Third-Party and Vendor Risk Management

Governance, Risk and Compliance October 25, 2025
Enquire About This Course

Introduction

This comprehensive course addresses the growing challenges of managing risks associated with third-party relationships, including vendors, suppliers, partners, and service providers. Participants will learn to develop and implement robust third-party risk management frameworks that identify, assess, monitor, and mitigate risks throughout the vendor lifecycle. The curriculum covers due diligence processes, contract management, performance monitoring, and incident response coordination with external parties. Through practical exercises and real-world case studies, learners will develop the skills to build effective third-party risk management programs that protect organizational value while enabling strategic partnerships.

Objectives

Upon completion, participants will be able to:

  • Design and implement third-party risk management frameworks
  • Conduct comprehensive vendor due diligence assessments
  • Develop risk-based vendor categorization and tiering
  • Establish contract requirements for risk management
  • Implement ongoing monitoring and performance management
  • Manage third-party incidents and disruptions
  • Navigate regulatory requirements for third-party risk
  • Develop third-party risk reporting and metrics
  • Integrate third-party risk with enterprise risk management
  • Optimize third-party risk management operations

Target Audience

  • Third-Party Risk Managers
  • Procurement and Sourcing Professionals
  • Vendor Management Staff
  • Supply Chain Risk Managers
  • Compliance Officers
  • Legal and Contract Managers
  • Information Security Professionals
  • Operations Managers

Methodology

  • Third-party risk assessment workshops
  • Due diligence questionnaire development
  • Contract clause drafting exercises
  • Monitoring plan development sessions
  • Incident response simulations
  • Vendor tiering case studies
  • Mini-case studies of third-party failures
  • Syndicate discussions on relationship challenges

Personal Impact

  • Enhanced third-party risk assessment capabilities
  • Improved due diligence and evaluation skills
  • Stronger contract management competencies
  • Better incident management abilities
  • Increased confidence in vendor selection
  • Advanced analytical thinking about supply chain risks

Organizational Impact

  • Reduced third-party incidents and disruptions
  • Improved vendor performance and reliability
  • Enhanced regulatory compliance
  • Better resource allocation for vendor management
  • Stronger supply chain resilience
  • Increased stakeholder confidence in partnerships

Course Outline

Third-Party Risk Management Foundation

Framework Design
  • Third-party risk management principles
  • Regulatory requirements and expectations
  • Governance structure and roles
  • Policy and procedure development
Risk Categorization
  • Vendor tiering and criticality assessment
  • Risk category development
  • Inherent risk assessment
  • Resource allocation based on risk

Due Diligence and Selection

Due Diligence Process
  • Due diligence questionnaire development
  • Financial stability assessment
  • Reputation and reference checks
  • Compliance and regulatory verification
Selection and Onboarding
  • Selection criteria development
  • Risk-based decision making
  • Contract negotiation for risk management
  • Onboarding and transition planning

Contract Management and Controls

Contract Requirements
  • Risk management contract clauses
  • Service level agreements (SLAs)
  • Right to audit and assessment
  • Liability and indemnification
Control Implementation
  • Control requirements definition
  • Control testing methodologies
  • Remediation tracking and verification
  • Certification and attestation processes

Ongoing Monitoring and Management

Performance Monitoring
  • Key performance indicators (KPIs)
  • Service level monitoring
  • Financial performance tracking
  • Relationship management
Risk Monitoring
  • Key risk indicators (KRIs)
  • Change management monitoring
  • Compliance status tracking
  • Emerging risk identification

Incident Management and Continuity

Incident Response
  • Third-party incident response planning
  • Communication protocols
  • Escalation procedures
  • Coordination and collaboration
Business Continuity
  • Third-party business continuity requirements
  • Alternative sourcing strategies
  • Recovery time objectives
  • Testing and validation

Program Enhancement and Optimization

Program Evaluation
  • Maturity assessment
  • Performance metrics and reporting
  • Stakeholder satisfaction measurement
  • Continuous improvement planning
Advanced Topics
  • Fourth-party and sub-contractor management
  • Cloud service provider risks
  • Geopolitical and country risks
  • Technology enablement and automation

Ready to Learn More?

Have questions about this course? Get in touch with our training consultants.

Submit Your Enquiry