This account is pending registration confirmation. Please click on the link within the confirmation email previously sent you to complete registration.
Need a new registration confirmation email? Click here
Stocks Under $10 with 50-100% upside potential - 14 days FREE!

Survey Reveals Significant Risk Gaps Between Companies And Their Vendors, According To Study From Protiviti And Shared Assessments

SANTA FE, N.M. and MENLO PARK, Calif., May 19, 2014 /PRNewswire/ --  Organizations are failing to adequately address information technology and security risks that emerge from outsourcing and partnering with third-party vendors, according to a new survey by Shared Assessments Program ( http://SharedAssessments.org/) and global consulting firm Protiviti ( www.protiviti.com) that examines organizations' current vendor risk management programs.

Organizations are failing to adequately address information technology and security risks that emerge from outsourcing and partnering with third-party vendors, according to a new survey by Shared Assessments Program http://SharedAssessments.org/) and global consulting firm Protiviti (www.protiviti.com) that examines organizations’ current vendor risk management programs. The study benchmarks current industry practices and find serious vulnerabilities; improvements needed in governance, policies, standards, and procedures. Download a complimentary copy of the survey at www.protiviti.com/vendor-risk.

Despite the extensive range of standards and regulations in the business environment today, and the need for increased vigilance due to highly publicized data breaches and cyber threats, the benchmarking study, titled 2014 Vendor Risk Management Benchmark Study ( www.protiviti.com/vendor-risk) , found that companies lack mature vendor risk management practices and do not have the necessary resources and staff to meet best practice standards.

"Managing the risks associated with outsourced services and vendor relationships is one of the many challenges facing organizations when it comes to data security," said Rocco Grillo, a managing director with Protiviti and the firm's global leader for incident response and forensic investigations. "Many companies aren't adequately or effectively protecting themselves from exposure to vendor outsourcing risks. This could result in their potential exposure to system compromise, fraudulent abuse of data and, in some cases, regulatory exposures and fines, which could have significant impact on their brands and reputations."

Nearly 450 IT and risk management professionals rated their organizations on the Vendor Risk Management Maturity Model (VRMMM), a best practice tool from Shared Assessments that measures the quality and maturity of an existing risk management program. Respondents scored more than 100 characteristics about their organizations' vendor risk management strategies on a maturity scale of 1 to 5 (lowest to highest) across eight categories (average scores shown below):

  • Program Governance (2.9)
  • Policies, Standards and Procedures (2.9)
  • Contracts (3.0)
  • Vendor Risk Identification and Analysis (2.7)
  • Skills and Expertise (2.3)
  • Communication and Information Sharing (2.6)
  • Tools, Measurement and Analysis (2.4)
  • Monitoring and Review (2.9)

"While the needs to manage vendor risk vary by specific company profile and needs, we found that organizations are still falling short of best practice recommendations," said Catherine Allen, chairman and CEO of The Santa Fe Group, which manages the Shared Assessments Program.  "The increased use of third parties could create a wider gap for risk managers that can only be addressed through closer attention to consistency in policies, procedures and governance. Failing to include the necessary components may result in vendor risks going undetected, with potentially devastating results."

Key Findings from the Survey

  • Financial Services Organizations Outperform Other Industries. Although all companies had ratings that were below the desired range, the financial services industry had more mature risk management programs across key categories than other sectors. This is largely driven by stricter guidelines for companies in the sector and by the highly regulated nature of the industry.
  • Lackluster Procedures for Assessing Vendors. Organizations fail to have mature processes in place for reviewing vendors periodically through the course of an engagement, as well as for establishing criteria and process around the end of a vendor relationship. Given the potential risk involved with third parties, companies should have stronger policies and guidelines to ensure they are protected at the beginning of an engagement, through the course of the relationship via ongoing risk reviews, and during the exit process.
  • A Need for Training, Staffing and Resources. Companies don't spend enough time assessing their own skill sets and deficiencies in terms of vendor risk management – nor are they proactive about training and improving areas where employees' knowledge is inadequate. The overall investment in resources to better manage vendor risk is below average for most companies.

Resources Available to Learn More

The 2014 Vendor Risk Management Survey precedes the seventh annual Shared Assessments Summit, to be held in Boston on May 19May 21, 2014. Protiviti's Rocco Grillo will be a panelist in the session titled, "Shared Assessments Program 2014: Moving Beyond the Tools" on Tuesday, May 20.

