Skip main navigation (Press Enter).

Due Diligence and Ongoing Monitoring

View Only

Venminder Venmonitor

Back to discussions

Expand all | Collapse all

Reassessing and Residual Risk

Anonymous Member07-17-2025 02:16 PM

This message was posted by a user wishing to remain anonymous For those that use a baseline inherent ...

Anonymous Member07-23-2025 08:58 AM

This message was posted by a user wishing to remain anonymous We use an inherent risk assessment ...

1. Reassessing and Residual Risk

Like
This message was posted by a user wishing to remain anonymous
Posted 07-17-2025 02:16 PM
This message was posted by a user wishing to remain anonymous

For those that use a baseline inherent risk assessment during onboarding to determine risk level, do you reassess once it and the residual risk is complete if the risk rating changes? If so, when? During onboarding, or wait until the next review time?

Thanks in advance!
2. RE: Reassessing and Residual Risk

Like
This message was posted by a user wishing to remain anonymous
Posted 07-23-2025 08:58 AM
This message was posted by a user wishing to remain anonymous

We use an inherent risk assessment to assign the initial vendor tier structure. Once the inherent risk and tier are set, we do not redo inherent risk assessments. Instead, we conduct residual risk assessments at onboarding, whenever new information is provided, and at least annually. This ensures we're continuously monitoring and managing risk without re-evaluating the core risk factors that determine the original tier.

Powered by Higher Logic

Global message icon