VENDOR RISK
MANAGEMENT

Business Extract

GOALS

  1. Establish a framework for the company’s Vendor Risk Management process and to ensure companywide implementation and compliance

  2. Current and Future risk exposure associated with existing contractual relationships with external vendors are identified, assessed, quantified, appropriately mitigated and managed

  3. Systematic and Uniform process applied to all vendor engagement and management

APPROACH

  • Assessment of vendor criticality by department

  • Development of cross functional organizational structure and process with oversight model

  • Establishment of Risk criteria (e.g., client data, proprietary information, employee information, facilities), Operations, Reputation, Compliance with global laws and regulations (e.g., ethical, social, environmental)

  • Establishment of Risk Tiers: Critical, High, Medium, Low

  • Systems development for Procurement / Engagement Process

  • Rewrite of current and existing contractual relationships

  • Ongoing change management for future process and oversight with reporting

RESULTS

  • Evaluated the non-disclosure agreement (NDA) process to identify opportunities to align with our enterprise-wide contract management programs and centralize all vendor related contracts

  • Developed a supplier risk surveillance launch-pad with real-time data and predictive
    analytics

  • Developed, documented and implemented new policy and procedures across the
    enterprise, in conjunction with the development of a new centralized Risk and Compliance Office

  • Successfully migrated approximately 8,000 contracts across 19 business units into the new process and system