Risk Assessments

 View Only

Welcome to the Risk Assessments Community. Here you will find the latest discussions and resources that can help you in this area. Use this community to discuss anything about doing vendor risk assessments. Note: You will need to Sign In to join in the discussions and access resources. 

About Third-Party Risk Assessments: The risk assessment process is a fundamental foundation of a well-managed third-party risk program. A disciplined approach and repeatable process can lay a firm basis for better informed due diligence, structured ongoing monitoring, and meaningful impact in mitigating concerns introduced by your organization's third parties. Taking it a step further, understanding how to mitigate inherent vendor risk is crucial to determining if the benefits of the outsourced product or service outweigh the risk posed.

Latest Discussion Posts

  • It is important to maintain strong cross functional collaboration between IT and the TPRM team to ensure critical TP services are not overlooked. We also ensure our contracts have clauses that require the critical TP to provide us with their up-to-date ... More

  • The Business Continuity Team, responsible for conducting the Business Impact Analysis (BIA), should review the list of third-party vendors. This review will ensure that each business line identifies its vendor dependencies and evaluates them according ... More

  • I think its important for the TPRM team to work with IT in order to designate those suppliers/vendors that are operation critical to ensure they are at least noted within the BIA/BC planning. Its important to understand which vendors you will need to ... More

  • Hello, A foreign country assessment will typically look similar to an assessment performed on a domestic vendor. For instance, both foreign and domestic vendors should undergo OFAC/PEP checks, and their hiring practices should be thoroughly ... More

  • This message was posted by a user wishing to remain anonymous Is TPRM involved with the bank's BCP/BIA designation of third party providers? We currently have many Critical inherent risk services that are not included in BCP/BIA provider lists. There ... More

    1 person likes this.

Polls