Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

2019 vendor-risk-management-benchmark-study-shared assessments-protiviti


Published on

Protiviti and our partner, the Shared Assessments Program, present our annual Vendor Risk Management Report, which shows companies moving away from high-risk vendor relationships. Download the full report at

Published in: Business
  • Be the first to comment

  • Be the first to like this

2019 vendor-risk-management-benchmark-study-shared assessments-protiviti

  1. 1. 48% © 2019 Protiviti Inc. An Equal Opportunity Employer M/F/Disability/Veterans. © 2019 The Santa Fe Group, Shared Assessments Program. All rights reserved. It’s become imperative from a risk and regulatory standpoint to also assess our vendors’ subcontractors 16% Extremely likely 14% Over the next 12 months, what is the likelihood that your organization will move to exit or “de-risk” vendor relationships that are determined to have the highest risk? Which of the following are reasons why your organization may be more inclined to exit or “de-risk” certain vendor relationships? (Multiple responses permitted) 201920172017 39% Somewhat likely 39% 25% Somewhat unlikely 24% 9% Not at all likely 13% 11% Don’t know 10% 31%41% Organizations that have mature practices with regard to assessing and managing critical vendors Organizations that are well under optimal maturity levels with regard to assessing and managing critical vendors The cost associated to assess our vendors properly is becoming too high We lack the internal support and/or skills for the required sophisticated forensic control testing of our vendors We do not have the right technologies in place to assess vendor risk properly 41% 29% 33% 24% 27% 15% 24% 19% We will not receive sufficient internal support to “de-risk” our vendor relationships 18% 2019 Fully functional and advanced programs/ at or above target Programs with ad hoc or no VRM activity; substantially below target Transitional programs Continuous improvement Fully implemented and operational Fully determined and established Determine roadmap to achieve success Initial visioning Non-existent 12% 28% 28% 17% 7% 8% Overall Vendor Risk Management Maturity Snapshot MATURITY LEVEL % OF PROGRAMS MATURITY GROUPING The relative maturity level of vendor risk management programs has not changed over the past 12 months despite increased regulatory scrutiny, growing cyber threats and a riskier business environment. More organizations are moving away from high-risk vendor relationships. And while 4 in 10 organizations have fully mature vendor risk management (VRM) programs, 1 in 3 have only ad hoc or no significant VRM processes. 2019 VENDOR RISK MANAGEMENT BENCHMARK STUDY: Running Hard to Stay in Place The Shared Assessments Program and Protiviti Examine the Maturity of Vendor Risk Management Practices