• Advertise
  • Contact Us
  • About Us
  • Supplier Directory
  • Login
  • Subscribe
  • Logout
  • My Profile

  • CORONAVIRUS
  • LOGISTICS
    • Air Cargo
    • All Logistics
    • Express/Small Shipments
    • Facility Location Planning
    • Freight Forwarding/Customs Brokerage
    • Global Gateways
    • Global Logistics
    • Last Mile Delivery
    • Logistics Outsourcing
    • LTL/Truckload Services
    • Ocean Transportation
    • Rail & Intermodal
    • Reverse Logistics
    • Service Parts Management
    • Transportation & Distribution
  • TECHNOLOGY
    • All Technology
    • Artificial Intelligence
    • Cloud & On-Demand Systems
    • Data Management (Big Data/IoT/Blockchain)
    • ERP & Enterprise Systems
    • Forecasting & Demand Planning
    • Global Trade Management
    • Inventory Planning/ Optimization
    • Product Lifecycle Management
    • Sales & Operations Planning
    • SC Finance & Revenue Management
    • SC Planning & Optimization
    • Sourcing/Procurement/SRM
    • Supply Chain Visibility
    • Transportation Management
  • GENERAL SCM
    • Business Strategy Alignment
    • Education & Professional Development
    • Global Supply Chain Management
    • Global Trade & Economics
    • HR & Labor Management
    • Quality & Metrics
    • Regulation & Compliance
    • SC Security & Risk Mgmt
    • Sustainability & Corporate Social Responsibility
  • WAREHOUSING
    • All Warehouse Services
    • Conveyors & Sortation
    • Lift Trucks & AGVs
    • Order Fulfillment
    • Packaging
    • RFID, Barcode, Mobility & Voice
    • Robotics
    • Warehouse Management Systems
  • INDUSTRIES
    • Aerospace & Defense
    • Apparel
    • Automotive
    • Chemicals & Energy
    • Consumer Packaged Goods
    • E-Commerce/Omni-Channel
    • Food & Beverage
    • Healthcare
    • High-Tech/Electronics
    • Industrial Manufacturing
    • Pharmaceutical/Biotech
    • Retail
  • REGIONS
    • Asia Pacific
    • Canada
    • China
    • Europe
    • Latin America
    • Middle East/Africa
    • North America
  • THINK TANK
  • PODCASTS
  • VIDEOS
  • WHITEPAPERS
Home » Vendor Risk Management Programs Still Require Improvement, Study Finds

Vendor Risk Management Programs Still Require Improvement, Study Finds

July 13, 2015
Protiviti

Survey respondents were presented with eight categories of vendor risk management. For each component within the eight categories, respondents were asked to rate its maturity level as it applies to their organization on a maturity scale of 1 (lowest) to 5 (highest):

Initially, vendor risk management capabilities in organizations appear to be stagnating. Scores in half of the categories did not change from year to year, and the slight declines (-0.1) in the four other categories are not significant variations.

However, these flat results do not necessarily mean that no progress has been made with regard to third-party vendor risk management. During the one-year period in between the 2014 and 2015 surveys, there was an epidemic of cybersecurity breaches, the February 2014 release of the NIST Cybersecurity Framework, and more oversight of IT security risk programs in general by both boards of directors and regulators. This increased regulatory focus on third-party risks means that organizations are now more aware of their own program’s strengths and weaknesses, particularly at the C-suite and board level. With greater clarity about what is required to minimize and mitigate cybersecurity risks, many respondents likely rated their capabilities lower even in the face of process improvements in their firms, and may also be setting a higher bar for what they deem to be mature levels of vendor risk management.

The study examined information from more than 450 C-suite executives, risk management and audit professionals, who rated their organizations using the Vendor Risk Management Maturity Model, a benchmarking tool from the Shared Assessments Program that measures the quality and maturity of existing vendor risk management programs.

To download a complimentary copy of the study, click here or here.

“The increasing frequency and magnitude of cybersecurity breaches, along with recent and forthcoming regulatory actions, make it imperative that vendor risk management programs make a significant leap forward. This change requires fundamental alterations to strategies, processes and organizational culture,” said Rocco Grillo, a managing director with Protiviti and the firm’s global leader for incident response and forensic investigations. “The good news is that there is greater demand for building more robust vendor risk management programs. This issue is more frequently a part of the agenda for boards of directors, who are regularly seeking assurance from management that the appropriate steps are being taken to combat vendor risk.”

Other survey findings:

• Vendor risk management programs require more substantive advances. The overall maturity rating for program governance in this year’s survey (2.7 on a 5-point scale–below the “fully defined and established” maturity level) should serve as a wake-up call that deeper changes are needed that reach into organizational culture and individual behavior, especially for financial institutions that are striving to satisfy the U.S. “Getting to Strong” regulatory mantra.

