Post on 20-Mar-2018
Vendor Due DiligenceJANUARY 2017
2 © 2017 ProcessUnity, Inc. All Rights Reserved.
Today’s Hosts Meet the ProcessUnity Team
Ed ThomasVice President of Marketing
Gary PhippsDirector of Risk Solutions
Easy to Use
Cloud Based
Deploys Quickly• Senior Project Managers• Proven Methodologies• Data Migration Tools
• Secure, Single Application• Automatic System Upgrades• Technical Support Included
• Simple, Point & Click Configuration• Alerts & Notifications• Online Help System
RISK SUITE
INTEGRATION
Analytics Data Synchronization
Tableau – SAP / Ariba – RSA / Archer – Oracle
Thomson Reuters – LexisNexis – Dun & Bradstreet
Salesforce.com – Microsoft Office – LMS Solutions
3 © 2017 ProcessUnity, Inc. All Rights Reserved.
ProcessUnity Risk SuiteComprehensive, Flexible, Scalable
Policy & Procedure
ManagementComplianceManagement
Third-PartyRisk Management
Platform Tailored Applications
Risk Management
4
Agenda Reasonable program
requirements Why manual doesn’t
work What does work Summary and Q&A
© 2017 ProcessUnity, Inc. All Rights Reserved.
Third-Party Risk ManagementProgram Automation
5 © 2017 ProcessUnity, Inc. All Rights Reserved.
• Full Lifecycle Support- On-Boarding- Due Diligence - Vendor Self-Assessment - On-Site Control Assessment - Performance Review- Contract Review - SLA Monitoring- Issue Management
Schedule assessments by
pre-defined types
Complete assessments with
automated scoring rules
Alert appropriate personnel through
pre-configured notifications
Manage issues to closure through
workflow
6 © 2017 ProcessUnity, Inc. All Rights Reserved.
Reasonable Program Requirements
Due DiligenceA reasonable program must…
7
Involve the BusinessEquip the business to request a vendor certification from the VRM team
Classify Vendors Use established criteria (e.g. financial, information security, reputational, BCP/DR, physical security, legal, privacy, country, compliance, and technology)
Collect and Inspect DataFacilitate assessments to be completed by both the business and the vendor
Reflect Business PolicyEstablish and adhere to corporate guidelines for the acceptance or restriction of business
© 2017 ProcessUnity, Inc. All Rights Reserved.
Due Diligence CategoriesCritical areas you must review before signing a contract
8
IDENTITY FINANCIAL REPUTATION
INFORMATION SECURITY
BUSINESS CONTINUITY COMPLIANCE
GEOGRAPHIC FOURTH-PARTY
CONFLICT OF INTEREST
Negative Press?Financially viable?Are they for real?
Will our data be secure? Are they prepared for the worst?
Do they dot the i’s and cross the t’s?
Where does our data go and who performs the
services?
How much risk is out of sight?
Do I need to worry about corruption?
© 2017 ProcessUnity, Inc. All Rights Reserved.
Due Diligence CategoriesCritical areas you must review before signing a contract
9
IDENTITY FINANCIAL REPUTATION
INFORMATION SECURITY
BUSINESS CONTINUITY COMPLIANCE
GEOGRAPHIC FOURTH-PARTY
CONFLICT OF INTEREST
Negative Press?Financially viable?Are they for real?
Will our data be secure? Are they prepared for the worst?
Do they dot the i’s and cross the t’s?
Where does our data go and who performs the
services?
How much risk is out of sight?
Do I need to worry about corruption?
Verified
Verified
Verified
VerifiedVerified
Verified
VerifiedVerified
FINDINGS IDENTIFIED
© 2017 ProcessUnity, Inc. All Rights Reserved.
10 © 2017 ProcessUnity, Inc. All Rights Reserved.
Manual Doesn’t Work
11 © 2017 ProcessUnity, Inc. All Rights Reserved.
Manual Doesn’t Work
The Average Assessment has 400 questions x 70 vendors =28,000 potential answers
to review.
12 © 2017 ProcessUnity, Inc. All Rights Reserved.
Manual Doesn’t Work
13 © 2017 ProcessUnity, Inc. All Rights Reserved.
Manual Doesn’t Work
14 © 2017 ProcessUnity, Inc. All Rights Reserved.
Manual Doesn’t Work
15 © 2017 ProcessUnity, Inc. All Rights Reserved.
Manual Doesn’t Work28,000 potential
answers!! Analyst fatigue can miss risk indicators.
Not Complete…Not Accurate…
Not ScalableTime Consuming…
No Follow-up Process…
This is ONLY Self Assessments…
16 © 2017 ProcessUnity, Inc. All Rights Reserved.
Manual Doesn’t Work
"The use of spreadsheets to support compliance and risk management results in slow, manual processes, opportunities for inaccuracy and error, impediments to business performance, increased risk exposures, and difficulty in responding to auditors and regulators."
David HoulihanPrincipal AnalystBlue Hill Research
17 © 2017 ProcessUnity, Inc. All Rights Reserved.
What Does Work
18 © 2017 ProcessUnity, Inc. All Rights Reserved.
Due Diligence Process
NEW VENDOR REQUEST
Request for new third-party service is received Due diligence level
identified
DUE DILIGENCE COMPLETED
Complete vendor scorecard Determine final
recommendation
BEGIN DUE DILIGENCE
Vendor Manager initiates Level 1 due diligence
VENDOR SELF-ASSESSMENT Vendor completes
self-assessment questionnaire
INTERNAL ASSESSMENT Complete internal
questionnaire Conduct internet-
based research
IDENTITY
FINANCIAL
REPUTATION
GEOGRAPHIC
INFORMATION SECURITY
BUSINESS CONTINUITY
COMPLIANCE
FOURTH-PARTY
CONFLICT OF INTEREST
DemonstrationDue Diligence Automation
20 © 2017 ProcessUnity, Inc. All Rights Reserved.
Summary: Keep The Risk Out
21 © 2017 ProcessUnity, Inc. All Rights Reserved.
Three Steps to Keep the Risk Out
Automate your third-party risk program and it will mature with you over time
Insert pre-contract due diligence into your process
Assess your third parties based on applicable risk domains
22 © 2017 ProcessUnity, Inc. All Rights Reserved.
The ProcessUnity Advantage
Ease of Use
Cloud Based
Rapid Deployment Senior Project Managers Proven Methodologies Data Migration Tools
Modular Applications Automatic System Upgrades Technical Support Included
Simple, Point & Click Interface Alerts & Notifications Configurable by Business
Users
Vendor Cloud Pricing
23
24 © 2017 ProcessUnity, Inc. All Rights Reserved.
Third-Party Risk Management
ISSUES
FINDINGS
DASHBOARDS
ASSESSMENT STATUS
Pre-Assessment Assessment Ongoing
Monitoring
Schedule Your Deep-Dive Demonstrationwww.processunity.com/contact