vendor due diligence: keep the risk out! - · pdf filevendor due diligence: keep the risk...

© 2015 ProcessUnity, Inc. All Rights Reserved.

August 25, 2015

Vendor Due Diligence: Keep The Risk Out!

ProcessUnity Risk Suite Comprehensive, Flexible, Scalable

Easy to Use

Cloud Based

Deploys Quickly Senior Project Managers Proven Methodologies Data Migration Tools

Secure, Single Application Automatic System Upgrades Technical Support Included

Simple, Point & Click Configuration Alerts & Notifications Online Help System

RISK SUITE

Enterprise Risk

Regulatory Compliance

Operational Risk

SOX Compliance

Incident Management

Cybersecurity

Offer Management

Third-Party Risk

Policy & Procedures

INTEGRATION

Analytics Data Synchronization

Tableau – SAP / Ariba – RSA / Archer – Oracle

Thomson Reuters – LexisNexis – Dun & Bradstreet

Salesforce.com – Microsoft Office

Third-Party Risk Management Program Automation

3 August 25, 2015 © 2015 ProcessUnity, Inc. All Rights Reserved.

• Full Lifecycle Support - On-Boarding

- Due Diligence

- Vendor Self-Assessment

- On-Site Control Assessment

- Performance Review

- Contract Review

- SLA Monitoring

- Issue Management

Schedule assessments by

pre-defined types

Complete assessments with

automated scoring rules

Alert appropriate personnel through

pre-configured notifications

Manage issues to closure through

workflow

4 August 25, 2015

Agenda Reasonable program

requirements

Why manual doesn’t work

What does work (demonstration)

Summary and Q&A

© 2015 ProcessUnity, Inc. All Rights Reserved.

Reasonable Program Requirements

5 © 2015 ProcessUnity, Inc. All Rights Reserved. August 25, 2015

Due Diligence A reasonable program must…

6

Involve the Business Equip the business to request a vendor certification from the VRM team

Classify Vendors Use established criteria (e.g. financial, information security, reputational, BCP/DR, physical security, legal, privacy, country, compliance, and technology)

Collect and Inspect Data Facilitate assessments to be completed by both the business and the vendor

Reflect Business Policy Establish and adhere to corporate guidelines for the acceptance or restriction of business

© 2015 ProcessUnity, Inc. All Rights Reserved. August 25, 2015

Due Diligence Categories Critical areas you must review before signing a contract

7

IDENTITY FINANCIAL REPUTATION

INFORMATION SECURITY

BUSINESS CONTINUITY COMPLIANCE

GEOGRAPHIC FOURTH-PARTY CONFLICT OF INTEREST

Negative Press?

Financially viable?

Are they for real?

Will our data be secure?

Are they prepared for the worst?

Do they dot the i’s and cross the t’s?

Where does our data go and who performs the

services?

How much risk is out of sight?

Do I need to worry about corruption?


Due Diligence Categories Critical areas you must review before signing a contract

8

IDENTITY FINANCIAL REPUTATION


BUSINESS CONTINUITY COMPLIANCE

GEOGRAPHIC FOURTH-PARTY CONFLICT OF INTEREST

Negative Press?

Financially viable?

Are they for real?

Will our data be secure?

Are they prepared for the worst?

Do they dot the i’s and cross the t’s?

Where does our data go and who performs the

services?

How much risk is out of sight?

Do I need to worry about corruption?

Verified

Verified

Verified

Verified Verified

Verified

Verified Verified

FINDINGS IDENTIFIED


Manual Doesn’t Work



The Average Assessment has 400 questions x 70 vendors =28,000 potential answers

to review.




"The use of spreadsheets to support compliance and risk management results in slow, manual processes, opportunities for inaccuracy and error, impediments to business performance, increased risk exposures, and difficulty in responding to auditors and regulators." David Houlihan Principal Analyst Blue Hill Research

What Works


Due Diligence Process Line of Business Makes a Request


NEW VENDOR REQUEST

Request for new third-party service is received

Due diligence level identified

Due Diligence Process Level 1 Due Diligence is Required


NEW VENDOR REQUEST



BEGIN DUE DILIGENCE

Vendor Manager initiates Level 1 due diligence

Due Diligence Process 9 Risk Domains Assessed


NEW VENDOR REQUEST



BEGIN DUE DILIGENCE


VENDOR SELF-ASSESSMENT Vendor completes

self-assessment questionnaire

INTERNAL ASSESSMENT Complete internal

questionnaire

Conduct internet-based research

IDENTITY

FINANCIAL

REPUTATION

GEOGRAPHIC


BUSINESS CONTINUITY

COMPLIANCE

FOURTH-PARTY

CONFLICT OF INTEREST

Due Diligence Process Vendor Scorecard is Generated


NEW VENDOR REQUEST



DUE DILIGENCE COMPLETED

Complete vendor scorecard

Determine final recommendation

BEGIN DUE DILIGENCE


VENDOR SELF-ASSESSMENT Vendor completes

self-assessment questionnaire

INTERNAL ASSESSMENT Complete internal

questionnaire

Conduct internet-based research

IDENTITY

FINANCIAL

REPUTATION

GEOGRAPHIC


BUSINESS CONTINUITY

COMPLIANCE

FOURTH-PARTY

CONFLICT OF INTEREST

Streamline VRM Reporting


Summary: Keep The Risk Out


Three Steps to Keep the Risk Out

24 © 2015 ProcessUnity, Inc. All Rights Reserved.

If you automate your third-party risk program, it will mature with you over time

Insert pre-contract due diligence into your process

Assess your third parties based on applicable risk domains

August 25, 2015

ProcessUnity Risk Suite Comprehensive, Flexible, Scalable

Easy to Use

Cloud Based

Deploys Quickly Senior Project Managers Proven Methodologies Data Migration Tools

Secure, Single Application Automatic System Upgrades Technical Support Included

Simple, Point & Click Configuration Alerts & Notifications Online Help System

RISK SUITE

Enterprise Risk

Regulatory Compliance

Operational Risk

SOX Compliance

Incident Management

Cybersecurity

Offer Management

Third-Party Risk

Policy & Procedures

INTEGRATION

Analytics Data Synchronization

Tableau – SAP / Ariba – RSA / Archer – Oracle

Thomson Reuters – LexisNexis – Dun & Bradstreet

Salesforce.com – Microsoft Office


Get Started on the Road to Automation with a Custom Demo www.processunity.com/contact

vendor due diligence: keep the risk out! - · pdf filevendor due diligence: keep the risk...

Documents