wendy.hsu@venerable.com's blog

Laying the Foundation for a Vendor Management Program

A Senior IT Consultant talks about shaping a risk culture and standardizing her company's vendor review process.

While enrolled in SIG University's Certified Third Party Risk Management Professional (C3PRMP) Program, Wendy Hsu was able to immediately apply what she learned and contribute her expertise toward sourcing a third-party risk management tool to develop her organization's Third Party Risk Management Program.

In the C3PRMP program, students focus on best and emerging practices to identify, assess, manage and control third-party risk throughout the lifecycle of relationships, and learn how to align risk fundamentals and frameworks with risk culture to develop the essential tools and controls for effective governance.


In more ways than one, the learning opportunity with SIG University’s Certified Third Party Risk Management Professional (C3PRMP) program was more than coincidental. Earlier in the year, I had chosen the C3PRMP program to fulfill my 2019 Individual Development Plan objective. Little did I know that by July I would be fully engaged in assisting my manager to source a suitable third-party risk management tool and develop a project plan to implement our future Third Party Risk Management (TPRM) program. While the timing of my taking the certification program couldn’t be better, the challenges ahead of my company’s TPRM program (which will soon be called Key Vendor Management Program) couldn’t be greater given we are a young company still in the process of shaping our risk culture and standardizing our vendor review process.

Wendy Hsu, Sr. IT Procurement Consultant, Venerable