
Regulatory bodies usually tell you who to assess and how often. However, determining questions to ask in the assessment is frequently left up to you. How do you decide? How might results impact company policies and procedures? Build and test your third-party assessment program internally using questionnaires that reflect your company’s
risk appetite.
Obtaining data is one of the biggest challenges in managing third-party risk and a high quality assessment is key. To improve the quality of your questionnaires, start with a widely accepted assessment, like the Standard Information Gathering (SIG) questionnaire from Shared Assessments, and tailor it to your specific business needs
and processes.
Assessments are something you do on a continuous basis and often with the same vendors. If your assessment engine pre-populates data, the entity you’re assessing only has to address changes. It’s less work for them and you, and may even improve the response rate.
When third parties expand their services to your company, it changes their risk profiles. One of the best ways to address this is to periodically assess third parties for changes and update risk profiles accordingly. This way, your third-party risk profile is always current.
Most organizations assess third parties to manage financial risk. There are other risks to be concerned about like service interruptions and upset customers. Sometimes small risks open the door to more serious consequences. Losing revenue can cause problems, but it is recoverable. Losing your reputation may not be.
Any third party can be a business continuity risk. The litmus test is if their service stopped, it would interrupt yours. Maybe it’s the provider of IT services or a supplier with a key role in the supply chain. Third parties that you’re greatly dependent on can pose business continuity risks that can be identified through a risk assessment.
Lockpath by NAVEX Global assists companies with third-party risk management as part of an integrated risk management program. Contact us to learn more.
Thank you for subscribing! Please be sure that @navexglobal.com is on your company's safe sender list to ensure our emails reach your inbox!