Risk Assessments

 View Only

  • 1.  Questions for Residual risk assessments

    This message was posted by a user wishing to remain anonymous
    Posted 06-27-2022 06:46 AM
    This message was posted by a user wishing to remain anonymous

    Good morning.  We are revamping our vendor management program. I'm looking for some questions that others ask when doing a residual risk assessment filled out by the owner of the vendor or product. I want to compare with what I already have to make sure this is easier for the owner to fill out and still get a correct risk assessment. thank you in advance for your advice and help.


  • 2.  RE: Questions for Residual risk assessments

    Posted 07-12-2022 11:19 AM

    When it comes to residual risk, questionnaires can be a bit tricky. First, your inherent questionnaire should be completed by your vendor/product owner. But when considering residual risk, your subject matter experts should provide the data to determine if the likelihood, occurrence, severity, or impact of those inherent risks have been reduced. You may wish to include a risk summary with a rating to the subject matter experts and ask them to rate the risk levels after the controls have been considered. Keep in mind that there is a difference between stating controls exist vs. testing controls for effectiveness. Controls that exist but have not been tested should not reduce the inherent risk rating. I hope that helps but would love to hear from other members.




  • 3.  RE: Questions for Residual risk assessments

    Posted 07-12-2022 12:03 PM
    Hello -- could you share your email address I have a sample questionnaire that I can share. Or you can send me an email at [Email removed by Community Manager for Privacy Reasons. Reach out to the Member directly for their email address.} -------------------------------------------

    Original Message


  • 4.  RE: Questions for Residual risk assessments

    Posted 07-13-2022 06:51 AM

    Hi there,

    You can reach me at [Email has been removed by Community Manager for privacy reasons. Reach out to the member directly for their email address.]

     

    I would be happy to look at your questionnaire.

    Thanks,

    Hilary

     




    Original Message


  • 5.  RE: Questions for Residual risk assessments

    Posted 10-19-2022 05:16 PM
    Any chance you'd be willing to share your questionnaire with me? [Email removed by Community Manager for privacy and security reasons. If you need the member's contact information, please message them directly by going to their member profile in the community]. I'm in the process of trying to convert our standard Vendor Risk Assessment to using the Advanced Risk Assessment within Venminder but the concept of having controls linked to each question rather than categories is somewhat new to us so I'm curious how others address this and also what types of additional questions are added when working through the residual risk?  Any examples, or advice would be greatly appreciated. Thanks in advance!
    Original Message