Managing Third Party Risk from Vendors

Jan 05, 2016

Disruptive events like natural disasters, workplace incidents, data breaches, and supply chain disruptions can all have costly consequences even for the most affluent organizations. Without a doubt outsourcing has many benefits such as greater efficiency, lower costs, labor force flexibility, and an infusion of skills. But does your organization require adequate third-party risk assessments and controls to mitigate against events like these, and more importantly are your vendors compliant to these requirements?

Don’t let third-party risk from vendors ruin the reputation of your organization, leaving you to deal with unhappy customers and stakeholders. These events could also leave your organization exposed to litigation, prosecution, or fines from regulatory authorities.

Piggy backing off your current safety, quality, or risk management systems provides an opportunity to assess current vendor risk, incident, and hazard data for the work being tendered. This can then be used to develop the assessment criteria for your future vendor management system. Most importantly though, vendor risk is not just about safety risk.

It’s true an effective vendor management system will make your organization safer and more secure, allowing you to identify and monitor vendor safety risk while improving safety controls across an organization. A vendor management system should also include the ability to assess the strategy, structure, people, process, and technology across the whole of vendor management lifecycle.

An effective vendor management system can be either online Software-as-a-Service (SaaS) or stand alone on your own server. Whichever method is chosen, it should allow access to your vendors giving them the ability to self-manage themselves, by uploading certifications, uploading compliance documentation, and conducting training modules or accessing induction materials.

The supplier or vendor evaluation is a widely used assessment in supply chain management and procurement today; therefore, it makes sense to include this in your vendor management system. The vendor evaluation should be the key tool providing a quantitative assessment to ensure that only best-in-class vendors are available to minimize third-party risk to your organization.

Another valuable and equally common tool that should be used in your vendor management system is the risk assessment tool. Risk assessment of vendor tasks and operations should be a key request in all tender documentation packs.

If you require further information, BROWZ has many years’ experience and understands vendor risk. They can help develop a vendor management system that will be not only effective but will make your organization safer and more secure and minimize disruptions from third party risk.


Category: risk mitigation