A clear and bold header

The Vendor Management Challenge: Tracking

Posted by CMPG Risk Solutions on Mar 20, 2017 2:31:00 AM

As vendor management has evolved from contract management a decade ago, focused upon risk management and regulatory compliance, the emerging challenge is keeping track of all the elements required to keep pace. You can no longer run an Excel or SharePoint solution from a server in the corner of the IT Department to get the job done. Vendor management requirements have grown too large and too widespread.

Vendor risk management, as defined by the FFIEC across a multitude of vendor analytical dimensions, was the first layer of complexity to be placed on top of traditional document repository contract management systems. Today’s fully-featured solutions have expanded upon this layer to include vendor news monitoring, vendor risk alerting, performance risk inclusive of SLA monitoring, the many facets of onboarding and ongoing due diligence review and risk assessment, complaint and social media monitoring, information and cyber security reviews, on-site evaluations, fourth-party risk review practices, and most recently, the newly unveiled concentration risk analysis. 


The key to a successful vendor management program is in the quality of its tracking and documentation:

-What vendor documentation do you have?
-When does it need to be updated?
-What documentation have you reviewed?
-Where do you require added focus or should concern be raised?
-Who are you still waiting on to respond?
-What needs to be reported upward?
-How long has it been since last contact?
-How is the vendor performing against the contract?
-When does the contract renew and what are your options to terminate/renegotiate?

Read More

Topics: Vendor management

Expanded Focus on Concentration Risk: Why Does it Matter?

Posted by CMPG Risk Solutions on Feb 14, 2017 2:06:00 AM

 

In our last blog post we shared the OCC’s Bulletin 2017-7, which outlines supplemental examination procedures for future regulatory exams—most notably the expanded focus on concentration risk. Today, we’ll take a quick look at why the OCC cares about dialing in the risk associated with geographical concentration of vendors (and perhaps more importantly, vendors’ vendors).

It’s no surprise that understanding the risks associated with your vendors is a much more complex process than it was 20 or even 10 years ago. Organizations not only have to evaluate their vendors, but also their vendors’ vendors (aka fourth-parties or subcontractors). This gets particularly tricky when it comes to concentration risk. For example: Let’s say your organization outsources critical business services to vendors A, B, and C, and those three vendors all outsource to a common vendor, D. If vendor D’s services become unavailable due to a data breach or other event, vendors A, B, and C may not be able to service your organization without disruption. In this scenario, your organization must bear the risk of vendor failure, breach, and regulatory penalties.

Historically, the approach to mitigating concentration risk was to simply ask vendors via a vendor risk assessment questionnaire to provide additional information on the vendors and third-party providers they work with. Unfortunately, as vendor management grows in size and complexity, this approach contains several flaws.

First, questionnaires can be extremely limited in their effectiveness. While commonplace, they rely too heavily on human assessment and calculation. They are also not the most verifiable, nor do they provide hard data; often, organizations must simply trust their vendors’ responses and hope they are accurate and true. The second issue with this approach is that often times, your vendors may not even know all of their vendors, or at least not to the extent you need to evaluate all potential risk.

Knowing all of this, it makes sense that the OCC would expand their examination focus on the validation of geographical concentration risk. We see this as an important next step for the evolution of industry best practices for vendor risk management, and we are already equipped and prepared for this increased focus with data management, analytics flexibility, and fourth-party tracking within our solutions and service offerings.

Loose documentation and voluntarily submitted information from vendors are inadequate methods of tracking, assessing and monitoring risk, and preparing for your next exam—especially when automated solutions exist that use data analytics to help you make educated decisions about vendor risk, and show examiners that every step along the way can be accounted for.

Read More

Topics: compliance management, concentration risk

The OCC Details Concentration Risk Examination Procedures

Posted by CMPG Risk Solutions on Jan 27, 2017 2:29:00 AM

On January 24, 2017 the OCC published a bulletin with the subject, "Third-Party Relationships" followed by the description, "Supplemental Examination Procedures." Within the bulletin is a link to the actual supplemental examination procedures for future examinations (links to the OCC Bulletin 2017-7 and the supplemental exam procedures can be found at the bottom of this post).



