A majority of organizations will exit or change (de-risk) relationships with vendors due to heightened risk levels, according to a recent study released by Protiviti and the Shared Assessment Program. The annual survey also found that boards have not yet fully entrenched themselves in managing vendor fraud and security.
FEI Daily spoke with Paul Kooney, Managing Director, IT Security & Privacy Management at Protiviti and Tom Cosgrove, Global Head of Product Strategy, Supply & Compliance at Dun & Bradstreet on the results of the 2017 Vendor Risk Management Survey, the increase in de-risking, and how boards can become more engaged with cybersecurity risk.
FEI Daily: Explain de-risking as it relates to senior-level financial executives across industries.
Tom Cosgrove: When companies refer to de-risking their portfolios it often refers to a process whereby they evaluate the risks at the portfolio level and then at the individual partner/client/vendor level and then attempt to “offboard” entities which are not core and are of high risk or when critical relationships are flagged to be high risk make plans to layer in a replacement vendor/supplier that has a lower risk…
