To the Point: Vendor Management PROFESSIONALS FORUM. initiative

Similar documents
Elements of a Successful Compliance Management System and Vendor Management Rules of the Road

WELLS FARGO & COMPANY AUDIT AND EXAMINATION COMMITTEE CHARTER

Invitation to Tender. External Audit Services. July 2015

Chief Compliance Officer Series: Compliance Analytics

English Translation (For Information Purposes Only) CODE OF BEST CORPORATE PRACTICES. Introduction

Corporate Recruiting Reports. Strategic OUTSOURCING. Staffing.org

AMERICAN EXPRESS COMPANY AUDIT AND COMPLIANCE COMMITTEE CHARTER (as amended and restated as of September 26, 2017)

AUDIT COMMITTEE OF THE BOARD OF DIRECTORS OF THE TORONTO-DOMINION BANK CHARTER

Supplier Code of Conduct

THORNEY OPPORTUNITIES LTD ACN AUDIT & RISK COMMITTEE CHARTER

Invitation to Tender. Development Legal Services. August 2015

RiskReporter. Using the best hiring practices. Managing volunteers at your organization Human resources checklist

DRIVER ADDENDUM TO SERVICES AGREEMENT. Last update: October 20, 2015

THORNEY TECHNOLOGIES LTD ABN: AUDIT & RISK COMMITTEE CHARTER

RISK AND AUDIT COMMITTEE TERMS OF REFERENCE

CPA REVIEW SCHOOL OF THE PHILIPPINES M a n i l a. AUDITING THEORY Risk Assessment and Response to Assessed Risks

Internal Audit Challenges & Opportunities Speaker: Laurie Shen, Director, Grant Thornton LLP

Ethics Decision Tree. For CPAs in Government

Banner by Ellucian Customer Survey Results

LeiningerCPA, Ltd. INTERNAL AUDIT AND CONTROL POLICY STATEMENT. Summary of Overall Responsibilities and Objectives

A Guide to Professional Standards

Product and Pricing Engines (PPE): Strategic Uses for Compliance, Competitiveness and Profit

RECRUITMENT 1 RECRUITMENT

Procurement Assistance Software & Support, LLC. The USA Buyers eprocurement Marketplace

The evolving business of Finance & Accounting - New delivery models for debits & credits

Next steps for CCO compliance. Helping financial services institutions respond to the UK s new corporate criminal offence

Background Screening Best Practices & EEOC Guidance: A Compliance Tool for Employers

Ethics and integrity. Compliance: A guide for third parties

OUR CUSTOMER TERMS CLOUD SERVICES TELSTRA APPS MARKETPLACE

Solution Terms for Customised Apps ( Customised No Apps )

Health & Safety Performance Indicators

INVITATION TO TENDER (ITT) TENDER RETURN DATE AND TIME (DEADLINE): 12 APRIL pm

STARWOOD HOTELS & RESORTS WORLDWIDE, INC. CHARTER OF THE AUDIT COMMITTEE OF THE BOARD OF DIRECTORS

Insperity Payroll Services Online Service Agreement (Effective as of 05/16/2014)

CONSULTANCY POLICY Approved by Council 30 June 2011 (minor revisions 19 June 2012)

Auditing of Swedish Enterprises and Organisations

AVOIDING AND MITIGATING CONSTRUCTION DEFECT RISK

APPLICATION FOR COMBINED HEAT AND POWER INCENTIVES

V.) FedEx Trade Networks shall not be liable for any delay or loss of any kind, which occurs while a shipment is in the custody or control of a Third

Audit Committee Forum TM

Supplementary Guidance Authorisation for Dealing Activities

SOUTHWEST AIRLINES CO. AUDIT COMMITTEE CHARTER

APES 305 TERMS OF ENGAGEMENT

Vol. 2 Management RFP No. QTA0015THA A2-2

Feature Scope Description for SAP Assurance and Compliance Software for SAP S/4HANA

Competency Requirements

SABIC SUPPLIER DUE DILIGENCE PROGRAMME

PEOPLESOFT ebill PAYMENT

REPORT 2014/010 INTERNAL AUDIT DIVISION. Audit of contract administration at the United Nations Office at Geneva

Legal Responsibilities for BHS System Board Members. G. Dan Neel Director-Saluda BHS

EFFICIENT USE OF AUDIT COMMITTEES

REQUEST FOR EXPRESSIONS OF INTEREST 5006 EOI DETERRENT PROGRAM FOR SNOW GEESE CONTROL

The Company seeks to comply with both the letter and spirit of the laws and regulations in all jurisdictions in which it operates.

Enterprise Uses of Speech Analytics

Broad Run Investment Management, LLC

Training Watson: How I/O Psychology, Data Science, and Engineering integrate to produce responsible AI in HR.