The supplemental procedures document states,

“These procedures are designed to help examiners tailor the examinations of national banks and federal savings associations (collectively, banks) and determine the scope of the third-party risk management examination.”

The specificity as to an expanded focus on concentration risk is found under the heading "Quantity of Risk" on page four of the document, beneath “Objective: To determine the quantity of operational risk associated with the use of third parties."

Concentration Risk examination validation is detailed in the following passage and associated footnote:

“1. Determine whether there are any concentrations among third-party relationships.
• Review the bank’s methodology for identifying concentrations among third-party relationships

• Determine whether there are concentrations due to the bank’s reliance on a single Third party for multiple activities, particularly when several of the activities are critical to one or more lines of business

• Determine whether there are geographic concentrations where the bank’s own operations, the operations of its third parties, or the operations of third parties’ subcontractors are located in the same region or are dependent on the same critical power and telecommunications infrastructures.”

“(Footnote 7) Concentrations may arise when a bank relies on a single third party for multiple activities, particularly when several of the activities are critical to bank operations. Additionally, geographic concentrations can arise when a bank’s own operations, and that of its third parties and subcontractors, are located in the same region or are dependent on the same critical power and telecommunications infrastructures.”

The implication is clear: vendor management organizations have been given a new challenge. It should be no surprise that there is a required understanding of service concentration for a single vendor--the new piece being introduced here is how to validate geographical concentration. At VendorInsight®, we have developed our software with the capability to maintain data management and with analytics flexibility. We are currently working with our existing clients to detail and manage these new examination expectations. If you are not our client (yet), how are your providers addressing this just-announced expectation--and when? It is a fair question you should be asking.

As most know, what the OCC defines, many of the remaining regulators will follow or formally adopt.

Read More

Topics: concentration risk, OCC

EVP JAY FITZHUGH FEATURED IN INDEPENDENT BANKER: AUTOMATED OVERSIGHT

Posted by CMPG Risk Solutions on Jan 12, 2017 2:03:00 AM

VendorInsight®’s EVP Jay Fitzhugh was recently quoted in a story published by the ICBA’s Independent Banker Magazine. The story, titled Automating Oversight, explored how a vendor management software system could benefit community banks.

The author begins by acknowledging the limited resources and growing regulatory pressure that many community banks are facing—the same challenges that we hear from our own customers and prospects. Specifically, we’ve identified two common obstacles that many community banks struggle with when it comes to vendor management:

1. You feel like your Vendor Risk Management policy is being criticized by regulators because it has not been updated in recent years to reflect the growth of your bank

2. Your Vendor Risk Management program continues to be managed by one or two people—or—managed by individual business owners, and the management and monitoring of vendors is becoming increasingly overwhelming and unorganized as more and more vendors are added to your bank

Sound familiar?

While Jay’s feature in the Independent Banker story only touches upon a vendor management software system’s ability to manage staff requirements, costing less than a single employee and delivering the benefits and productivity improvements equivalent to several employees, there is so much more that a vendor management solution can do for your organization. Often put on the back burner due to not being an “active” money-maker, a strong vendor risk management system may be your greatest offense against a major weakness in many community banks—regulatory compliance. It can also be one of your greatest money-savers.

Each year, hundreds of millions of dollars are spent unintentionally because vendor contracts automatically renew, committing companies to pay for services they no longer want, and vendors will impose annual price increases that are not monitored, understood, or validated. So, in addition to saving you money from a staffing position, an automated VRM solution will allow you to understand exactly which vendor costs will increase, when, and by how much.

A vendor management software system also allows for easier, faster completion of required tasks and activities such as vendor risk assessments, performance reviews, or RFPs, and results in improved resource utilization and productivity—all saving your bank and your employees valuable time.

Automated vendor management systems, especially the class-leading solutions offered by reliable, established companies like VendorInsight®, can be easily and quickly implemented. They are easy to use, reliable, cost-effective and efficient.

Now, let’s go back to the issue of having limited resources. VendorInsight® understands that one size does not fit all—many times a community bank simply doesn’t need an enterprise level vendor management system yet, just a system that meets their regulatory requirements and allows risk monitoring and vendor relationship management. That’s why we’re happy to offer multiple levels of software and services—so that you can have the assurance and quality of a premier system that fits your needs AND your budget, with the ability to grow as you do.

