Vendor Due Diligence: Keep The Risk Out! - · PDF fileVendor Due Diligence: Keep The Risk...
-
Upload
trinhthien -
Category
Documents
-
view
218 -
download
3
Transcript of Vendor Due Diligence: Keep The Risk Out! - · PDF fileVendor Due Diligence: Keep The Risk...
© 2015 ProcessUnity, Inc. All Rights Reserved.
August 25, 2015
Vendor Due Diligence: Keep The Risk Out!
ProcessUnity Risk Suite Comprehensive, Flexible, Scalable
Easy to Use
Cloud Based
Deploys Quickly Senior Project Managers Proven Methodologies Data Migration Tools
Secure, Single Application Automatic System Upgrades Technical Support Included
Simple, Point & Click Configuration Alerts & Notifications Online Help System
RISK SUITE
Enterprise Risk
Regulatory Compliance
Operational Risk
SOX Compliance
Incident Management
Cybersecurity
Offer Management
Third-Party Risk
Policy & Procedures
INTEGRATION
Analytics Data Synchronization
Tableau – SAP / Ariba – RSA / Archer – Oracle
Thomson Reuters – LexisNexis – Dun & Bradstreet
Salesforce.com – Microsoft Office
Third-Party Risk Management Program Automation
3 August 25, 2015 © 2015 ProcessUnity, Inc. All Rights Reserved.
• Full Lifecycle Support - On-Boarding
- Due Diligence
- Vendor Self-Assessment
- On-Site Control Assessment
- Performance Review
- Contract Review
- SLA Monitoring
- Issue Management
Schedule assessments by
pre-defined types
Complete assessments with
automated scoring rules
Alert appropriate personnel through
pre-configured notifications
Manage issues to closure through
workflow
4 August 25, 2015
Agenda Reasonable program
requirements
Why manual doesn’t work
What does work (demonstration)
Summary and Q&A
© 2015 ProcessUnity, Inc. All Rights Reserved.
Reasonable Program Requirements
5 © 2015 ProcessUnity, Inc. All Rights Reserved. August 25, 2015
Due Diligence A reasonable program must…
6
Involve the Business Equip the business to request a vendor certification from the VRM team
Classify Vendors Use established criteria (e.g. financial, information security, reputational, BCP/DR, physical security, legal, privacy, country, compliance, and technology)
Collect and Inspect Data Facilitate assessments to be completed by both the business and the vendor
Reflect Business Policy Establish and adhere to corporate guidelines for the acceptance or restriction of business
© 2015 ProcessUnity, Inc. All Rights Reserved. August 25, 2015
Due Diligence Categories Critical areas you must review before signing a contract
7
IDENTITY FINANCIAL REPUTATION
INFORMATION SECURITY
BUSINESS CONTINUITY COMPLIANCE
GEOGRAPHIC FOURTH-PARTY CONFLICT OF INTEREST
Negative Press?
Financially viable?
Are they for real?
Will our data be secure?
Are they prepared for the worst?
Do they dot the i’s and cross the t’s?
Where does our data go and who performs the
services?
How much risk is out of sight?
Do I need to worry about corruption?
© 2015 ProcessUnity, Inc. All Rights Reserved. August 25, 2015
Due Diligence Categories Critical areas you must review before signing a contract
8
IDENTITY FINANCIAL REPUTATION
INFORMATION SECURITY
BUSINESS CONTINUITY COMPLIANCE
GEOGRAPHIC FOURTH-PARTY CONFLICT OF INTEREST
Negative Press?
Financially viable?
Are they for real?
Will our data be secure?
Are they prepared for the worst?
Do they dot the i’s and cross the t’s?
Where does our data go and who performs the
services?
How much risk is out of sight?
Do I need to worry about corruption?
Verified
Verified
Verified
Verified Verified
Verified
Verified Verified
FINDINGS IDENTIFIED
© 2015 ProcessUnity, Inc. All Rights Reserved. August 25, 2015
Manual Doesn’t Work
9 © 2015 ProcessUnity, Inc. All Rights Reserved. August 25, 2015
Manual Doesn’t Work
The Average Assessment has 400 questions x 70 vendors =28,000 potential answers
to review.