Third Party Risk Management ( TPRM ) Transformation

AMENDMENT OF OFFICIAL CT SUPER DRAW GAMES RULES

4A s Client Audit Guidance

Audit & Risk Committee Charter

Ohio Public Employees Retirement System. Request for Proposal

CODE OF ETHICS AND PROFESSIONAL CONDUCT

Concur Expense Integrator

Retail. IFRS 15 Revenue Are you good to go? May kpmg.com/ifrs KPMG IFRG Limited, a UK company limited by guarantee. All rights reserved.

A. Independence/Composition. The Committee shall be comprised of not less than three members. The members of the Committee:

Ohio Public Employees Retirement System. Request for Proposal

EU-GDPR and the cloud. Heike Fiedler-Phelps January 13, 2018

CICM Professional Qualifications. Money & Debt Advice Syllabus

STATE OF RHODE ISLAND OFFICE OF THE GENERAL TREASURER

Deciphering third-party business risk in a period of weak commodity prices

IAASB Main Agenda (December 2004) Page Agenda Item

Antitrust Compliance in Russia

UNIVERSITY OF OKLAHOMA Campus Payment Card Security Standard Norman Campus

IBM Resilient Incident Response Platform On Cloud

Can the public sector deliver a zero tolerance approach to corruption risk?

This document articulates ethical and behavioral guidance for all NGA Human Resources companies, employees, and business partners (such as suppliers,

SAP E-LEARNING / SAP E-ACADEMY TERMS AND CONDITIONS

THE AUDIT COMMITTEE HANDBOOK

Global Code of Business Conduct and Ethics

See your auditor clearly. Transparency report: How we perform quality audit engagements

Run SAP Implementation Partner Program for SAP Services Partners. Adopting the Run SAP methodology into your SAP Implementations

Mining your Dialer Logs to Increase your Inside Sales Revenue

Good 4 Global Charity Foundation Ltd Good 4 Global Limited. On behalf of all Affiliates and Software Licensees

SunTrust Banks, Inc. Corporate Governance Guidelines. General Principles

QA 2 / 2011 OCCURRENCE OF REVENUE FROM SALE OF GOODS

Background Verification. Request for Proposal Guide

Supplier Code of Conduct

(Effective for audits of financial statements for periods ending on or after December 15, 2013) CONTENTS

Trethowans LLP. Recruitment Agency Preferred Supplier List (PSL) Invitation to Tender

Audit Committee Member Roles and Responsibilities

AUDIT COMMITTEE CHARTER REINSURANCE GROUP OF AMERICA, INCORPORATED. the audits of the Company s financial statements;

Specification for Quality Programs for the Petroleum, Petrochemical and Natural Gas Industry

Shoper 9 POS Single Store Implementation

BOM/BSD 2/November 1994 BANK OF MAURITIUS. Guideline on Maintenance of Accounting and other Records and Internal Control Systems

TERMS OF REFERENCE OF THE AUDIT COMMITTEE OF THE BOARD OF DIRECTORS

ENERGY PERFORMANCE PROTOCOL QUALITY ASSURANCE SPECIFICATION

IIROC 2015 Financial Administrators Section Conference

International Standard on Auditing (Ireland) 402 Audit Considerations Relating to an Entity using a Service Organisation

INTERNATIONAL STANDARD ON AUDITING (IRELAND) 210 AGREEING THE TERMS OF AUDIT ENGAGEMENTS

Business Agility for Smarter Banking

Transcription:

To the Point: Vendor Management PROFESSIONALS FORUM an initiative

Published by The Compliance Professionals Forum an ia Initiative 6010 Executive Blvd, Suite 802, Rockville, Maryland, 20850 editor@compliancepf.com 240.499.3834 www.compliancepf.com Copyright 2015 insidearm LLC and Compliance Professionals Forum All rights reserved Printed in the United States of America This publication is sold subject to the condition that it shall not, by way of trade or otherwise, be lent, resold, hired out, or otherwise circulated without the publisher s prior consent. Reprint licenses are available for an additional fee. The scanning, uploading, and distribution of this publication via the Internet or via any other means without the permission of the publisher is illegal and punishable by law. Please purchase only authorized editions. To the Point: Vendor Management Page 1 2015 insidearm LLC

Legal Disclaimer This information is not intended to be legal advice but simply informed opinions from our panel, and may not be used as legal advice. Legal advice must be tailored to the specific circumstances of each case. Every effort has been made to assure this information is up-to-date. It is not intended to be a full and exhaustive explanation of the law in any area, nor should it be used to replace the advice of your own legal counsel. The views and opinions expressed herein are solely those of the Compliance Professionals Forum. The information and any materials are provided as is and the CPF along with its parent organization expressly disclaim all warranties, conditions, representations, indemnities and guarantees whether express or implied, arising by law or custom. In no event will the CPF be held liable for any claim or action arising from or related to your failure to comply with any laws or regulations. Your use of these materials constitutes full and sufficient consideration for, and acceptance by you, of the above terms. To the Point: Vendor Management Page 2 2015 insidearm LLC