To learn how VendorInsight® can help your community bank keep up with the growing regulatory demands, simply fill out our contact request form (link found below) and we will be in touch soon.

Read More

Make Way: New SSAE 18 Control Audit Coming Through

Posted by CMPG Risk Solutions on Jan 5, 2017 2:12:00 AM

In April 2016, the American Institute of Certified Public Accountants (AICPA) announced an updated standard. This Statement on Standards for Attestation Engagements 18 (SSAE 18) is set to supersede the widely known SSAE 16 report that has been a mainstay with vendor management organizations tracking vendor adherence to defined controls since 2010.

The new SSAE 18 will be effective for reports produced after May 1, 2017, but organizations can adopt it earlier.

The new standard will require companies to monitor service organizations’ subservice organizations—or in vendor management terms, fourth-party providers. Essentially, the SSAE 18 will expand on the existing SSAE 16 standard to include validation of effective vendor management, as practiced by your vendors for their contracted fourth-party providers. This includes fourth-party monitoring beyond the initial vetting and selection process, just as required of FIs.

In early 2016 VendorInsight® implemented features to track, capture, and monitor risks associated with fourth-party vendors.

While the new standard is required for reports after May 1, 2017, many of the reports generally available from vendors supporting the financial services industry tend to cover an audit period from the late third or early fourth quarter. As such, we would expect the vast majority of 2017 vendor reports to report on audits completed prior to the start of the new SSAE 18 standard.

When fully deployed in 2018, this new standard offers the promise of added visibility to key vendor fourth-parties that today may not be easily discerned. It will also shine a light onto the vendor management practice of your vendors who have historically kept this discipline out of sight and away from detailed review. We see this as an important next step for the evolution of industry best practices for vendor risk management, and we are already equipped and prepared for this expanded tracking within our solutions and service offerings. To learn more about the new standard, follow the links below to download our FREE SSAE 18 eBook or speak with a VendorInsight Team Member about how your organization can prepare for the new standard.

Read More

Topics: control audit, vendor reviews

Complementary Controls; Bless Your Heart

Posted by CMPG Risk Solutions on Dec 20, 2016 1:51:00 AM

 

Complementary-User-Entity-Controls-VendorinsightWell not exactly. Many of us are all too familiar with the e-mail and phone chase of your vendor population to obtain their third party control audits. Most know control audits by their various designations: SSAE16 or SOC 1, SOC 2, be they Type I or Type II. Confused yet?

What seems to have grown in scrutiny with control audits is not the receipt, review and acceptance of your third (and fourth party) control audits by an independenndering an unqualified opinion, but that deep inside these documents there is actually information that you are charged to validate within your own institution's control environment. You typically find the Complementary User Entity Controls as a separate section in the Table of Contents page of any professionally completed control audit report.

Complementary User Entity Controls are those things that your institution must perform from your side of a vendor relationship. As an example, if a vendor is posting transactions that you submit, the Complementary User Entity Control will likely require that you balance and validate the batch of transactions prior to submission. That makes perfect sense, right?

The catch is that someone physically needs to match and validate that your controls match those prescribed by your vendor. And you will be asked at some point by an auditor or examiner in the future, if not already, for this internal control validation. The person performing the validation needs exceptional internal control documentation or must possess intimate working knowledge of your organizational structure, process and policies. The verification of controls likely leads them on a hunt for signatures across the organization: accounting, operations, items processing, IT, etc.

This is an area where solution providers such as VendorInsight® can provide assistance in organizing the required validation efforts and certifications; whether it is specific reports, or tracking outstanding control item exceptions. While many may still want to copy and sign the top of the page from the SSAE16; John Smith, SVP, We Do This!, this approach will likely not meet expectations, if ever, for much longer. VendorInsight® is designed to improve in this critical area of Vendor Risk Management. If you’d like to schedule a consultation with a member of our team, follow the link below and we’ll be in touch soon!

