Development of a risk based approach is required that enables laser focus on assessing the vendor relationships that pose the highest risk. This focus dictates that the same risk assessment approach not be used across the whole supplier population. Regulators are looking for a true risk based approach for assessment, while also requiring a process to reduce overall risk. Best practices of an effective risk based approach include:
- The ability to quantify or score risk in a standard, intuitive, defensible manner that will enable rapid decision making and cross vendor comparisons
- A risk triage process that drives the focus to the most risky vendor relationships based on clearly identified inherent risk factors
- A comprehensive risk assessment approach that includes both inherent and vendor specific risk factors
- A risk monitoring capability that can be tailored for the various levels of vendor risk profiles you face while providing updates on critical risk factors such as a vendor’s financial health
- An enforcement component that allows both on-site and off-site audits or assessments of your high-risk vendors
- A risk management policy that defines the whole risk scoring and triage approach and the specific guidelines around how risk decisions and acceptance are made.
First published on BankersOnline.com 5/25/09