Proactively Identify and Mitigate Vendor Risk

Promote a collaborative approach to vendor risk management and guard against regulatory, security, operational, and financial risk.

Onsite Workshop

A vendor risk management program can help organizations achieve risk readiness and address the following concerns:

  • Increased probability of underperformance
  • Higher costs due to additional spend, inflated price increases, and complex integrations
  • Difficulty resolving conflicts
  • Business disruption caused by vendors

Achieve the following with a vendor risk management program:

  • Better performance from vendors, benchmarked year over year
  • Risk mitigation plan in case conflicts arise
  • Avoid risks all together through a rigorous selection process
  • Avoid unplanned spend upfront by examining requirements and the vendor landscape

Module 1: Prepare for the Workshop

The Purpose

  • To prepare the team for the workshop.

Key Benefits Achieved

  • Avoids delays and interruptions once the workshop is in progress.

Activities: Outputs:
1.1 Send workshop agenda to all participants.
  • All necessary participants assembled
1.2 Prepare list of vendors and review any contracts provided by them.
  • List of vendors and vendor contracts
1.3 Review current risk management process.
  • Understanding of current risk management process

Module 2: Review Vendor Risk Fundamentals and Establish Governance

The Purpose

  • Review IT vendor risk fundamentals.
  • Assess current maturity and set risk management program goals.
  • Engage stakeholders and establish a risk governance framework.

Key Benefits Achieved

  • Understanding of organizational risk culture and the corresponding risk threshold.
  • Obstacles to effective IT risk management identified.
  • Attainable goals to increase maturity established.
  • Understanding of the gap to achieve vendor risk readiness.

Activities: Outputs:
2.1 Brainstorm vendor-related risks.
2.2 Assess current program maturity.
  • Vendor risk management maturity assessment
2.3 Identify obstacles and pain points.
2.4 Develop risk management goals.
  • Goals for vendor risk management
2.5 Develop key risk indicators (KRIs) and escalation protocols.
2.6 Gain stakeholders’ perspective.
  • Stakeholders’ opinions

Module 3: Assess Vendor Risk and Define Your Response Strategy

The Purpose

  • Categorize vendors.
  • Prioritize assessed risks.

Key Benefits Achieved

  • Risk events prioritized according to risk severity – as defined by the business.

Activities: Outputs:
3.1 Categorize vendors.
3.2 Map vendor infrastructure.
3.3 Prioritize vendors.
  • Vendors classified and prioritized
3.4 Identify risk contributing factors.
3.5 Assess risk exposure.
  • Vendor risk exposure
3.6 Calculate expected cost.
  • Expected cost calculation
3.7 Identify risk events.
3.8 Input risks into the Risk Register Tool.

Module 4: Assess Vendor Risk and Define Your Response Strategy (continued)

The Purpose

  • Determine risk threshold and contract clause relating to risk prevention.
  • Identify and assess risk response actions.

Key Benefits Achieved

  • Thorough analysis has been conducted on the value and effectiveness of risk responses for high-severity risk events.
  • Risk response strategies have been identified for all key risks.
  • Authoritative risk response recommendations can be made to senior leadership.

Activities: Outputs:
4.1 Determine the threshold for (un)acceptable risk.
  • Thresholds for (un)acceptable risk
4.2 Match elements of the contract to related vendor risks.
4.3 Identify and assess risk responses.
  • Risk responses

Module 5: Monitor, Communicate, and Improve IT Vendor Risk Process

The Purpose

  • Communicate top risks to management.
  • Assign accountabilities and responsibilities for risk management process.
  • Establish monitoring schedule.

Key Benefits Achieved

  • Risk monitoring responsibilities are established.
  • Transparent accountabilities and established ongoing improvement of the vendor risk management program.

Activities: Outputs:
5.1 Create a stakeholder map.
  • Stakeholder map
5.2 Complete RACI chart.
  • Assigned accountability for risk management
5.3 Establish the reporting schedule.
  • Established monitoring schedule
  • Risk report
5.4 Finalize the vendor risk management program.
  • Vendor Risk Management Program Manual

Workshop icon Book Your Workshop

Onsite Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn’t enough, we offer low-cost onsite delivery of our Project Workshops. We take you through every phase of your project and ensure that you have a road map in place to complete your project successfully.

Book a Workshop View Blueprint
Visit our COVID-19 Resource Center and our Cost Management Center
Over 100 analysts waiting to take your call right now: 1-519-432-3550 x2019
Contact Us