Vendor Management Program Risk Assessment
As outsourcing of services continues to increase, as technology becomes more complex and as vendor interdependencies continue to expand to 4th and 5th parties, a sound vendor management program should identify, manage, monitor and control the risks associated with outsourcing.
Just how compliant are you and is your institution and your vendor management program at risk?
CEI’s Vendor Management Program Risk Assessment examines the 10 key Risk Control Areas and more than 100 Risk Controls of the program framework and operating model to determine how the institution manages the 5 stages of the vendor management program lifecycle and its alignment with regulatory Guidance. The result is the identification of programmatic and/or regulatory deficiencies and areas for improvement. CEI utilizes an approach that combines the following onsite activities:
- Stakeholder interviews
- Documentation reviews
- Program structure analysis
- Procedures and workflow analysis
- Compliance with relevant regulations
The resulting work product will help the institution’s leadership fully understand the multiple dependencies, complexities and risks presented by the depth of the 3rd party supply chain empowering it to strengthen its program and make better-informed, risk-based decisions pertaining to vendor oversight. In addition, it will improve the institution’s ability to leverage the value that effective risk management and mitigation strategies provide.
Contact us for additional information: (732) 800-0744