Read More

Advance Notice Of Proposed Enhanced Cyber Risk Management Standards

Posted by CMPG Risk Solutions on Nov 23, 2016 1:29:00 AM


On Tuesday, November 22, 2016, the OCC, Federal Reserve and the FDIC a press release announcing an invitation of comments on an advance notice of proposed rulemaking (ANPR), regarding enhanced cyber risk management standards for large banks under their supervision.


These regulatory agencies hope to increase operational resilience and lower the probability of failure in the banks they supervise.

 

Here’s what you need to know:



• The ANPR was published in the Federal Register on October 26, 2016, and comments are due by January 17, 2017.
• The ANPR applies to:
o any national bank, federal savings association (and any subsidiaries thereof), or federal branch of a foreign bank that is a subsidiary of a bank holding company or savings and loan holding company with total consolidated assets of $50 billion or more;
o any national bank, federal savings association, or federal branch of a foreign bank that has total consolidated assets of $50 billion or more and does not have a parent holding company; and
o any third-party service provider with respect to services provided to any covered national bank or federal savings association (or any subsidiaries thereof).
• The ANPR is not applicable to community banks
• Banks regulated by the above-mentioned agencies are required to ensure that the services they receive from third-parties are conducted with the same standards that would apply if the bank conducted the operations itself—therefore, the proposed enhanced standards would apply to all operations, even those serviced by third-parties.

Read More

Topics: vendor risk management, Federal Reserve, Cybersecurity, FDIC

5 REASONS TO BE THANKFUL FOR YOUR VENDORS

Posted by CMPG Risk Solutions on Nov 2, 2016 1:22:00 AM

We talk a lot about the horrors and headaches of vendor risk management, but the reality is that most financial institutions wouldn’t be able to meet their customers’ needs without their third and fourth-party vendors. So in the spirit of Thanksgiving, we give you five sincere reasons to say “thank you” to your vendors this month:

1. Thank you for working with us to create a mutually beneficial relationship built on mutual trust.

2. Thank you for providing accurate documents and information in a timely manner—Bonus: especially when it’s without even being asked!

3. Thank you for maintaining consistent, open communication between our parties.

4. Thank you for playing fair and not attempting to get the real advantage when it comes to putting together contracts.

5. Thank you for acting as an extension of our institution in order for us to provide our customers the level of service they expect.

Vendors don’t typically receive words of appreciation, so if you’ve got some good ones in your corner, take a moment this month to let them know they’re doing a good job! Tis the season after all, and a little encouragement is sure to go a long way in the quality of your relationship.

Read More

NEW RELEASE HOLDS SOLUTION TO SIMPLIFIED DOCUMENT REQUESTS!

Posted by CMPG Risk Solutions on Aug 3, 2016 2:16:00 AM

VendorINSIGHT strives to constantly improve our system to give our customers the most up-to-date and advanced technology. With the new PCM Document Request feature we recently introduced, users can request documents directly from any vendor through the PCM Associations screen. Vendors will receive an email with a link allowing them to upload the requested document. This feature makes it easy for users to collect necessary documentation without the hassle of tracking and sending separate emails. VendorINSIGHT takes pride in serving our customers with a streamlined and simplified VRM process and the PCM Request module is just one of the many ways we continue to do so.

Read More

DOES YOUR VENDOR RISK MANAGEMENT SOLUTION CARE ABOUT YOU? VENDORINSIGHT DOES!

Posted by CMPG Risk Solutions on Aug 2, 2016 2:01:00 AM

VendorINSIGHT is proud to be a supporter of the CBAO and local banks in our community. This is why we are offering a free luncheon held on Best Practices for 4th Party Vendor Management to local banks who attend the CBAO Annual Conference. VendorINSIGHT prepares our customers to handle the current and upcoming changes in the industry. We are proud to offer this event on 4th party vendor management- an issue that is becoming increasingly important. VendorINSIGHT takes the time to listen to our customers and strives to present them with the relevant information they need to succeed.

Read More

VENDORINSIGHT RELEASED VERSION 7.2.0 JULY 9, 2016!

