Vendor Risk Assessment

This article seeks to draw the attention of the executive management of enterprises to the growing importance of vendor risk assessments. Given that modern enterprises outsource non-core processes and operations to business partners and vendors, it is immensely important that a thorough risk assessment is performed of all control aspects and at all times—before the outsourcing and continuing risk assessments. Regulators hold enterprises responsible for data leakages by business partners and vendors. Therefore, enterprises need to ensure that appropriate metrics for measurement of vendor and business partner performance is well laid out in the agreements with the vendors and business partners. Indicative reference framework such as COBIT 5 framework for vendor management, how we manage a cloud service provider and key risk assessment processes have been provided to assist the executive management. Third party audits of businesses and operations of key vendor and business partners need to be conducted.