• Vendor risk management programs within financial services organizations are relatively more mature compared to companies in insurance, healthcare and other industries. The 2015 survey results indicate that financial services firms continue to rank ahead of other industries with regard to their vendor risk management programs – most notably in program governance, vendor risk identification and analysis, and communication and information sharing. Financial services organizations score on average more than a point higher in these categories. Perhaps most notable is the finding that the insurance and healthcare industries continue to lag behind financial institutions in fortifying their vendor risk management capabilities, considering the sensitivity of their data.

• Policies, standards and procedures and contract management and criteria represent the most advanced components of current vendor risk management programs. These areas are ranked highest in terms of overall maturity among the eight program areas assessed in the survey. These two program characteristics are fundamental building blocks that can lay the groundwork for a more mature vendor risk management capability.

Source: Protiviti

RELATED CONTENT

RELATED VIDEOS

Technology Sourcing/Procurement/SRM Business Strategy Alignment Global Supply Chain Management SC Security & Risk Mgmt Pharmaceutical/Biotech
KEYWORDS Business Strategy Alignment cybersecurity enterprise data Global Supply Chain Management Pharmaceutical/Biotech privacy breaches Protiviti SC Security & Risk Mgmt Sourcing/Procurement/SCM supplier network supplier risk Supply Chain Analysis & Consulting supply chain IT Supply Chain Management: Supply Chain security and Risk Management Supply Chain Risk Management Technology
  • Related Articles

    Most Organizations Lack 'Mature' Supply Chain Risk Management Practices, Study Finds

    Most Supplier Diversity Programs Simply Fail To Deliver. Study Finds

    Vendor Resilience Crucial to Avoiding Risk of Business Interruption, Study Says

Protiviti

Vendor Risk Management Programs Still Require Improvement, Study Finds

More from this author

Wake up to Coronavirus Updates and the latest Supply Chain News!

Subscribe to our Daily Newsletter

Timely, incisive articles delivered directly to your inbox.

Popular Stories

  • Coronavirus-watch-Armada

    Virus Update: Pfizer Plant Cited for Quality Issues; Vaccine Maker Warns of Raw Materials Shortage

    Coronavirus
  • China

    China’s Tech Revolution Aims to Cut Dependence on West

    Technology
  • Walmart

    Walmart Embraces a Local Fulfillment Model for Grocery

    Logistics
  • Shipping Logjam

    U.S. Retailers See Millions in Sales Delays Amid Shipping Logjam

    Coronavirus
  • How Can E-Commerce Retailers Compete?

    Smaller E-Tailers Weigh Pros and Cons of Fulfillment by Amazon

    Logistics

Digital Edition

Scb feb 2021 lg

2021 Supply Chain Management Resource Guide

VIEW THE LATEST ISSUE

Case Studies

  • Remote Implementation: A Dose of the Right Medicine for B2B Pharmacy

  • LSP Saves Customer $1.5 Million a Year With MPO Global Inbound Management

  • Auto Supplier Wows Key Client Using riskmethods Supply Chain Savvy

  • Integrating Shipping and Compliance Saves Conglomerate Millions

  • How a Consumer Goods Giant Upped Its On-Time Delivery Performance

Visit Our Sponsors

6 River Systems ArcBest Armada
aThingz BluJay Burris Logistics
DSC Logistics DCSA (Digital Container Shipping Association) DHL Resilience360
Genpact Geodis GEP
GreyOrange Honeywell Intelligrated Infor
Inmar Kibo Commerce Logility
Magnitude Software MPO Old Dominion
Oliver Wight OpenSky Paccurate
Ports America Purolator QAD Precision
Red Classic Riskmethods Snapfulfil
TGW Systems Tradepoint Atlantic Transportation Insights
Watson Land Company Westfalia Technologies Workjam
Yang Ming    
  • More From SCB
    • Featured Content
    • Video Library
    • Think Tank Blog
    • SupplyChainBrain Podcast
    • Whitepapers
    • Webinars
  • Digital Offerings
    • Digital Issue
    • Subscribe
    • Manage Your Subscription
    • Newsletters
  • Resources
    • Events Calendar
    • SCB's Great Supply Chain Partners
    • Supplier Directory
    • Case Study Showcase
    • Supply Chain Innovation Awards
    • 100 Great Partners Form
  • SCB Corporate
    • Advertise on SCB.COM
    • About Us
    • Privacy Policy
    • Contact Us
    • Data Sharing Opt-Out

All content copyright ©2021 Keller International Publishing Corp All rights reserved. No reproduction, transmission or display is permitted without the written permissions of Keller International Publishing Corp

Design, CMS, Hosting & Web Development :: ePublishing