Vendor Risk Assessment
Verifying the trust placed with your vendors
A Vendor Risk Assessment (VRA) provides a comprehensive and repeatable structure to assess the risks that vendors pose to your organization. Most organizations that have substantial revenue have hundreds and often thousands of vendors that they do business with. All of these vendors have widely varying access to your facilities, networks, and information and often directly support critical functions in providing goods and services to your clients. The VRA process allows you to assess all of your existing and future vendors to determine the level of risk that they may pose to you, your information, and your business operations. All too frequently, companies are indirectly victimized by cyber threats as a result of the business relationship and trust that they placed with a vendor. The VRA provides a rigorous structure to identify and, as needed, put a plan in place to mitigate the risks that may be present due to an ongoing business relationship.
Key elements in completing a VRA are:
- Training for stakeholders on the vendor assessment process to follow
- Identify the top 10 vendors for initial assessment
- Customizing the modular questionnaire provided to fit your business needs
- Reviewing and adjusting scoring matrix that takes vendor answers and creates a quantitative score
- Developing a customized rubric for your business that is used to evaluate each vendor’s response
- Developing a set of criteria for how vendor risks are assessed and managed
- Prioritizing and scheduling vendor evaluations
Calvetti Ferguson works with middle-market companies, private equity firms, and high-net-worth individuals across the country. Regardless of the complexity of the compliance, assurance, advisory, or accounting need, our team is ready to help you. Please complete the form below, and we will follow up with you shortly.