Vendor Due Diligence - ProcessUnity Diligence Categories Critical areas you must review before...

Vendor Due DiligenceJANUARY 2017

2 © 2017 ProcessUnity, Inc. All Rights Reserved.

Today’s Hosts Meet the ProcessUnity Team

Ed ThomasVice President of Marketing

Gary PhippsDirector of Risk Solutions

Easy to Use

Cloud Based

Deploys Quickly• Senior Project Managers• Proven Methodologies• Data Migration Tools

• Secure, Single Application• Automatic System Upgrades• Technical Support Included

• Simple, Point & Click Configuration• Alerts & Notifications• Online Help System

RISK SUITE

INTEGRATION

Analytics Data Synchronization

Tableau – SAP / Ariba – RSA / Archer – Oracle

Thomson Reuters – LexisNexis – Dun & Bradstreet

Salesforce.com – Microsoft Office – LMS Solutions


ProcessUnity Risk SuiteComprehensive, Flexible, Scalable

Policy & Procedure

ManagementComplianceManagement

Third-PartyRisk Management

Platform Tailored Applications

Risk Management

4

Agenda Reasonable program

requirements Why manual doesn’t

work What does work Summary and Q&A

© 2017 ProcessUnity, Inc. All Rights Reserved.

Third-Party Risk ManagementProgram Automation


• Full Lifecycle Support- On-Boarding- Due Diligence - Vendor Self-Assessment - On-Site Control Assessment - Performance Review- Contract Review - SLA Monitoring- Issue Management

Schedule assessments by

pre-defined types

Complete assessments with

automated scoring rules

Alert appropriate personnel through

pre-configured notifications

Manage issues to closure through

workflow


Reasonable Program Requirements

Due DiligenceA reasonable program must…

7

Involve the BusinessEquip the business to request a vendor certification from the VRM team

Classify Vendors Use established criteria (e.g. financial, information security, reputational, BCP/DR, physical security, legal, privacy, country, compliance, and technology)

Collect and Inspect DataFacilitate assessments to be completed by both the business and the vendor

Reflect Business PolicyEstablish and adhere to corporate guidelines for the acceptance or restriction of business


Due Diligence CategoriesCritical areas you must review before signing a contract

8

IDENTITY FINANCIAL REPUTATION

INFORMATION SECURITY

BUSINESS CONTINUITY COMPLIANCE

GEOGRAPHIC FOURTH-PARTY

CONFLICT OF INTEREST

Negative Press?Financially viable?Are they for real?

Will our data be secure? Are they prepared for the worst?

Do they dot the i’s and cross the t’s?

Where does our data go and who performs the

services?

How much risk is out of sight?

Do I need to worry about corruption?


Due Diligence CategoriesCritical areas you must review before signing a contract

9

IDENTITY FINANCIAL REPUTATION


BUSINESS CONTINUITY COMPLIANCE

GEOGRAPHIC FOURTH-PARTY


Negative Press?Financially viable?Are they for real?

Will our data be secure? Are they prepared for the worst?

Do they dot the i’s and cross the t’s?

Where does our data go and who performs the

services?

How much risk is out of sight?

Do I need to worry about corruption?

Verified

Verified

Verified

VerifiedVerified

Verified

VerifiedVerified

FINDINGS IDENTIFIED



Manual Doesn’t Work



The Average Assessment has 400 questions x 70 vendors =28,000 potential answers

to review.


Manual Doesn’t Work28,000 potential

answers!! Analyst fatigue can miss risk indicators.

Not Complete…Not Accurate…

Not ScalableTime Consuming…

No Follow-up Process…

This is ONLY Self Assessments…



"The use of spreadsheets to support compliance and risk management results in slow, manual processes, opportunities for inaccuracy and error, impediments to business performance, increased risk exposures, and difficulty in responding to auditors and regulators."

David HoulihanPrincipal AnalystBlue Hill Research


What Does Work


Due Diligence Process

NEW VENDOR REQUEST

Request for new third-party service is received Due diligence level

identified

DUE DILIGENCE COMPLETED

Complete vendor scorecard Determine final

recommendation

BEGIN DUE DILIGENCE

Vendor Manager initiates Level 1 due diligence

VENDOR SELF-ASSESSMENT Vendor completes

self-assessment questionnaire

INTERNAL ASSESSMENT Complete internal

questionnaire Conduct internet-

based research

IDENTITY

FINANCIAL

REPUTATION

GEOGRAPHIC


BUSINESS CONTINUITY

COMPLIANCE

FOURTH-PARTY


DemonstrationDue Diligence Automation


Summary: Keep The Risk Out


Three Steps to Keep the Risk Out

Automate your third-party risk program and it will mature with you over time

Insert pre-contract due diligence into your process

Assess your third parties based on applicable risk domains


The ProcessUnity Advantage

Ease of Use

Cloud Based

Rapid Deployment Senior Project Managers Proven Methodologies Data Migration Tools

Modular Applications Automatic System Upgrades Technical Support Included

Simple, Point & Click Interface Alerts & Notifications Configurable by Business

Users

Vendor Cloud Pricing

23


Third-Party Risk Management

ISSUES

FINDINGS

DASHBOARDS

ASSESSMENT STATUS

Pre-Assessment Assessment Ongoing

Monitoring

Schedule Your Deep-Dive Demonstrationwww.processunity.com/contact

Vendor Due Diligence - ProcessUnity Diligence Categories Critical areas you must review before...

Documents

Transcript of Vendor Due Diligence - ProcessUnity Diligence Categories Critical areas you must review before...