Posted by CMPG Risk Solutions on Jul 12, 2016 2:48:00 AM

You asked for it, we made it happen! VendorINSIGHT is very excited to announce that the new User Forum requested at our User Group Meeting is now a feature available as a part of this latest major release. Users are able to ask questions, exchange ideas, and communicate with one another through their VendorINSIGHT program.

Included in this release is Fourth Party Risk Tracking. Assign, track, and add documentation for fourth parties associated with your vendor contracts.

Users of VendorINSIGHT are asked to contact their Program Administrator to enable these and many more features. Not a VendorINSIGHT user but want to learn more about how our risk management software solution is leading the industry? Call today for more information on how VendorINSIGHT may be able to streamline your VRM process while guaranteeing compliance!

Read More

USER GROUP MEETING PREVIEW

Posted by CMPG Risk Solutions on Feb 17, 2016 2:36:00 AM

If you have not seen the invitation for our annual User Group meeting on May 3rd in Nashville, Tennessee, please let your VendorINSIGHT® Program Administrator know so that we can be sure that you have all the details. Based upon feedback from clients who attended the meeting in Baltimore last year, this meeting was well received and provided an excellent forum for idea sharing among VendorINSIGHT® peer users and the VendorINSIGHT® management staff.

One area within Vendor Risk Management that continues to garner attention from the news media and the Regulators is Cybersecurity practices. From the consulting side of our business, three articles have been published in the last six months with regards to providing insight and guidance on IT Risk Management practices specifically aimed at the non-technical executives, inclusive of recommended Cybersecurity training for directors and how to prepare and respond to a data seizure. These can be found at our CMPG website.

In our upcoming meeting, we currently plan to continue on the theme of Cybersecurity education with a presentation on the background and key tenants of Cyber Insurance policies. Please let VendorINSIGHT® know if this is a topic that rings true in your role as the gatekeepers for Vendor Risk Management. We hope to see you in Nashville!

Read More

VENDOR CLASS, VPS & YOU!!

Posted by CMPG Risk Solutions on Dec 30, 2015 2:37:00 AM

VendorINSIGHT announced the latest updates to our Vendor Risk Assessment and Vendor Performance Scorecard modules earlier this month. The recent changes enhanced the customer's flexibility to update the templates in the platform as desired. We are very satisfied with the positive feedback we've received about the updated modules.

The Vendor Performance Scorecard (VPS) module's redesign will improve usability, allow for increased customization as requested by our customers and accommodate future data trending. The new VPS-2 design provides all of the functionality of the VPS-1 module and provides better flexibility for customization. The survey builder accommodates an unlimited number of questions and continues to track service levels.

We understand that not all of your vendors, suppliers and third parties demand the same attention. Each provider's risk to the institution constantly varies. With the introduction of Vendor Class, customers can configure multiple risk assessment templates that are dependent on the each vendor's class or risk to the organization making the risk assessment multi-level.

On a final note, VendorINSIGHT would like to thank each and every one of our valued customers. 2015 has been a year for the books. We look forward to continuing to please our customers in the years to come.


Read More

VendorInsight® Responds to Nov. 10 FFIEC Update

Posted by CMPG Risk Solutions on Nov 17, 2015 2:50:00 AM

VendorInsight_square logo_blk_rbg-3

Last week on November 10th, the Federal Financial Institutions Examination Council (FFIEC) issued a revised Management booklet, which is part of the FFIEC Information Technology Examination Handbook. Information Technology governance and risk management were the key elements of the update. Cybersecurity as an element of Information Security was introduced as an expansion upon the definitions of Cybersecurity for third-party vendors published in February, as a part of the Appendix J addition to the IT Examination Handbook. 


Given the expanded focus upon IT Risk Management, and the added requirement of Cybersecurity awareness, VendorInsight® has responded with changes to our standard Vendor Risk Assessment (VRA) and Information Security Questionnaire (ISQ) templates. These changes include validation or denial of cloud-computing within a vendor’s delivery of products or services and validation as to a detailed understanding of the vendor’s Cybersecurity posture.

The revised VRA template will be available for client review in the "About" section of the "Tools" menu on the Client Access Portal on November 20th. The revised sample ISQ template will also be available to clients who have enabled the Vendor Relationship Profile and Policy Compliance (VRP/PCM) modules. Please contact your Program Administrator if you require assistance with updating your VRA master template or if you would like to receive the updated ISQ template.

