The focus of the VRMMM is to provide third party risk managers with a tool they can use to evaluate their program against a comprehensive set of best practices. This “benchmark” tool helps organizations plan programs and set goals.
How the VRMMM Works
Broken into eight categories, the model explores more than 200 program elements that should form the basis of a well-run third party risk management program. A VRMMM will help Third Party Risk Programs:
- Adapt a program structure by type of outsources services and maturity level based on industry, organization size and risk tolerance.
- Make informed decisions for resource allocation and vendor-related risk.
- Establish a baseline against which to benchmark program maturity.
- Use program governance as a foundational element for other risk program criteria.
- Identify components that will deliver the highest organizational value.
- Track program maturity over time to determine and communicate progress, and identify areas for improvement.