Hi Hannah! I have each third-party set-up only once and then create a separate "service" within to capture the the risks, relationship owners, etc., for each. Unfortunately, the system does not currently allow me to automatically aggregate the risk for the third-party other than rating it as the highest rated service risk, so I have to do the aggregation manually (for example, if I have 10 Moderate Risk services, I might manually override the risk of the third-party to be a HIGH RISK. As an aside, I factor in company related risk mitigants to each service - for example, if one of the services is technology related, I factor in cyber insurance to determine the residual risk.
Original Message:
Sent: 08-10-2023 02:58 AM
From: Hannah MacDonald
Subject: Inventory
Gene I'd be really interested in understanding how you rate your inherent and residual risks when you use the same supplier but for different services. Are you tracking those at an individual level and then aggregating?
Thanks
-- Hannah MacDonald Supplier Operations Lead
--
This email is confidential and protected by copyright, and might contain privileged information. The same goes for any attachments.
If we've sent it to you by mistake (sorry), please don't copy it or show it to anyone. You also shouldn't use it to make a decision, and you shouldn't rely on the contents. Let the sender know as soon as you can, and then delete the email. Thank you!
Monzo Bank Limited is a company registered in England and Wales (No. 09446231) registered at Broadwalk House, 5 Appold St, London, EC2A 2AG. Monzo Bank Ltd is authorised by the Prudential Regulation Authority (PRA) and regulated by the Financial Conduct Authority and the PRA. Our Financial Services Register number is 730427.
Original Message:
Sent: 8/9/2023 3:07:00 PM
From: Gene Fox
Subject: RE: Inventory
We track a lot of data through our tool but if you are doing it manually, I think the key pieces of data are:
Company name (official name and any DBAs), phone number, address
Company contact name, phone number, e-mail
The name, phone number and e-mail of your internal person who serves as the Relationship Owner
Service provided, applications used to provide the service
Contract expiration date and how many days before expiration would you need to provide written notice of termination
Insurance expiration dates
Critical or not
Inherent risk rating
Residual risk rating