Vendor Risk Assessment

Verifying the trust placed with your vendors

 

A Vendor Risk Assessment (VRA) provides a comprehensive and repeatable structure to assess the risks that vendors pose to your organization. Most organizations with substantial revenue have hundreds and often thousands of vendors with whom they do business. These vendors have widely varying access to your facilities, networks, and information and often directly support critical functions in providing goods and services to your clients. The VRA process allows you to assess all of your existing and future vendors to determine the level of risk that they may pose to you, your information, and your business operations. All too frequently, companies are indirectly victimized by cyber threats due to the business relationship and trust they place with a vendor. The VRA provides a rigorous structure to identify and, as needed, put a plan in place to mitigate the risks that may be present due to an ongoing business relationship.

 

Key elements in completing a VRA are:

    • Training for stakeholders on the vendor assessment process to follow
    • Identify the top 10 vendors for initial assessment
    • Customizing the modular questionnaire provided to fit your business needs
    • Reviewing and adjusting scoring matrix that takes vendor answers and creates a quantitative score
    • Developing a customized rubric for your business that is used to evaluate each vendor’s response
    • Developing a set of criteria for how vendor risks are assessed and managed
    • Prioritizing and scheduling vendor evaluations

Contact Us

Calvetti Ferguson works with companies, private equity firms, and high-net-worth individuals nationwide. Regardless of the complexity of your compliance, assurance, advisory, or accounting needs, our team is ready to help. Please complete the form below, and we will follow up with you shortly.