Return to the list of news releases.

Managing Vendor Risk: Where's the Easy Button?

Release Date: 5/19/2009

By: Steve Gasiamis, Senior Risk Officer

The HEIT Spring 2009 Roadshow Series wrapped up this past week with our final stops in Phoenix and Seattle. Apart from landing in Seattle’s rainy, 50 degree weather wearing my flip flops and shorts from Phoenix, I would say the last week of events went off without a hitch. Everyone appreciated the topics we covered throughout the course of the day, but it seemed that one of the topics I presented on was of particular interest to the attendees. I chatted with lots of folks that are trying to find ways to get a better handle on their vendor management. The economic pressures have left many financial institutions looking to cut costs through outsourcing, but with this comes an increased administrative and compliance burden. The challenge is, how can you effectively and efficiently manage your increasing network of vendors with resources that may be decreasing? If only that “easy” button from Staples really worked…

During the peer workshop portion of our event in Seattle, the IT Manager of a local bank was sharing that she outsources nearly everything which puts her in the position of being a full-time vendor manager in addition to her other duties. I thought it was also interesting to note that one of the peer groups preferred to use the term “co-sourcing,” acknowledging that it’s still of crucial importance to be highly involved in the relationship. You do, after all, inherit the risk of your vendors.

Case in point, we recently heard about an open VPN connection being used to siphon off more than $1M from a credit union through fraudulent electronic funds transfers over an 8-month period. The kicker? The fraudulent activity was committed by a consultant to the CU’s core provider. You think one level of vendors to manage is hard enough? Now we have to turn our eagle eyes to the vendors our vendors use. What’s becoming apparent to me is that we need to find ways to ease the administrative burden and save time, while still effectively managing the associated vendor risk. In my experience, automating the vendor assessment is one of the most important steps you can take in streamlining your vendor management program. We all know that a vendor assessment is a people-intensive process. Throwing out the spreadsheets and doing away with e-mail and telephone tag will save you time and deliver many additional benefits:

• A shorter, more relevant survey – An automated survey can reduce the number of questions posed by 50% which makes vendor users more likely to complete the survey accurately and in a timely manner – ultimately giving you better quality risk information that is consistent across all third parties.
• Easy re-certification – Automation enables you to easily re-certify vendors as often as needed and measure remediation of prioritized issues that present the highest risk. If they know you’re constantly monitoring, it’s amazing how quickly vendors will improve their performance. Would the aforementioned credit union’s core provider have caught on to their vendor’s fraudulent activity if they were being held accountable on a continuous basis?
• Win-win solution – With an automated program, both you and your vendors win. You have a shared understanding of the risk and proactively manage it. The result? Sustained certification and compliance at a lower cost for both parties.

The good news is that the previously expensive, enterprise-only automation tools are becoming increasingly more accessible and affordable for community financial institutions. If you would be interested in learning more, you can click here to read about HEIT’s Risk Management Platform (which includes an integrated vendor management module) and register for one of our weekly demos.

 

Return to the list of news releases.