.gif?width=1920&name=Sample-Graphic-Animation%20(1).gif)
Available on
Podcast Transcript
Hi - this is Ramin Zacharia with Venminder.
In this podcast, you'll learn why reviewing your vendor's financials is an important activity within your overall third-party risk management program, especially in today's changing business environment. A vendor's financial health can significantly impact other risk areas within your third-party risk program, so we'll also share some guidance if you notice any red flags in your vendor's financial records. 
Here at Venminder, we have a team of certified industry experts who can help your organization build an effective third-party risk management program. Our experts understand how different risk domains are connected, and why it's important to continually monitor and re-assess risks to keep organizations protected.
Most of us can agree that today's business climate is unpredictable. Several factors can negatively impact the financial health of a vendor's organization, including inflation, political instability, and ongoing supply chain issues. Businesses often cut costs when they experience a decline in financial performance, which can have unintended consequences downstream. Among these consequences are service performance issues, lack of staffing to support existing customers and to meeting contractual obligations, and increased cybersecurity incidents and exposure associated with inadequate cybersecurity infrastructure.
Today, it's more important than ever to consider your vendor's financials and watch out for red flags such as declining revenue, negative or declining cash flow, or significant debt obligations and liabilities that your vendor may be privy to.
Here are three examples of how declining revenue, one of those factors, can overlap with other vendor risks:
First, imagine that your vendor's revenue base has fallen because of the rise of inflation, and their clients have become more cost-conscious due to the challenging economic environment. To save money, the vendor decided to cut 10% of its staff, leaving the remaining employee base with an increased workload. As a result, one or more of the items listed in the service level agreement are not met, and it negatively impacts your organization's customers. This example shows how vendor financial health can expose you to additional operational risk.
In another example, let's consider how political instability can affect a vendor's revenue profile and financial health. Assume one of your vendors lost most of its customers due to the continuing conflict between Russia and Ukraine. The vendor has experienced a decline in revenue due to its geopolitical geographical concentration in a politically unstable area, and it can’t renew certain contracts with its own vendors, on whom it relies for its solutions. One of these contracts is with a critical subcontractor that provides cybersecurity vulnerability detection and patching services. Because the vendor had to forgo this relationship with the critical subcontractor, the vendor had a data breach, leading to your customers' data being leaked and exposed on the dark web and other areas in public. Due to the deterioration of your vendor's financial health, your organization experienced security, compliance, privacy, and reputational issues.
Finally, this last example involves supply chain disruptions, which continue to leave a lasting impact on many organizations in today’s climate. Because of global supply chain disruptions, the vendor has been steadily losing revenue and can no longer invest in newer technologies, tooling, or capital projects. By utilizing aging technology, the vendor will expose itself to vulnerabilities, putting you and your organization at risk from both an information security and strategic risk perspective.
These examples show why performing initial and ongoing financial due diligence on your vendors is essential. This typically involves assessing the vendor's 3 key statements known as the income statement, balance sheet, and cash flow statement at a minimum.
Suppose you discover any red flags such as declining revenue or negative/declining cash flow and liquidity. In that case, remember these few tips:
First, ask your vendor for more information to address some of your concerns and give you a more holistic, comprehensive understanding and view of your vendor's financial health.
Second, make sure any red flags and supporting documentation are reviewed by qualified subject matter experts either internally or externally so they can advise on next steps and assist your organization in interpreting the financial details.
And finally, always refer to your service level agreement with the vendor to determine if your vendor has failed to meet a financial performance clause. If they have, your organization may be within its legal rights to explore other vendor relationships that fit your organizational needs.
We can’t predict the future of our business climate, but we can stay vigilant about vendor financial risks. For third-party risk management to be effective, knowledge of your vendor's financials and its financial health must be part of the program.
Thank you for tuning in; catch you next time. Take care.
