Levi, Ray & Shoup, Inc.

Managing risk with a VRM app

7/26/2018 by Steve Cavolick

By Steve Cavolick

All businesses need to understand and reduce their exposure to risk. But with expanding ecosystems that include suppliers, manufacturers, service providers, and short- and long-term contractors, more people are interacting with your resources and data assets than ever before.

How do you provide your partners with the access they need to serve you best, while making sure that they do not do anything that damages your business, brand, and reputation? That’s where a Vendor Risk Management (VRM) platform can help.

In order to understand your exposure to vendor risk, you need a holistic picture of all your partners to answer a number of questions, including:

  • Who are my vendors?
  • What processes do they support?
  • Where are the integration points with the vendor?
  • What do they do with my data and how do they do it? (Collect? Interact? Transmit? Destroy?)
  • How much do I spend with them?

For most businesses, tracking vendors and their potential risk to the business is a departmental job done by spreadsheet. This approach creates duplication of work, is labor-intensive, and makes getting a holistic view of vendors across the business a nightmare.

Using a VRM platform, such as IBM’s OpenPages Vendor Risk Management application, you will get a scalable way to manage third-party compliance and risks, and understand how each vendor and engagement relates to your business processes.

At the heart of such platforms is a single repository that holds information about the vendors who do business with you and their engagements. Using self-assessment questionnaires, your company’s own historical information, and even engagement contracts, partners are segmented into tiers based on their access to critical business information. Then, using advanced predictive metrics, key risk indicators are determined for each one. This lets you build an enterprise view of where risk lies and shows you how to mitigate that risk. Ongoing real-time policy and compliance monitoring of your vendors gives you peace of mind moving forward.

Besides removing the expensive and resource-intensive, siloed approach to VRM via spreadsheets, off-the-shelf risk platforms offer much more than just Vendor Risk Management. Also featuring capabilities around Operational Risk Management, Financial Controls Management, and Policy and Compliance Management, VRM can be seamlessly blended into enterprise Governance Risk and Compliance (GRC) initiatives.

VRM applications deliver a single, scalable assessment of third-party risk, improve coordination of vendor interaction across your company, and let you meet corporate obligations to regulations such as OCC 2013-29, FFIEC, and GDPR.

The LRS Big Data and Analytics team has 20 years of experience in analytics, data warehousing, and information management across most verticals. If you are interested in understanding how we can help you use your data to reduce your exposure to risk and fraud, please fill out the form below and let us know how we can help.

About the author

Steve Cavolick is a Senior Solution Architect with LRS IT Solutions. With over 20 years of experience in enterprise business analytics and information management, Steve is 100% focused on helping customers find value in their data to drive better business outcomes. Using technologies from best-of-breed vendors, he has created solutions for the retail, telco, manufacturing, distribution, financial services, gaming, and insurance industries.