Spire Brief - Risk Consulting
Spire Brief - Risk ConsultingSpire Brief - Risk Consulting
Spire Brief - Risk ConsultingPrashant Jain
 
Vendor risk management 2013
Vendor risk management 2013Vendor risk management 2013
Vendor risk management 2013Nidhi Gupta
 
Vendor risk management 2013
Vendor risk management 2013Vendor risk management 2013
Vendor risk management 2013Nidhi Gupta
 
Weaver - Financial Institutions Consulting
Weaver - Financial Institutions ConsultingWeaver - Financial Institutions Consulting
Weaver - Financial Institutions ConsultingAndrew Topa
 

Semelhante a Vendor Management Checklist Manifesto (20)

It62015 slides
It62015 slidesIt62015 slides
It62015 slides
 
Compliance, Risk Management, Licensing
Compliance, Risk Management, LicensingCompliance, Risk Management, Licensing
Compliance, Risk Management, Licensing
 
Privacy & Security Controls In Vendor Management Al Raymond
Privacy & Security Controls In Vendor Management Al RaymondPrivacy & Security Controls In Vendor Management Al Raymond
Privacy & Security Controls In Vendor Management Al Raymond
 
Key Performance Indicators for Chief Compliance Officers.pdf
Key Performance Indicators for Chief Compliance Officers.pdfKey Performance Indicators for Chief Compliance Officers.pdf
Key Performance Indicators for Chief Compliance Officers.pdf
 
My slides
My slidesMy slides
My slides
 
Third-Party Oversight & Governance
Third-Party Oversight & GovernanceThird-Party Oversight & Governance
Third-Party Oversight & Governance
 
Risk Assessment Framework
Risk Assessment FrameworkRisk Assessment Framework
Risk Assessment Framework
 
Contractor Management Strategies in a Complex World
Contractor Management Strategies in a Complex WorldContractor Management Strategies in a Complex World
Contractor Management Strategies in a Complex World
 
Questions for a Risk Analyst Interview - Get Ready for Success.pdf
Questions for a Risk Analyst Interview - Get Ready for Success.pdfQuestions for a Risk Analyst Interview - Get Ready for Success.pdf
Questions for a Risk Analyst Interview - Get Ready for Success.pdf
 
𝐑𝐢𝐬𝐤 𝐀𝐧𝐚𝐥𝐲𝐬𝐭 𝐈𝐧𝐭𝐞𝐫𝐯𝐢𝐞𝐰 𝐐𝐮𝐞𝐬𝐭𝐢𝐨𝐧𝐬
𝐑𝐢𝐬𝐤 𝐀𝐧𝐚𝐥𝐲𝐬𝐭 𝐈𝐧𝐭𝐞𝐫𝐯𝐢𝐞𝐰 𝐐𝐮𝐞𝐬𝐭𝐢𝐨𝐧𝐬𝐑𝐢𝐬𝐤 𝐀𝐧𝐚𝐥𝐲𝐬𝐭 𝐈𝐧𝐭𝐞𝐫𝐯𝐢𝐞𝐰 𝐐𝐮𝐞𝐬𝐭𝐢𝐨𝐧𝐬
𝐑𝐢𝐬𝐤 𝐀𝐧𝐚𝐥𝐲𝐬𝐭 𝐈𝐧𝐭𝐞𝐫𝐯𝐢𝐞𝐰 𝐐𝐮𝐞𝐬𝐭𝐢𝐨𝐧𝐬
 
Risk and Regulatory Change Management - 360factors EUEC 2015 Presentation
Risk and Regulatory Change Management - 360factors EUEC 2015 PresentationRisk and Regulatory Change Management - 360factors EUEC 2015 Presentation
Risk and Regulatory Change Management - 360factors EUEC 2015 Presentation
 
4. op risk and aml
4. op risk and aml4. op risk and aml
4. op risk and aml
 
How Audit Committees Can Help with Third-Party Risks
How Audit Committees Can Help with Third-Party RisksHow Audit Committees Can Help with Third-Party Risks
How Audit Committees Can Help with Third-Party Risks
 
Presentation_IA Focus
Presentation_IA FocusPresentation_IA Focus
Presentation_IA Focus
 
Spire Brief - Risk Consulting
Spire Brief - Risk ConsultingSpire Brief - Risk Consulting
Spire Brief - Risk Consulting
 
Vendor risk management 2013
Vendor risk management 2013Vendor risk management 2013
Vendor risk management 2013
 
Vendor risk management 2013
Vendor risk management 2013Vendor risk management 2013
Vendor risk management 2013
 
Vendor risk management 2013
Vendor risk management 2013Vendor risk management 2013
Vendor risk management 2013
 
Vendor risk management 2013
Vendor risk management 2013Vendor risk management 2013
Vendor risk management 2013
 
