Vetting alone is not enough to eliminate supplier risk

Blog
November 18, 2022

Why third-party risk assessment is important

In an increasingly global world, an extended supply chain is not an alien concept. Companies are focusing on identifying key risks, and further managing them to ensure compliance or to eliminate data breaches that could potentially pose financial, regulatory, or operational damages. There are many methods to guard against these risks; however, managing suppliers does not end with vetting them prior to signing a contract. It requires oversight and communication as long as the relationship exists.

What's the difference between lifecycle management & risk assessment

It is imperative to undergo various risk assessments when onboarding a new supplier; however, it is equally important to understand that, over the long-term, contracts, products, and companies evolve, and pose entirely new risks. It is critical to understand that risk management is only part of the journey you undergo with a supplier. It is not a one-time requirement. Ongoing assessments, compliance requirements, federal regulations are all constantly changing, and, if not met, can damage the reputation of your company and can involve heavy financial implications. When evaluating third-party relationships, looking at the entire supplier lifecycle is essential to ensure a successful relationship.

Most of the published supplier lifecycles use a six to eight-step process which is broadly broken down into four phases that include onboarding, vetting, contracting, and ongoing 'shift in circumstance' monitoring. All the stages are equally important and contribute to strengthening the company's security. For example, it may be easy to put more emphasis on monitoring, and a contract’s language can dictate how the supplier relationship will progress and whether the relationship will be an asset or a hazard.

Summing up

We believe that the market holds broken pieces of risk assessment, but a solution that entails the entire lifecycle management that puts the whole supplier journey together, including history, is imperative to procurement. This is specifically why our customers choose us as a solution. Our tool entails risk management as part of the entire supplier journey, rather than making it the journey. Certa allows for a holistic view of the supplier, rather than vetting a supplier in the initial stages.

Share on Social

Vetting alone is not enough to eliminate supplier risk

Blog
August 17, 2021
Best Practices
TPRM
August 17, 2021

Why third-party risk assessment is important

In an increasingly global world, an extended supply chain is not an alien concept. Companies are focusing on identifying key risks, and further managing them to ensure compliance or to eliminate data breaches that could potentially pose financial, regulatory, or operational damages. There are many methods to guard against these risks; however, managing suppliers does not end with vetting them prior to signing a contract. It requires oversight and communication as long as the relationship exists.

What's the difference between lifecycle management & risk assessment

It is imperative to undergo various risk assessments when onboarding a new supplier; however, it is equally important to understand that, over the long-term, contracts, products, and companies evolve, and pose entirely new risks. It is critical to understand that risk management is only part of the journey you undergo with a supplier. It is not a one-time requirement. Ongoing assessments, compliance requirements, federal regulations are all constantly changing, and, if not met, can damage the reputation of your company and can involve heavy financial implications. When evaluating third-party relationships, looking at the entire supplier lifecycle is essential to ensure a successful relationship.

Most of the published supplier lifecycles use a six to eight-step process which is broadly broken down into four phases that include onboarding, vetting, contracting, and ongoing 'shift in circumstance' monitoring. All the stages are equally important and contribute to strengthening the company's security. For example, it may be easy to put more emphasis on monitoring, and a contract’s language can dictate how the supplier relationship will progress and whether the relationship will be an asset or a hazard.

Summing up

We believe that the market holds broken pieces of risk assessment, but a solution that entails the entire lifecycle management that puts the whole supplier journey together, including history, is imperative to procurement. This is specifically why our customers choose us as a solution. Our tool entails risk management as part of the entire supplier journey, rather than making it the journey. Certa allows for a holistic view of the supplier, rather than vetting a supplier in the initial stages.

expand icon

expand icon

expand icon