Sharpening Your Vendor Management Tools
Dan Hadaway will be presenting a workshop titled “Sharpening Your Vendor Management Skills” through the Community Bankers Association of Ohio on Thursday, August 23rd, 2012.
Because financial institutions rely heavily on vendors to perform tasks involving confidential information, the FFIEC makes us responsible for governing the vendor process. An effective vendor management program will identify, measure, monitor, control, and escalate the risks associated with vendor relationships. Meanwhile, the tools we use to measure vendor risk are improving. The SAS70 is being replaced with the SSAE-16. Service Organizations Control (SOC) reports are internal control reports on the services provided by a service organization. SOC reports provide valuable information users need to assess and address the risks associated with an outsourced service. In addition, examiners are clarifying what is meant by a Critical Vendor, and the tools we use to manage the vendor due diligence process have improved.
- Risk Management Basics
- Vendor Risks
- Governing Threshold
- Policy and Procedure
- Enlisting Vendor Owner Support
- The SSAE-16 Review Process
- The due Diligence Process (New Vendors and the Annual Review)
- Streamlining the Process
Who Should Attend
This workshop is directed to the person(s) responsible for Vendor Due Diligence at the bank. Even if you already have a good Vendor Management Program, you may want to attend this workshop to learn about the SSAE-16 as well as to sharpen your tools!
Dan Hadaway, CRISC, CISA, CISM
Dan Hadaway founded Infotex in 2000 to help banks comply with the then-new Gramm Leach Bliley Act. Since then he has grown the firm to be a leading Managed Security Service Provider (MSSP) that also provides IT Audit services as well as IT Governance consulting. As one of the first to hold a CRISC designation, Dan helped write the review manual for the Certified in Risk and Information Systems Control certification (CRISC), which recognizes professionals for their knowledge of enterprise risk and their ability to design, implement, monitor and maintain information system controls to mitigate such risk.
For registration information, you may visit the Community Bankers of Ohio’s CBAO University registration page: Sharpening Your Vendor Management Skills
Leave a comment
We have recently made a significant change to our Incident Response Policy regarding Read more
Even if you haven’t ever used Facebook, your friends and family may have already let Read more
Just in time for the next round of SOC reviews, we’ve reviewed and updated our metric Read more
Another awareness poster for YOUR customers (and users). Now that we have our own em Read more