Weaver - Financial Institutions Consulting
Weaver - Financial Institutions ConsultingWeaver - Financial Institutions Consulting
Weaver - Financial Institutions Consulting
 

Último

Call Girls Pune Just Call 9907093804 Top Class Call Girl Service Available
Call Girls Pune Just Call 9907093804 Top Class Call Girl Service AvailableCall Girls Pune Just Call 9907093804 Top Class Call Girl Service Available
Call Girls Pune Just Call 9907093804 Top Class Call Girl Service AvailableDipal Arora
 
A DAY IN THE LIFE OF A SALESMAN / WOMAN
A DAY IN THE LIFE OF A SALESMAN / WOMANA DAY IN THE LIFE OF A SALESMAN / WOMAN
A DAY IN THE LIFE OF A SALESMAN / WOMANIlamathiKannappan
 
Value Proposition canvas- Customer needs and pains
Value Proposition canvas- Customer needs and painsValue Proposition canvas- Customer needs and pains
Value Proposition canvas- Customer needs and painsP&CO
 
KYC-Verified Accounts: Helping Companies Handle Challenging Regulatory Enviro...
KYC-Verified Accounts: Helping Companies Handle Challenging Regulatory Enviro...KYC-Verified Accounts: Helping Companies Handle Challenging Regulatory Enviro...
KYC-Verified Accounts: Helping Companies Handle Challenging Regulatory Enviro...Any kyc Account
 
Creating Low-Code Loan Applications using the Trisotech Mortgage Feature Set
Creating Low-Code Loan Applications using the Trisotech Mortgage Feature SetCreating Low-Code Loan Applications using the Trisotech Mortgage Feature Set
Creating Low-Code Loan Applications using the Trisotech Mortgage Feature SetDenis Gagné
 
Monthly Social Media Update April 2024 pptx.pptx
Monthly Social Media Update April 2024 pptx.pptxMonthly Social Media Update April 2024 pptx.pptx
Monthly Social Media Update April 2024 pptx.pptxAndy Lambert
 
Call Girls in Gomti Nagar - 7388211116 - With room Service
Call Girls in Gomti Nagar - 7388211116 - With room ServiceCall Girls in Gomti Nagar - 7388211116 - With room Service
Call Girls in Gomti Nagar - 7388211116 - With room Servicediscovermytutordmt
 
It will be International Nurses' Day on 12 May
It will be International Nurses' Day on 12 MayIt will be International Nurses' Day on 12 May
It will be International Nurses' Day on 12 MayNZSG
 
The Coffee Bean & Tea Leaf(CBTL), Business strategy case study
The Coffee Bean & Tea Leaf(CBTL), Business strategy case studyThe Coffee Bean & Tea Leaf(CBTL), Business strategy case study
The Coffee Bean & Tea Leaf(CBTL), Business strategy case studyEthan lee
 
Event mailer assignment progress report .pdf
Event mailer assignment progress report .pdfEvent mailer assignment progress report .pdf
Event mailer assignment progress report .pdftbatkhuu1
 
Monte Carlo simulation : Simulation using MCSM
Monte Carlo simulation : Simulation using MCSMMonte Carlo simulation : Simulation using MCSM
Monte Carlo simulation : Simulation using MCSMRavindra Nath Shukla
 
VIP Call Girls In Saharaganj ( Lucknow ) 🔝 8923113531 🔝 Cash Payment (COD) 👒
VIP Call Girls In Saharaganj ( Lucknow ) 🔝 8923113531 🔝 Cash Payment (COD) 👒VIP Call Girls In Saharaganj ( Lucknow ) 🔝 8923113531 🔝 Cash Payment (COD) 👒
VIP Call Girls In Saharaganj ( Lucknow ) 🔝 8923113531 🔝 Cash Payment (COD) 👒anilsa9823
 
Call Girls in Delhi, Escort Service Available 24x7 in Delhi 959961-/-3876
Call Girls in Delhi, Escort Service Available 24x7 in Delhi 959961-/-3876Call Girls in Delhi, Escort Service Available 24x7 in Delhi 959961-/-3876
Call Girls in Delhi, Escort Service Available 24x7 in Delhi 959961-/-3876dlhescort
 
Cracking the Cultural Competence Code.pptx
Cracking the Cultural Competence Code.pptxCracking the Cultural Competence Code.pptx
Cracking the Cultural Competence Code.pptxWorkforce Group
 
B.COM Unit – 4 ( CORPORATE SOCIAL RESPONSIBILITY ( CSR ).pptx
B.COM Unit – 4 ( CORPORATE SOCIAL RESPONSIBILITY ( CSR ).pptxB.COM Unit – 4 ( CORPORATE SOCIAL RESPONSIBILITY ( CSR ).pptx
B.COM Unit – 4 ( CORPORATE SOCIAL RESPONSIBILITY ( CSR ).pptxpriyanshujha201
 
