6 Steps to Completing a Vendor Risk Assessment Process

Video Transcript

Hi – I’m Kelly Vick with Venminder.

In this 90-second video, you are going to learn 6 steps to completing a vendor risk assessment process.

At Venminder, we have designed vendor risk assessment templates and a methodology that our clients use inside our platform every day to risk rate their vendors.

So, let’s dive in.

Step one. Begin your risk assessments by determining whether the vendor is critical or non-critical by looking at their business impact risk. Then, determine if they are high, medium or low risk by looking at their regulatory risk.

Step two. You need to identify the inherent risk. The inherent risk is your “first impression” risk. For example, you should know almost immediately if the vendor will have access to non-public personal information or not. If they do, that is inherently a risky relationship.

Step three. You need to take steps to mitigate risk, like collecting additional due diligence to review or relaying concerns to your vendor. Once you mitigate the risk, you are left with the residual risk.

Step four. Determine the frequency of your oversight activity. You should determine this based on the criticality and risk level.

Step five. Report the risk assessment findings to senior management and the board. Be sure to highlight any concerns.

And finally. Step six. The vendor risk assessment will need to be updated periodically – we recommend at least annually if the vendor is high risk or critical.

Remember, evaluating risks ahead of time, and taking steps to address them now, can avoid some very costly surprises down the road.

See you next time.