The Importance of a Vendor Risk Assessment

April 27, 2012 · READ

Given the current economic climate, many companies are looking to trim the fat and focus on core specialties. In order to realign their priorities, corporations are outsourcing key functions to third-party vendors or suppliers, ranging from accounting tasks to manufacturing. This practice is effective in that it can essentially reduce costs, enhance performance, free up vital resources – such as time – and streamline the way a company works.

But while this practice may alleviate some tedious or arduous functions and enable the business to excel at what it does best, it also opens companies up to various risks through the actions of these third-party vendors. This is especially the case when it comes to large corporations dealing with multiple vendors or suppliers.

Bigger companies are inherently more complex, and managing a multitude of supplier and vendor relationships adds even more volatility that needs to be tracked. Different departments may conduct communications with vendors through a variety of means, which makes it difficult to identify potential risks. In many situations, there is little accountability for the management of these relationships and the subsequent risks they can have.

Risks Associated With Vendors and Suppliers

Suppliers and vendors are effective in outsourcing the day-to-day nitty-gritty details of a time-consuming process or activity. But ultimately, the company that hires these vendors is still responsible for what they do and key stakeholders must make sure vendors are meeting all the compliance requirements that their business is accountable for.

There are several risks associated with the vendor-company relationship, the Consumer Compliance Outlook notes. While that isn’t to say these partnerships are always risky, corporations still need to be aware of these issues any time they enter into a new partnership.

  1. Legal Risk: Compliance standards have grown more complex over the years, with many companies spending more money to ensure they don’t fall on the wrong side of the law. This is particularly the case in some heavily regulated industries, such as financial services. When various tasks are assigned to third-party vendors and suppliers, it is paramount to ensure whatever business practices they follow don’t end up getting the company in trouble. Contractual obligations are another issue that could cause potential legal risks for a business.
  2. Reputational or Brand Risk: When companies outsource any part of the production, they are essentially putting their brand and reputation in the hands of another company. If the supplier or vendor breaks compliance and consumer laws or practices other bad habits, it’s likely to affect the perception of the company as well. Just note the issues Apple has had with its Taiwanese supplier, Foxconn. The awful work conditions at the manufacturer have cost Apple some bad publicity, and now the Cupertino, California-based electronics giant is reanalyzing its entire supply chain to ensure future incidents don’t occur.
  3. Operational Risk: Finally, there are substantial operational risks associated with using third-party vendors. If companies are looking to save money, they may opt to use a vendor that isn’t very expensive. Of course, this could lead to lower-quality work as well, hindering company performance and negatively impacting end-line customers.

For example, if a company hires an accountant who is overworked and booked with other clients, this could lead to missed details. This will have a trickle-down effect on the company that hired him, giving them bad information and perhaps leading to unwise operational decisions being made.

Supplier and vendor risks usually occur because of key relationship mismanagement faults. Inconsistent cataloging, sloppy recording of communications and details, the challenges of doing business across time zones and business units, lack of security, and inconsistent testing are all pitfalls that can lead to risks becoming meaningful threats to a company, KRAA Security notes.

Assessing the Vendor/Supplier Relationship

To that end, it’s crucial to perform risk assessments on these outside organizations to mitigate any potential threats. Prevention is key, and in that respect, due diligence can be leveraged as a means to nip these non-productive relationships in the bud.

Risk assessment needs to be considered a continuous process when dealing with third-party vendors, not something performed once and then forgotten about. In that regard, a well-documented vendor risk management model can help ensure key issues are being addressed.

“[Companies] that outsource a service or product must adopt appropriate controls, policies and procedures, and oversight to mitigate outsourcing risks effectively,” the Consumer Compliance Outlook report notes. “Institutions should focus on five key areas for effective risk mitigation: vendor selection, vendor contract, vendor management and monitoring, human resource management, and contingency planning.”

  1. Vendor Selection: Due diligence is paramount to avoiding issues in the first place. Companies should be sure to carefully research a supplier or vendor before signing on with them, asking relevant questions, and requesting references when suitable.
  2. Contracts: Determining the contract is also important. Companies should know what they want out of a partnership and contracts should help them achieve those goals. Contracts also protect the company against future legal threats.
  3. Vendor Management: After a contract has been signed, don’t just forget about a deal. Monitoring a business relationship is important to ensure success and further mitigate risks.
  4. Human Resources Management: Operational risk is a very real concern to many management teams and turning over key functions can create a distracting situation. HR can help alleviate any of these issues.
  5. Contingency Planning: Sometimes, things don’t go through as expected. An effective backup plan will help mitigate any risks from outsourcing efforts not working out.

Companies can also employ an unbiased, objective template to evaluate these relationships. A numerical scale can help objectively evaluate various criteria and link different elements together. This is paramount to the successful analysis of these outsourcing initiatives and determining whether they are meeting goals while minimizing risks.


Request a Demo

I'd like to learn more about
  • I'd like to learn more about
  • Enterprise Risk Management
  • Incident Management
  • IT Risk
  • IT Compliance
  • Investigations Management
  • Security Operations Management
  • Compliance
  • Security Audit
  • Loss Prevention
  • Brand Protection
  • ESRM
  • Internal Audit
  • Internal Control (SOX)
  • Third Party Risk Management
  • Threat Assessment

I agree to receive promotional email messages from Resolver Inc about its products and services. I understand I can unsubscribe at any time.

By submitting this form you agree to Resolver's Terms Of Service and Privacy Policy.