This message was posted by a user wishing to remain anonymous
Hi Colleen,
Our risk is weighted by these catagories. Operational Reliance, Annual Spend, Borrower/Consumer Data, Operational Replacement, Reputional Risk, Finanical Impact , Regulatory Exposure and Vendor Incident History. Our business units fill out a assessment form and they rate the vendor. We review the rating along with our due dilengece documents to insure the rating is accurate. If we fill we need to upgrad the rating or down grade it we discuss with the business units .
We rate our high risk vendors yearly. Based on the rating we also determine how we handle the review requirements.
Original Message:
Sent: 06-25-2020 07:07 PM
From: Colleen Jewell-Suiter
Subject: Product - Service Risk Assessment
Hi All,
We are currently working on developing a product-service risk assessment due to an external IT audit recommendation for our vendor management program. I'm wondering if anyone else has implemented this process and would be willing to share their risk assessment and the process they use?
Thanks in advance for your help!
Colleen Jewell-Suiter
Risk Analyst, Operational Risk Department
Peoples Bank