Vendor Risk Management

Assisting organizations in assessing and managing third party vendor risk

Understanding, assessing, and managing your third-party vendor’s relationship and associated security governance is as crucial as an organization’s own posture. Developing a program that evaluates vendor security during the onboarding process and maintains periodic oversight is crucial to maintaining a comprehensive and acceptable level of organizational risk. The assessment process must go beyond the traditional questionnaire-based approach and incorporate a risk-based methodology to understand potential impacts on your organization. Impacts could include cyber security breaches, legal and regulatory compliance, service availability, customer and financial information integrity, and other business impacts.

We define Vendor Risk Management (VRM) as the discipline that establishes a methodical, repeatable, and complete process to assess the risks that vendors pose to your organization. Most organizations with substantial revenue have hundreds and often thousands of vendors they do business with. All these vendors have widely varying access to your facilities, networks, personnel, and data. The VRM process allows you to assess all your existing vendors as well as pending vendors to determine the level of risk that they may pose to you, your data, and your business operations. Organizations are victimized all too frequently by threats, not directly, but because of the business relationship and trust they place with a vendor. The VRM provides a rigorous structure to identify and mitigate the risks that may be present due to an ongoing business relationship.

Hire our experts to help build out your organization’s VRM process, and this could include:

      • Creating a repeatable vendor risk assessment process for the organization to follow
      • Implementing a contextual and modular questionnaire for vendors to complete
      • Establishing a scoring matrix that takes vendor answers and creates a quantitative score
      • Developing a customized rubric that is used to evaluate each vendor’s response
      • Developing a set of criteria for how vendor risks are assessed and managed

Contact us

Calvetti Ferguson works with middle-market companies, private equity firms, and high-net-worth individuals across the country. Regardless of the complexity of the compliance, assurance, advisory, or accounting need, our team is ready to help you. Please complete the form below, and we will follow up with you shortly.