You’re in a predicament. You recently sent your vendor the vendor risk assessment questionnaire not once, not twice but three times and they still haven’t filled it out. To make matters even worse, they’re a critical vendor.
It’s extremely important that you receive their responses. You can’t properly assess the risk the vendor relationship places on your organization without answers to this questionnaire. What do you do now?
5 Steps to Take When a Vendor Won’t Fill Out the Vendor Risk Assessment Questionnaire
I recommend taking the following five steps to approach the situation:
- Document your requests to gather the information. Log all emails, formal memos, meetings, phone calls, etc. This will help save you from being reprimanded by examiners/auditors as they’ll see you’ve been trying – and often!
- Ask your senior management team to help escalate with their senior management. They should have an action plan in place for situations like this. Ensure that your senior management team is willing to back you up in making waves with the senior management team at the vendor. Sometimes, it’s as easy as having someone else explain WHY you need it.
- Check and see if there are records of prior due diligence completed by the vendor. If so, perhaps you can just ask the vendor to note only what has changed.
- Remember, reports of examination can be obtained from your regional prudential regulator, but you’ll want to be ready to explain to the regulator WHY you need it. Obtain the report to help with filling out the vendor risk assessment questionnaire.
- You can, and should, get creative as needed. Some ways to do so include asking the vendor if they can host a WebEx meeting to discuss the vendor risk assessment questionnaire in detail or if they are able to provide something else.
If all this fails, you may even need to consider a site visit. What’s going on that is causing the delay or lack of responsiveness? A site visit may be your best course of action to find any risk that they’re trying to keep concealed, if any.
However, with that, sometimes you’ll have exhausted all options with no luck. Due to that, be prepared in case you need to terminate the relationship. It may not be easy, but you may need to exercise those rights.
Does your vendor risk assessment questionnaire include the right components? Download the eBook.