Contract Management

 View Only

  • 1.  Vendor risk and contracting

    This message was posted by a user wishing to remain anonymous
    Posted 04-14-2023 06:14 AM
    This message was posted by a user wishing to remain anonymous

    What risk rating are you using as a basis when contracting and insurance requirement? Do you use the inherent risk rating or the residual risk rating?



  • 2.  RE: Vendor risk and contracting

    Posted 04-19-2023 11:26 AM

    Hello,
    The inherent risk rating determines all vendor risk management requirements and routines. The rationale for not using the residual risk rating is that residual risk is based on the assumed sufficiency of the controls. Those controls are verified at a point in time and can and do sometimes change or fail; they also don't eliminate the risks presented in the vendor engagement.

    Always use your inherent risk to determine the scope of due diligence, contractual requirements, level of insurance, and routines to monitor and manage vendor risk and performance.

    I hope that is helpful but I would love to hear from other members.




  • 3.  RE: Vendor risk and contracting

    Posted 04-19-2023 11:29 AM

    Thank you Hilary for the guidance!

     

     

    Confidentiality Notice | This e-mail, including attachments, may include confidential and/or proprietary information, and may be used only by the person or entity to which it is addressed. Any unauthorized use or disclosure is prohibited.  If you are not the intended recipient, please notify the sender by reply e-mail and delete or destroy all copies of the original message and any attachments immediately.




    Original Message