Financial Services Provider
Vendor Risk Management (VRM) Framework/Third Party Vendor Management Performance Monitoring
A Financial Services Provider was seeking to implement a proactive system for identifying and managing vendor risk and ensuring compliance with OCC Matters Requiring Attention (MRA) as a result of findings from a Vendor Risk Audit. The audit found material weaknesses and the Client sought RGP to help restructure their program.
How We Helped
Working collaboratively with the Client as a cross-functional team, we established and implemented best practices for a Vendor Risk Management Framework for third party vendor management. A performance monitoring function ensured that relevant risks and associated metrics were identified and reported appropriately for each vendor, based upon their level of inherent/residual risk and the results of the relevant risk assessment. The level of intensity for each vendor was determined by how critical they were to the firm. A Governance, Risk and Compliance tool (MetricStream) supported the function.
The RGP Team consisted of a Project Manager, Business Analyst, User Test Script writer, VRM Strategic Advisor, and VRM subject-matter experts. We provided deep supply chain and VRM expertise to drive three key project work streams:
- Establishing the Program: recommending innovative solutions for support and maintenance of the Client’s third party vendor management processes, systems, standards, and metrics tracking
- Assisting in management of MetricStream implementation: developing user guides and materials and conducting training
- Developing and supporting day-to-day operations of the group, including: facilitating processes to ensure compliance with all regulations, guidelines and firm requirements; as subject-matter experts, providing guidance and customer service to stakeholders and third party contacts.
In support of these work streams, RGP:
- Developed the framework and vendor scorecards.
- Conducted Certification and Governance Maturity assessments.
- Conducted on-site vendor assessments, certification and Governance.
- Developed program processes, policies and procedures.
- Assisted in management of MetricStream implementation.
With the operationally embedded controls and efficiencies introduced by the Vendor Risk Management Framework/Third Party Vendor Management Performance Monitoring, our Client is well-positioned to effectively support and proactively identify and address new significant vendor risks to the business.