Read More

Topics: compliance management, vendor management software, FFIEC

VENDORINSIGHT® MAKES OUTSOURCING VENDOR MANAGEMENT SIMPLE WITH VRM PRO™

Posted by CMPG Risk Solutions on Jul 29, 2015 2:46:00 AM

July 29, 2015 – VRM Pro™ is VendorINSIGHT®’s solution to your vendor management problems. VendorINSIGHT® is the industry leader with extensive consulting and outsourcing expertise in vendor management since 1998. With VRM Pro™ our team will become your vendor management department.

We classify your vendors, rate their criticality, perform due diligence and keep all your documentation up to date. All that you have to do is simply review the results of our analysis and determine whether to accept the risk of the vendor relationship or to mitigate risk through additional controls.

Contact a VendorINSIGHT® representative to learn more about how VRM Pro™ provides Return on Investment benefits and can save your organization time.

Read More

VENDORINSIGHT® INTRODUCES NEW VENDOR RISK MANAGEMENT SOFTWARE FOR SMALL BANKS AND CREDIT UNIONS

Posted by CMPG Risk Solutions on Apr 15, 2015 2:43:00 AM

April 15, 2015 – VendorINSIGHT® announced today the release of VendorINTEL™, a turnkey vendor management solution for institutions under $1 Billion in assets. VendorINTEL™, powered by VendorINSIGHT®, allows you to monitor your risks and manage vendor relationships while meeting regulatory requirements at a cost friendly price!

The VendorINTEL™ set-up process is easy, allowing potential customers to register an account with a 30-day unconditional, money back guarantee if not 100% satisfied. You can find additional information about the newest VendorINSIGHT® vendor management solution on the VendorINTEL™ website.


Read More

CYBERSECURITY PRIORITIES ANNOUNCED BY THE FFIEC

Posted by CMPG Risk Solutions on Mar 24, 2015 1:52:00 AM

Coming on the heels of the business resiliency guidance of third party service providers released in February, the FFIEC issued a press release last Tuesday detailing their focus for the remainder of 2015 on Cybersecurity. This is in addition to the discussion of Cybersecurity Resiliency within the just released Appendix J to the IT Examination Handbook series. The pilot cybersecurity assessment completed in 2014 by the FFIEC with 500 institutions has led them to detail multiple efforts to help the industry self-assess and prepare for cybersecurity threats.

We see three key issues coming from this press release:

1. A cybersecurity self-assessment tool is being finalized to allow FIs to evaluate their own cybersecurity posture. We would predict that once this tool is released, this will become an important future exam element, and will likely need to be integrated into all measures of operational risk measurement, including services received from third party providers, and risk rated within solutions such as VendorINSIGHT®.

2. The press release notes that they are not yet done with guidance as it relates to third parties. Specifically the FFIEC will “expand their focus on technology service providers’ cybersecurity preparedness.” As was addressed with the updates to our software solutions in February on Business Resilience, we would expect continuing updates to our VendorINSIGHT® and BCP-Insight™ solutions to keep pace with best practices and guidance.

3. IT Governance expectations will increase. Per the press release, the FFIEC “will enhance their incident analysis, crisis management, training, and policy development” which likely means this expansion and coordination at the regulatory level will end up in the policy and procedure guidance for deployment within your organizations, and overseen by management and the board.

We applaud the FFIEC for getting this critical element of security and risk to the forefront and leading the key partnering between the public and private sector. We are not surprised, as we had provided earlier commentary in our blog entry in June of 2014. Stay tuned into Channel VendorINSIGHT and we'll keep you abreast of how our systems will continue to evolve to meet these new requirements as they are announced.

https://www.ffiec.gov/press/pr031715.htm

Read More

Vendor Management Expectations Impacted by FFIEC Expansion of Business Continuity Handbook

Posted by CMPG Risk Solutions on Feb 28, 2015 2:39:00 AM

 

 The FFIEC recently expanded its guidance by adding an amendment to its Business Continuity Planning handbook. Introducing the concept of "Business Resiliency," there are a number of NEW testing and vendor review requirements that pertain to third parties and outsourced technology service providers that must be included in vendor management programs, risk assessments and vendor profiles.


