Vendor Risk Management

Natural disasters, cyberattacks, data breaches, supply chain disruptions: just a few of the sudden shocks that can stun your company’s vendors and leave you struggling with unhappy customers and stakeholders.

Is your company's reputation in someone else's hands?

Disruptive events like these have become more frequent, their consequences more costly. In fact, a survey by the Ponemon Institute found that more than 41% of surveyed companies sustained a data breach caused by a third party. And the consequent loss of brand value typically ranged from $184 million to more than $330 million.

Indisputably, there are benefits to outsourcing – from lower costs to heightened efficiency and a sharpened focus on core business objectives. But if vendors lack strong safeguards and controls, your company is exposed to fiscal, operational, regulatory and reputational risk.

The damage can be major. Case in point: A 2012 data breach at a large merchant processor cost a company more than $84 million and precipitated its removal from the global registry of a major card issuer.

But how do you identify which risks are most critical?

Pinpointing vendor risks

An effective vendor risk management (VRM) program will make your business safer and more secure. You’ll be able to identify and monitor current and future vendor risks while improving transparency in controls and related activities.

PwC’s comprehensive VRM framework addresses strategy, structure, people, process and technology issues across the VRM lifecycle, helping you:

  • Assess your current environment.
  • Increase the efficiency and effectiveness of vendor-related risk management.
  • Develop a customized VRM framework.
  • Develop a risk stratification protocol to highlight risks by vendor.
  • Implement and conduct effective VRM activities, such as vendor assessments.
  • Establish a comprehensive VRM governance and reporting process.

Our VRM team understands vendor risk. We’ve seen what can happen. We’ve helped clients prevent or recover from vendor-related disruptions. And we’re ready to help you implement a VRM program that will strengthen your position and build more effective partnerships that protect your brand – and your business.

When you outsource operations, risk and compliance remain your responsibility. Don’t be blindsided by a third party’s inadequacies. Start the discussion today on how to protect your company.