Table of Contents Contributor... 5 Dan Huston, CPA, CFIRS... 5 How to Use This To the Point Guide... 6 Introduction:... 7 What is Vendor Risk Management?... 7 Why you need to do this:... 7 What is involved in a Vendor Risk Management Program?... 7 STEP 1: Basic Due Diligence... 8 Ready, Set, Go:... 8 Conduct Risk Assessments in Key Areas...8 Check it Twice:... 8 Company Stability and Reliability...8 Data Security...8 Hiring Practices...8 Insurance and Bonds:...9 Training:...9 STEP 2: Choosing what you need to review:... 10 Tailor your efforts to the industry and relationship:... 10 STEP 3: What to look for?... 10 Compliance with Laws and Regulations - Compliance Program:... 10 Compliance with Laws and Regulations - Compliance Officer:... 10 Compliance with Laws and Regulations - Key Regulations:... 11 Consumer Notices:... 11 Consumer Complaints are Key:... 11 CFPB Complaint Portal:... 12 Websites:... 12 Credit Reporting:... 12 For vendors transmitting or relying upon Credit Bureau records, evaluate:... 12 Payment Processing:... 13 For vendors processing or transmitting payments on your behalf, evaluate:... 13 Audits and Defining Unmitigated Risk:... 14 Risk Assessments:... 15 Targeting Key Areas:... 15 Considering Vendor and Client Audits:... 15 To the Point: Vendor Management Page 3 2015 insidearm LLC

Policies and Procedures:... 16 Auditing Communications:... 16 Sample Sizes:... 16 Testing Transactions:... 16 Audits:... 17 Summing it all up:... 17 Common Issues in Audits:... 17 Best Practices in Vendor Audits:... 17 Report Results of Audits... 17 Identify Recommended Corrective Action... 17 Document Vendor or Client Responses... 17 Best Practices Vendor and Client Audits:... 17 Review Independent Reporting... 17 Review of material subcontractor relationships... 18 Re-Test According to Issues Detected... 18 Subcontractors Monitoring your Vendors Vendor:... 18 Best Practices Vendor and Client Audits:... 18 Your Vendor s Management Program... 18 Your Vendor should monitor... 18 Review of material subcontractor relationships... 19 Apply Servicer practices to sub-contractors through contractual arrangements... 19 References for Third Party Oversight and Actions:... 20 Appendices... 21 insideoperations: Vendor Management webinar transcript... 21 insideoperations: Vendor Management webinar PowerPoint... 21 Certificate of Completion... 21 To the Point: Vendor Management Page 4 2015 insidearm LLC

Contributor Dan Huston, CPA, CFIRS Dan has worked in the banking industry since 1979 and has extensive knowledge of bank operations, lending, and related compliance. His focus is compliance with Federal regulations, product development, and processing efficiency. Dan directs the firm s internal audit and regulatory compliance services for financial institutions. Dan s areas of expertise include credit underwriting and lending compliance, anti-money laundering program administration, item processing, funds delivery, fiduciary services, loan origination and servicing, and trust and fiduciary operations. To the Point: Vendor Management Page 5 2015 insidearm LLC

Introduction: What is Vendor Risk Management? Cost control, efficiency of process, and the globalization of the ARM industry have significantly increased the use of outside vendors to manage everything from the telephony systems we use, to the letters we send, to the individuals speaking to our customers. With that expansion of outsourcing there is a risk of those tasks being done incorrectly or outside of compliance with either your policies or regulatory guidelines. Recognizing, reviewing and remediation have become not just a good idea but a vital part of the relationships with your vendors. These vendors have become an extension of your company. You must increase your review of these companies to ensure good corporate governance. You need to understand the risk they pose to your organization along with the obvious benefits. Why you need to do this: Regulatory changes are the primary reason most of the industry began to really look into vendor risk assessments. But there should be other driving factors in your efforts. Damage to your reputation, client requirements and finding potential legal issues are equally important and should play a part in your process. What is involved in a Vendor Risk Management Program? The program should be a formal process to identify and measure third-party risk, review the implications of that risk and build and implement controls with your vendors to mitigate that risk wherever possible. It can look many different ways. It can be tracked in excel spreadsheets or entered into a number of good process management systems available to the industry. It should be driven by the core values of your company, augmented by your policies and procedures and ultimately enhance the consumer experience by ensuring quality and accuracy in your dealings with those consumers. To the Point: Vendor Management Page 7 2015 insidearm LLC

2024 © businessdocbox.com Privacy Policy | Terms of Service | Feedback