We anticipated this with the integration of our BCP system to VendorInsight® in January of this year and have already updated VendorInsight® to comply and meet 100% of this new guidance. Many of our customers are using the integrated features of our BCP-Insight™ system and reaping the benefits of this integration.

We expect more updated guidance and prescribed compliance from The Federal Reserve, OCC, FDIC and CFPB later this year and will keep you updated. Stay tuned here.

https://www.ffiec.gov/press/pr020615.htm

Read More

Topics: FFIEC, Business Continuity

Business Continuity Management System Integrates to VendorInsight!

Posted by CMPG Risk Solutions on Jan 13, 2015 1:31:00 AM

With release 6.8.0 we've fully integrated our BCP-INSIGHT™ and VendorINSIGHT® systems into a single Enterprise Risk Management (ERM) suite. Look for more important enterprise risk features and services to be introduced in 2015.

With total database integration and crossover matrix user credentialing, now our customers can define roles and workflow that transcends the traditional departmental boundaries to see risks, vulnerabilities and remediation statuses across vendors, departments, and business processes. This is a significant advancement for our solution and a leading capability among industry solutions.

CMPG's patent-pending BCP solution brings the user-friendliness, rapid implementation, and reliability of VendorINSIGHT® to the BCP/DR arena as our competitors continue to struggle to keep up with our rapidly advancing lead in the industry!

Read More

VENDORINSIGHT GROWS 20% AS THE INDUSTRY BEGINS TO SEGMENT. LEARN WHY.

Posted by CMPG Risk Solutions on Jan 8, 2015 2:41:00 AM

In 2014, we grew more than 20% and we expanded our presence with large and medium sized financial institutions as well as with smaller ones and in other industries. We've been swamped and working hard these past few record-setting months! We also successfully introduced four major releases with fantastic workflow features and helpful reporting along with new content management features.

There seems to be a division emerging in the industry right now. At one end of the scale, there are super-large enterprises and Fortune 100 companies looking for large-scale enterprise platforms to manage enterprise risk and vendor/supplier risk all together. We call these the ERM solutions. At the other end of the scale - typically banks below $50B in assets and Fortune 500 to 1000ish companies - customers are looking for sophisticated and complete vendor management systems, without the complexity, cost and enterprise headaches.

This makes sense, on the surface it would seem that an all-in enterprise risk system could save some money but the ERM players were late to the game with vendor management and are still a ways from catching up. There simply aren't the features, workflow, tools and monitoring services in their systems and there might never be because vendor risk management is only one small part of the overall enterprise equation. The reality is that the dedicated vendor management solutions do a much better job, and a much more productive job of helping customers manage a complex process like vendor management that is already sophisticated, crosses multiple organizational boundaries and requires advanced tools and reporting and workflow. In other words, they're useable and more oriented toward the things vendor management and third party risk management groups need to do.

For the vast majority of the industry, an ERM solution is far too expensive, it saps IT resources and infrastructure, and the learning curve makes it extremely difficult to achieve simplified processes with the productivity needed without hiring additional personnel. So far, the market tells us we're on the right track with our advanced software that can easily be put to effective use by both small and large companies, providing scalability, and our exceptional customer service model that consistently achieves the highest ratings!

We've had several customers convert from other solutions to come over to VendorINSIGHT® and to this day we've still never lost a single customer to a competing solution except in the event of an acquisition by a large company who used a different vendor management system! That is something we're proud of....taking care of and helping our customers the way they need us to.

If you aren't already a VendorINSIGHT® customer we hope you'll become one soon so we can help you and take care of you, too!

Read More

VendorInsider Blog

Insight into Vendor Management Best Practices, Challenges, Solutions and Trends from Industry Insiders

As one of the longest running and most advanced vendor management software solutions, the helpful people of VendorInsight® have a unique perspective on third-party risk, compliance and management.  In the VendorInsider Blog, we share our insights on timely and relevant issues facing vendor managers.  You can subscribe using the button below, or contact us with questions.

Subscribe to Our Blog

Recent Posts