A305_A2_file_Batkhuu progress report.pdf
A305_A2_file_Batkhuu progress report.pdfA305_A2_file_Batkhuu progress report.pdf
A305_A2_file_Batkhuu progress report.pdftbatkhuu1
 
MONA 98765-12871 CALL GIRLS IN LUDHIANA LUDHIANA CALL GIRL
MONA 98765-12871 CALL GIRLS IN LUDHIANA LUDHIANA CALL GIRLMONA 98765-12871 CALL GIRLS IN LUDHIANA LUDHIANA CALL GIRL
MONA 98765-12871 CALL GIRLS IN LUDHIANA LUDHIANA CALL GIRLSeo
 
Boost the utilization of your HCL environment by reevaluating use cases and f...
Boost the utilization of your HCL environment by reevaluating use cases and f...Boost the utilization of your HCL environment by reevaluating use cases and f...
Boost the utilization of your HCL environment by reevaluating use cases and f...Roland Driesen
 

Último (20)

Call Girls Pune Just Call 9907093804 Top Class Call Girl Service Available
Call Girls Pune Just Call 9907093804 Top Class Call Girl Service AvailableCall Girls Pune Just Call 9907093804 Top Class Call Girl Service Available
Call Girls Pune Just Call 9907093804 Top Class Call Girl Service Available
 
A DAY IN THE LIFE OF A SALESMAN / WOMAN
A DAY IN THE LIFE OF A SALESMAN / WOMANA DAY IN THE LIFE OF A SALESMAN / WOMAN
A DAY IN THE LIFE OF A SALESMAN / WOMAN
 
Value Proposition canvas- Customer needs and pains
Value Proposition canvas- Customer needs and painsValue Proposition canvas- Customer needs and pains
Value Proposition canvas- Customer needs and pains
 
KYC-Verified Accounts: Helping Companies Handle Challenging Regulatory Enviro...
KYC-Verified Accounts: Helping Companies Handle Challenging Regulatory Enviro...KYC-Verified Accounts: Helping Companies Handle Challenging Regulatory Enviro...
KYC-Verified Accounts: Helping Companies Handle Challenging Regulatory Enviro...
 
Creating Low-Code Loan Applications using the Trisotech Mortgage Feature Set
Creating Low-Code Loan Applications using the Trisotech Mortgage Feature SetCreating Low-Code Loan Applications using the Trisotech Mortgage Feature Set
Creating Low-Code Loan Applications using the Trisotech Mortgage Feature Set
 
VVVIP Call Girls In Greater Kailash ➡️ Delhi ➡️ 9999965857 🚀 No Advance 24HRS...
VVVIP Call Girls In Greater Kailash ➡️ Delhi ➡️ 9999965857 🚀 No Advance 24HRS...VVVIP Call Girls In Greater Kailash ➡️ Delhi ➡️ 9999965857 🚀 No Advance 24HRS...
VVVIP Call Girls In Greater Kailash ➡️ Delhi ➡️ 9999965857 🚀 No Advance 24HRS...
 
Monthly Social Media Update April 2024 pptx.pptx
Monthly Social Media Update April 2024 pptx.pptxMonthly Social Media Update April 2024 pptx.pptx
Monthly Social Media Update April 2024 pptx.pptx
 
Call Girls in Gomti Nagar - 7388211116 - With room Service
Call Girls in Gomti Nagar - 7388211116 - With room ServiceCall Girls in Gomti Nagar - 7388211116 - With room Service
Call Girls in Gomti Nagar - 7388211116 - With room Service
 
It will be International Nurses' Day on 12 May
It will be International Nurses' Day on 12 MayIt will be International Nurses' Day on 12 May
It will be International Nurses' Day on 12 May
 
The Coffee Bean & Tea Leaf(CBTL), Business strategy case study
The Coffee Bean & Tea Leaf(CBTL), Business strategy case studyThe Coffee Bean & Tea Leaf(CBTL), Business strategy case study
The Coffee Bean & Tea Leaf(CBTL), Business strategy case study
 
Event mailer assignment progress report .pdf
Event mailer assignment progress report .pdfEvent mailer assignment progress report .pdf
Event mailer assignment progress report .pdf
 
Forklift Operations: Safety through Cartoons
Forklift Operations: Safety through CartoonsForklift Operations: Safety through Cartoons
Forklift Operations: Safety through Cartoons
 
Monte Carlo simulation : Simulation using MCSM
Monte Carlo simulation : Simulation using MCSMMonte Carlo simulation : Simulation using MCSM
Monte Carlo simulation : Simulation using MCSM
 
