No two vendors are the same, so your practices must be comprehensive and customizable to address their particular risk. This session will cover basic starting blocks of choosing, risk assessing, contracting, and managing a vendor.
Hilary Jewhurst, CTPRP
Hilary leads the advancement and promotion of third-party risk management best practices and solutions through thought leadership, subject matter expertise, and support for Venminder’s customers, Marketing, Sales, and Third-Party Risk divisions. Hilary has served as a senior leader for over 20 years, working in operations management and risk management roles, with an emphasis on third-party risk.
Before joining Venminder, Hilary successfully built, improved, and managed enterprise-wide third-party risk management frameworks and programs for leading consumer banks and fintech companies. She has a track record of carefully identifying and analyzing vendor risk management issues while working with key stakeholders to drive resolution. She is skilled in regulatory compliance as well as policy and procedure development, improvement, and implementation. Her broader experience incorporates enterprise risk management, sourcing and procurement, crisis management, business continuity, and disaster recovery.
There’s a process to follow in order to designate a risk rating to a vendor. This session will cover the steps of a vendor risk assessment, how to determine inherent and residual risk, the difference between criticality and risk rating, and next steps after you know the level of risk associated to a vendor.
In order to do vendor due diligence on a vendor, you need to collect documents and information to review and consider on them. This session will cover the phases of collecting documents, workarounds when you can’t obtain a document, and best practices.
Due diligence is a key component of an effective third-party risk program. The research and documentation must be thorough, timely, and comprehensive. This session will cover basic components of an effective due diligence process, best practices, moving beyond a checklist mentality, what regulations require, and more.