10 © 2015 ProcessUnity, Inc. All Rights Reserved. August 25, 2015
Manual Doesn’t Work
11 © 2015 ProcessUnity, Inc. All Rights Reserved. August 25, 2015
Manual Doesn’t Work
12 © 2015 ProcessUnity, Inc. All Rights Reserved. August 25, 2015
Manual Doesn’t Work
13 © 2015 ProcessUnity, Inc. All Rights Reserved. August 25, 2015
Manual Doesn’t Work
14 © 2015 ProcessUnity, Inc. All Rights Reserved. August 25, 2015
Manual Doesn’t Work
15 August 25, 2015 © 2015 ProcessUnity, Inc. All Rights Reserved.
"The use of spreadsheets to support compliance and risk management results in slow, manual processes, opportunities for inaccuracy and error, impediments to business performance, increased risk exposures, and difficulty in responding to auditors and regulators." David Houlihan Principal Analyst Blue Hill Research
What Works
16 © 2015 ProcessUnity, Inc. All Rights Reserved. August 25, 2015
Due Diligence Process Line of Business Makes a Request
17 August 25, 2015 © 2015 ProcessUnity, Inc. All Rights Reserved.
NEW VENDOR REQUEST
Request for new third-party service is received
Due diligence level identified
Due Diligence Process Level 1 Due Diligence is Required
18 August 25, 2015 © 2015 ProcessUnity, Inc. All Rights Reserved.
NEW VENDOR REQUEST
Request for new third-party service is received
Due diligence level identified
BEGIN DUE DILIGENCE
Vendor Manager initiates Level 1 due diligence
Due Diligence Process 9 Risk Domains Assessed
19 August 25, 2015 © 2015 ProcessUnity, Inc. All Rights Reserved.
NEW VENDOR REQUEST
Request for new third-party service is received
Due diligence level identified
BEGIN DUE DILIGENCE
Vendor Manager initiates Level 1 due diligence
VENDOR SELF-ASSESSMENT Vendor completes
self-assessment questionnaire
INTERNAL ASSESSMENT Complete internal
questionnaire
Conduct internet-based research
IDENTITY
FINANCIAL
REPUTATION
GEOGRAPHIC
INFORMATION SECURITY
BUSINESS CONTINUITY
COMPLIANCE
FOURTH-PARTY
CONFLICT OF INTEREST
Due Diligence Process Vendor Scorecard is Generated
20 August 25, 2015 © 2015 ProcessUnity, Inc. All Rights Reserved.
NEW VENDOR REQUEST
Request for new third-party service is received
Due diligence level identified
DUE DILIGENCE COMPLETED
Complete vendor scorecard
Determine final recommendation
BEGIN DUE DILIGENCE
Vendor Manager initiates Level 1 due diligence
VENDOR SELF-ASSESSMENT Vendor completes
self-assessment questionnaire
INTERNAL ASSESSMENT Complete internal
questionnaire
Conduct internet-based research
IDENTITY
FINANCIAL
REPUTATION
GEOGRAPHIC
INFORMATION SECURITY
BUSINESS CONTINUITY
COMPLIANCE
FOURTH-PARTY
CONFLICT OF INTEREST
Demonstration
August 25, 2015 © 2015 ProcessUnity, Inc. All Rights Reserved. 21
Streamline VRM Reporting
22 © 2015 ProcessUnity, Inc. All Rights Reserved. August 25, 2015
Summary: Keep The Risk Out
23 © 2015 ProcessUnity, Inc. All Rights Reserved. August 25, 2015
Three Steps to Keep the Risk Out
24 © 2015 ProcessUnity, Inc. All Rights Reserved.
If you automate your third-party risk program, it will mature with you over time
Insert pre-contract due diligence into your process
Assess your third parties based on applicable risk domains
August 25, 2015
ProcessUnity Risk Suite Comprehensive, Flexible, Scalable
Easy to Use
Cloud Based
Deploys Quickly Senior Project Managers Proven Methodologies Data Migration Tools
Secure, Single Application Automatic System Upgrades Technical Support Included
Simple, Point & Click Configuration Alerts & Notifications Online Help System
RISK SUITE
Enterprise Risk
Regulatory Compliance
Operational Risk
SOX Compliance
Incident Management
Cybersecurity
Offer Management
Third-Party Risk
Policy & Procedures
INTEGRATION
Analytics Data Synchronization
Tableau – SAP / Ariba – RSA / Archer – Oracle
Thomson Reuters – LexisNexis – Dun & Bradstreet
Salesforce.com – Microsoft Office
26 August 25, 2015 © 2015 ProcessUnity, Inc. All Rights Reserved.
Get Started on the Road to Automation with a Custom Demo www.processunity.com/contact