In today’s tough economic conditions, organizations are forced to reduce costs and improve operational efficiencies while delivering better products and services to stay ahead of their competition. Technology outsourcing (TSO), business process outsourcing (BPO), and cloud based offerings are some of the strategies that companies are adopting. This means organizations are becoming more and more reliant on 3rd party service providers and services. Though meeting the business requirements, introduction of 3rd party service providers increases the organization’s exposure to various risks. These risks may range from financial impact caused due to disruption of a particular service provided by the vendor to brand impact if an organization is dealing with a vendor with a bad reputation, among many others. Due to a greater risk exposure, determining a vendor’s risk posture needs to be an integral part of an organization’s risk management strategy.
Building a comprehensive and proactive vendor risk management program became a top priority for one of the Brinqa’s financial services client. The existing vendor management program in use was fragmented and manual, leading to inefficiencies and rising costs with the addition of new vendors and services. A single automated vendor on-boarding process was also required. Finally, tracking, auditing, and reporting of vendor risk posture was non-existent and a normalized process to report the risk back to various stakeholders was not available. This financial institution managed 1800 top tier vendors whose risk posture was reported only at a vendor level. This made the root cause analysis difficult and did not provide a complete picture to the stakeholders. A granular slice of risk management at the vendor service / contract level was required. All assessment work was done using spreadsheets which were distributed and tracked using email.
Brinqa provides a robust Vendor risk management application that provides an organization the capability to automate and streamline the Vendor risk management process. At the financial institution, Brinqa’s Vendor Risk Manager was implemented to provide a solution to above mention challenges. The diagram shown below highlights the implementation of the Vendor Risk Manager solution.
Brinqa Vendor Risk Management
- Automated solution to capture vendor assessment – Brinqa provides a centralized repository and a vendor on-boarding workflow, capturing the vendor profile, services provided by vendors, assessments and evidences. Out of the box integration with various contract management systems helps capture and centralize this information quickly and efficiently. Next, configurable baseline assessments were used to categorize vendors (Level 1, Level 2 etc.) and a risk assessment based on standards and best practices were configured and implemented. Brinqa also provides a centralized management of risk assessment including scheduling and tracking with the capability to create configurable workflows on each assessment cycle. Centralized issue tracking and action plan management allow for the detection and management of various issues resulting from the assessments and the resulting action and remediation plans
- Multiple dimensions used to capture vendor profile –The traditional process has been to use the various assessments to capture what is the overall risk profile of a vendor. This process is laborious, subjective and does not allow a 3rd party validation of vendor information.
Brinqa’s data integration layer and connectors can be used to integrate with the third party referential agencies such as Dun & Bradstreet and Lexis Nexis. Integration with change detection systems such as Google Alerts are available to capture and alert management on breaches in near real time.
- Centralized Solution – Brinqa provides a central cloud offering of the vendor risk management application that provides accessibility to both the organization and the vendors. The Role-based security within the application ensures that vendors get a restricted view of only their assessments and progress. However, executives and risk managers are provided with more details around assessment cycles and dashboards to view repeat offenders, high-risks impacting the organization, and trending to view the history of performance and forecasting to analyze program improvements
In addition, Brinqa supports a complete vendor on-boarding process with configurable workflows that can be used to communicate organization policies and on-boarding documents to the vendors.
- Report on Vendor Risk posture – Brinqa provides a risk engine which uses a quantitative risk scoring and statistical risk modeling to present the vendor risk posture in a normalized scheme back to the business and the various executives. In addition, Brinqa analyzes risk at a service/contract level which helps executives pinpoint the exact problem area. In addition to these reports, Brinqa provides a maturity model influenced from BITS and data captured from various industry benchmarks. The maturity model helps organizations measure their process against the various industry benchmarks.
By implementing the Brinqa vendor risk manager application, an organization can see an increased efficiency and transparency in their vendor risk programs. A centrally hosted vendor risk solution lowers the overall operating cost for the organization and provides an easier mechanism of data exchange.