How to create a vendor risk management programme
Third-party relationships can introduce a whole range of risks that might impact business operations, data security, compliance, and reputation to the outside world.
In a recent white paper, third-party risk software provider ProcessUnity identifies four key points to creating a vendor risk management programme.
Identify potential vendor risks
The paper argues that companies can waste time and money completing deep analysis of all partners and vendors, when some may well be of very little consequence or risk.
Their suggested strategy is to categorise and prioritise vendors in order of the potential risk they pose, for example if one looks after customer financial transactions.
Develop strategies for addressing higher risk vendors
If your VRM process has picked out a vendor that may pose some kind of risk, but you still require them as a business partner, it is important to make sure a strategy is in place to stop their potential issues causing you any harm.
The paper suggests working closely with the vendor to try and solve the problem, monitor their performance to make sure matters are improving, and to also have a plan to follow if the vendor crosses a threshold of risk.
Align vendor control environments with your internal framework
Your organisation will already have controls in place to minimise any internal risk, so it is important to work with the potentially risky vendor to find out how effective the controls they have in place to mitigate the issues you have identified.
A gap analysis can be carried out to establish how far apart the two organisations are, and to work together to try and close the gap in standards.
Implement ongoing oversight utilising metrics and external alerts
Finally, the whitepaper suggests setting up a series of metrics to measure performance, and the risks that are associated with those issues.
External alert services can also be a useful tool, to surface if the vendor is having business issues that may impact the performance of their supplied service and allow you to address it quickly.
Supply Chain Risk Management requires revision
Writing recently for Supply Chain Digital, Alex Saric, CMO at Ivalua argued that a new, smarter approach to supplier management is required.
“A new, smarter approach to supplier management is required. To do this, businesses must first adapt their approach to assessing supply chain risk. Too often, the process is little more than a tick the box exercise on individual suppliers.
It needs to expand to include sub-tier suppliers. Companies are exposed not just to their immediate suppliers, but also to suppliers that their suppliers depend on.”
This is backed up by a 2021 McKinsey survey of global supply chain leaders found that only 48% have visibility into Tier 1 suppliers, 21% into Tier 2 and only 2% into Tier 3.
******
For more insights into the world of supply chain read the latest edition of Supply Chain Digital and be sure to follow us on LinkedIn & Twitter.
Other magazines that may be of interest: Procurement, Manufacturing & Sustainability. Also check out our upcoming event in September: Procurement & Supply Chain LIVE London.
******
BizClik is a global provider of B2B digital media platforms, for leaders across: Sustainability; Procurement & Supply Chain; Technology & AI; Cyber; FinTech & InsurTech; Manufacturing; Mining; Energy; EV, Construction; Healthcare; and Food. Based in London, Dubai, and New York, BizClik offers services including content creation, advertising & sponsorship solutions, webinars & events.