VIP Call Girls In Saharaganj ( Lucknow ) 🔝 8923113531 🔝 Cash Payment (COD) 👒
VIP Call Girls In Saharaganj ( Lucknow ) 🔝 8923113531 🔝 Cash Payment (COD) 👒VIP Call Girls In Saharaganj ( Lucknow ) 🔝 8923113531 🔝 Cash Payment (COD) 👒
VIP Call Girls In Saharaganj ( Lucknow ) 🔝 8923113531 🔝 Cash Payment (COD) 👒
 
Call Girls in Delhi, Escort Service Available 24x7 in Delhi 959961-/-3876
Call Girls in Delhi, Escort Service Available 24x7 in Delhi 959961-/-3876Call Girls in Delhi, Escort Service Available 24x7 in Delhi 959961-/-3876
Call Girls in Delhi, Escort Service Available 24x7 in Delhi 959961-/-3876
 
Cracking the Cultural Competence Code.pptx
Cracking the Cultural Competence Code.pptxCracking the Cultural Competence Code.pptx
Cracking the Cultural Competence Code.pptx
 
B.COM Unit – 4 ( CORPORATE SOCIAL RESPONSIBILITY ( CSR ).pptx
B.COM Unit – 4 ( CORPORATE SOCIAL RESPONSIBILITY ( CSR ).pptxB.COM Unit – 4 ( CORPORATE SOCIAL RESPONSIBILITY ( CSR ).pptx
B.COM Unit – 4 ( CORPORATE SOCIAL RESPONSIBILITY ( CSR ).pptx
 
A305_A2_file_Batkhuu progress report.pdf
A305_A2_file_Batkhuu progress report.pdfA305_A2_file_Batkhuu progress report.pdf
A305_A2_file_Batkhuu progress report.pdf
 
MONA 98765-12871 CALL GIRLS IN LUDHIANA LUDHIANA CALL GIRL
MONA 98765-12871 CALL GIRLS IN LUDHIANA LUDHIANA CALL GIRLMONA 98765-12871 CALL GIRLS IN LUDHIANA LUDHIANA CALL GIRL
MONA 98765-12871 CALL GIRLS IN LUDHIANA LUDHIANA CALL GIRL
 
Boost the utilization of your HCL environment by reevaluating use cases and f...
Boost the utilization of your HCL environment by reevaluating use cases and f...Boost the utilization of your HCL environment by reevaluating use cases and f...
Boost the utilization of your HCL environment by reevaluating use cases and f...
 

Vendor Management Checklist Manifesto

  • 1. Vendor Management Compliance Checklist Manifesto May 20, 2010
  • 2.
  • 3.
  • 4. Overview Vendor Management Regulatory landscape
  • 5. Vendor Management Program Vendor Management Program The responsibility to properly oversee outsourced relationships lies with the board of directors and senior management. FFIEC Outsourcing Technology Services June 2004
  • 6.
  • 7. The notion of a Compliance Tax The notion of a Compliance Tax
  • 8. What is the Compliance Tax? Compliance Tax ™ : the ever-growing amount of work, resources and costs (internal staffing, consulting fees, training and employee productivity loss) required for a financial institution to meet regulatory requirements Based on Asset Size: 500 million Average amount of employee time spent on compliance activities: 3%
  • 9. The Checklist Approach The Checklist Approach
  • 10.
  • 11. Power of a checklist What’s the Checklist Manifesto? Boeing “Checklist Factory” Aviation is the origin of the checklist Boeing develops 100 checklists a year Take weeks to develop, but are adopted by the industry
  • 12. Applying the Checklist Manifesto to Vendor Management Key Factors and Elements
  • 13.
  • 14.
  • 15.
  • 16.
  • 17.
  • 18.
  • 19. Applying Checklists to the Process Applying Checklists to the Process
  • 20.
  • 21.
  • 22.
  • 23.
  • 24. Implementing Your Own Compliance Checklists
  • 25.
  • 26. Stepping you Through the Process Stepping you Through the Process
  • 27. Step by Step Directions
  • 28. Step by Step Directions The What: Vendor Risk Assessments The Who: Operations Officer And When: Annual What: Vendor Performance Monitoring Who: IT Manager When: Weekly Search written procedures for :
  • 29. Step by Step Directions Organizing Checklists: 1 st Oversight Activities Annual Vendor Risk Assessment 2 nd Periodic Activities Monthly and quarterly Review contract renewals 3 rd Routine Activities Daily and weekly Monitoring vendors
  • 30.  
  • 32.

Notas do Editor

  1. 04/01/10
  2. 04/01/10
  3. 04/01/10
  4. 04/01/10
  5. 04/01/10
  6. 04/01/10
  7. 04/01/10
  8. 04/01/10
  9. 04/01/10
  10. 04/01/10
  11. 04/01/10
  12. 04/01/10