Proactively Identify and Mitigate Vendor Risk

Promote a collaborative approach to vendor risk management and guard against regulatory, security, operational, and financial risk.

Onsite Workshop

A vendor risk management program can help organizations achieve risk readiness and address the following concerns:

Increased probability of underperformance
Higher costs due to additional spend, inflated price increases, and complex integrations
Difficulty resolving conflicts
Business disruption caused by vendors

Achieve the following with a vendor risk management program:

Better performance from vendors, benchmarked year over year
Risk mitigation plan in case conflicts arise
Avoid risks all together through a rigorous selection process
Avoid unplanned spend upfront by examining requirements and the vendor landscape

The Purpose

To prepare the team for the workshop.

Key Benefits Achieved

Avoids delays and interruptions once the workshop is in progress.

Activities:		Outputs:
1.1	Send workshop agenda to all participants.	All necessary participants assembled
1.2	Prepare list of vendors and review any contracts provided by them.	List of vendors and vendor contracts
1.3	Review current risk management process.	Understanding of current risk management process

The Purpose

Review IT vendor risk fundamentals.
Assess current maturity and set risk management program goals.
Engage stakeholders and establish a risk governance framework.

Key Benefits Achieved

Understanding of organizational risk culture and the corresponding risk threshold.
Obstacles to effective IT risk management identified.
Attainable goals to increase maturity established.
Understanding of the gap to achieve vendor risk readiness.

Activities:		Outputs:
2.1	Brainstorm vendor-related risks.
2.2	Assess current program maturity.	Vendor risk management maturity assessment
2.3	Identify obstacles and pain points.
2.4	Develop risk management goals.	Goals for vendor risk management
2.5	Develop key risk indicators (KRIs) and escalation protocols.
2.6	Gain stakeholders’ perspective.	Stakeholders’ opinions

The Purpose

Categorize vendors.
Prioritize assessed risks.

Key Benefits Achieved

Risk events prioritized according to risk severity – as defined by the business.

Activities:		Outputs:
3.1	Categorize vendors.
3.2	Map vendor infrastructure.
3.3	Prioritize vendors.	Vendors classified and prioritized
3.4	Identify risk contributing factors.
3.5	Assess risk exposure.	Vendor risk exposure
3.6	Calculate expected cost.	Expected cost calculation
3.7	Identify risk events.
3.8	Input risks into the Risk Register Tool.

The Purpose

Determine risk threshold and contract clause relating to risk prevention.
Identify and assess risk response actions.

Key Benefits Achieved

Thorough analysis has been conducted on the value and effectiveness of risk responses for high-severity risk events.
Risk response strategies have been identified for all key risks.
Authoritative risk response recommendations can be made to senior leadership.

Activities:		Outputs:
4.1	Determine the threshold for (un)acceptable risk.	Thresholds for (un)acceptable risk
4.2	Match elements of the contract to related vendor risks.
4.3	Identify and assess risk responses.	Risk responses

The Purpose

Communicate top risks to management.
Assign accountabilities and responsibilities for risk management process.
Establish monitoring schedule.

Key Benefits Achieved

Risk monitoring responsibilities are established.
Transparent accountabilities and established ongoing improvement of the vendor risk management program.

Activities:		Outputs:
5.1	Create a stakeholder map.	Stakeholder map
5.2	Complete RACI chart.	Assigned accountability for risk management
5.3	Establish the reporting schedule.	Established monitoring schedule Risk report
5.4	Finalize the vendor risk management program.	Vendor Risk Management Program Manual

GET HELP Contact Us

×

VL Methodology