Risk Assessments

 View Only

Welcome to the Risk Assessments Community. Here you will find the latest discussions and resources that can help you in this area. Use this community to discuss anything about doing vendor risk assessments. Note: You will need to Sign In to join in the discussions and access resources. 

About Third-Party Risk Assessments: The risk assessment process is a fundamental foundation of a well-managed third-party risk program. A disciplined approach and repeatable process can lay a firm basis for better informed due diligence, structured ongoing monitoring, and meaningful impact in mitigating concerns introduced by your organization's third parties. Taking it a step further, understanding how to mitigate inherent vendor risk is crucial to determining if the benefits of the outsourced product or service outweigh the risk posed.

Latest Discussion Posts

  • Profile Picture

    RE: Concentration Risk

    Concentration risk insight enables risk-informed decisions whether concentrations are acceptable, but it is not necessarily a case for change. More

  • Profile Picture

    Concentration Risk

    This message was posted by a user wishing to remain anonymous Looking for inspiration and practical methods to assess and monitor concentration risk with third parties e.g. when it relates to: Over-reliance to one vendor for critical services ... More

  • Hello, We also use individual risk area scores (we have 10 risk areas we assess) instead of an aggregated risk score or tiering for similar reasons. This allows us to focus on specific risks and managing them and assures they aren't tiered low or high ... More

  • Consider changing the overall risk for the assessment to be highest risk domain. Using your example, the Very High domain would be the reported risk for the vendor. This is the methodology we use to rate the overall risk in our program. This conservative ... More

  • Agree re using IRR to set cadence. Amongst other bits, if it takes 2 months to complete RR due diligence n this is a critical vendor service, you would be reassessing IR every 14 months , 2 months past a typical 12 month cycle ------------------------------ ... More

Polls