Managing risk through pre-contract vendor due diligence in a digitally connected world
In today’s connected business environment, a company is increasingly exposed to risks, particularly through outsourcing to third party vendors. With a complex network of vendors to manage, you want to ensure that your organization is abreast of potential vulnerabilities. Yet, current systems are still ineffective. PWC found that out of the 71% of companies who are confident of their security activities, only 32% of require third parties to comply with their policies.
To effectively manage vendor risk, the process starts with pre-contract vendor due diligence prior to onboarding.
Our white paper, Conducting Pre-Contract Vendor Due Diligence, outlines how to modernize your due diligence process through automation. For a comprehensive risk picture, the white paper outlines how to create a program that is documented and repeatable. This can be followed by a two-stage evaluation of vendors – both internally and externally:
Internal Due Diligence
- Identity – Are they who they say they are?
- Financial – Do they have outstanding debts or weak revenue streams?
- Reputation – Are they regarded well enough for the trust of your customers?
- Geographic – Where does your data go and is the vendor located in a potential vulnerable area?
External Due Diligence
- Information Security – Is the data shared with them secure and what controls are in place to ensure security?
- Business Continuity – In event of disaster, does the vendor have resources and facilities to restore operations
- Compliance – Do they have formal policies and processes to ensure compliance?
- Fourth-Party – What is the risk coming from your vendors’ vendors?
- Conflict of Interest – Is there potential for corruption? If so, are there restrictions put in place?
A comprehensive and consistent review of vendors evaluating the above requires large scale questionnaires. A small to medium size firm with a 400-question questionnaire and 70 critical vendors to assess needs to review answers to 28,000 questions. As a result, using manual processes (spreadsheets!) is not manageable. Automation is essential to implement and scale the due diligence process.
The best way to manage vendor risk is by intercepting it at the start. Download our white paper and build a plan to formalize your pre-contract vendor due diligence process, and to automate it for efficiency, transparency, and consistency.
The post Keep Risk Out with Pre-Contract Vendor Due Diligence appeared first on Risk Management Blog.