What is the difference between vendor management and vendor monitoring? Is vendor management a subset of vendor monitoring? Or, is vendor monitoring a subset of vendor management?
If you take a common sense approach, you could argue vendor monitoring is a subset of vendor management. Monitoring your vendors is something that you do as part of your vendor management program. However, from a workflow perspective, vendor management is a subset of vendor monitoring. The key is thinking about vendor management as a lifecycle and not an event. What do you want to monitor through the lifecycle and how often should you monitor those events.
Vendors can add tremendous value through their expertise and services provided but they are hard if not impossible to truly manage. The risk they present to you depends upon your spend, the service they provide and the consequences of nonperformance. This should determine the frequency of monitoring and elements to be monitored.
If you are in a highly regulated industry, all vendors should be monitored but the frequency and depth of the monitoring should be proportionate to the risk presented by the given vendor. If you perform deep due diligence on a high-risk vendor and enter into a 5-year engagement, how often should you revalidate the due diligence? Annually? Quarterly? Monthly? Daily? I guess it depends.
For a low-risk vendor, you may want to monitor them at a much lower frequency but may want to dig a little deeper each time.
Trust Exchange enables you to create custom risk rankings (high risk, medium risk, low risk), create custom monitoring policies for each risk group (monitor financials, audits, news, press) and gives you a dashboard with all of the relevant information including real-time alerts and historical reports.