Back to Playbook Visit Our Blog

Capability
Third-Party Risk Tracking

Track third-party risk in a central database where the third-party risk profile, assessment results, and open issues are managed.

What

Centrally document third parties and their risk attributes. Document the results of assessments and track issues in a risk registry. 

Why

Tracking of third-party risk, their inherent risks and business context is a pre-requisite to managing third-party risk. Tracking of issues is necessary to understand third-party residual risk and to resolve issues. 

How

Track vendors, their risk attributes, business context, and issues in a central system. The system should support analysis and reporting. 

Practice Status Adoption
Maintain procurement records that can be readily analyzed. Common 70%
Track third-party risk in a central database. Common 50%
Track third-party issues in a risk registry. Common 50%
Track third-party residual risk, factoring inherent risk rating with assessment performance. No Data No Data