Additionally, Protiviti will host a complimentary webinar, led by Grillo and Brad Keller, senior vice president and program director of The Santa Fe Group (which manages the Shared Assessments Program), to discuss the results of the survey on June 3, 2014, at 10:00 a.m. PDT. They will be joined by guest speaker Tom Garrubba, senior privacy manager with CVS Caremark. To register, visit www.protiviti.com/vendor-risk. Grillo and Keller have also recorded a podcast in which they offer insights into what companies can do to raise their vendor risk management maturity levels.

To download a complimentary copy of the survey report, 2014 Vendor Risk Management Benchmark Study, please visit: www.protiviti.com/vendor-risk. The site also hosts an infographic of the survey's highlights and a benchmarking tool to compare the user's results to the survey respondents' results.

About the Shared Assessments Program

The Shared Assessments Program is the trusted source in third-party risk management, with resources to effectively manage the critical components of the vendor risk management lifecycle, creating efficiencies and lowering costs for all participants. The Program keeps current with regulations, industry standards and guidelines, and the current threat environment. It is adopted globally across a broad range of industries, both by service providers and their customers. Through membership and use of the Shared Assessments Program Tools (the Agreed Upon Procedures, Standard Information Gathering questionnaire and Vendor Risk Management Maturity Model), Shared Assessments offers companies and their service providers a faster, more efficient and less costly means of conducting rigorous assessments of controls for IT and data security, privacy and business continuity. The Shared Assessments Program is managed by The Santa Fe Group ( www.santa-fe-group.com), a strategic consulting company based in Santa Fe, New Mexico.

Shared Assessments Program members are national and international organizations of all sizes that understand the importance of comprehensive standards for managing third-party risk. They include financial institutions, healthcare organizations, energy/utility providers, retailers and telecommunications companies. They are service providers of all sizes, consulting companies, and assessment firms. They are the best in their class, members of a global community of vendor risk management professionals who understand the value of implementing efficient and effective industry-standard practices.

1 of 2

Select the service that is right for you!

COMPARE ALL SERVICES
Action Alerts PLUS
Try it NOW

Jim Cramer and Stephanie Link actively manage a real portfolio and reveal their money management tactics while giving advanced notice before every trade.

Product Features:
  • $2.5+ million portfolio
  • Large-cap and dividend focus
  • Intraday trade alerts from Cramer
  • Weekly roundups
TheStreet Quant Ratings
Try it NOW
Only $49.95/yr

Access the tool that DOMINATES the Russell 2000 and the S&P 500.

Product Features:
  • Buy, hold, or sell recommendations for over 4,300 stocks
  • Unlimited research reports on your favorite stocks
  • A custom stock screener
  • Upgrade/downgrade alerts
Stocks Under $10
Try it NOW

David Peltier, uncovers low dollar stocks with extraordinary upside potential that are flying under Wall Street's radar.

Product Features:
  • Model portfolio
  • Stocks trading below $10
  • Intraday trade alerts
  • Weekly roundups
Dividend Stock Advisor
Try it NOW

Jim Cramer's protege, David Peltier, identifies the best of breed dividend stocks that will pay a reliable AND significant income stream.

Product Features:
  • Diversified model portfolio of dividend stocks
  • Alerts when market news affect the portfolio
  • Bi-weekly updates with exact steps to take - BUY, HOLD, SELL
Real Money Pro
Try it NOW

All of Real Money, plus 15 more of Wall Street's sharpest minds delivering actionable trading ideas, a comprehensive look at the market, and fundamental and technical analysis.

Product Features:
  • Real Money + Doug Kass Plus 15 more Wall Street Pros
  • Intraday commentary & news
  • Ultra-actionable trading ideas
Options Profits
Try it NOW

Our options trading pros provide daily market commentary and over 100 monthly option trading ideas and strategies to help you become a well-seasoned trader.

Product Features:
  • 100+ monthly options trading ideas
  • Actionable options commentary & news
  • Real-time trading community
  • Options TV
To begin commenting right away, you can log in below using your Disqus, Facebook, Twitter, OpenID or Yahoo login credentials. Alternatively, you can post a comment as a "guest" just by entering an email address. Your use of the commenting tool is subject to multiple terms of service/use and privacy policies - see here for more details.
Submit an article to us!
DOW 16,493.37 -69.93 -0.42%
S&P 500 1,925.15 -5.52 -0.29%
NASDAQ 4,352.6390 -17.1340 -0.39%

Brokerage Partners

Rates from Bankrate.com

  • Mortgage
  • Credit Cards
  • Auto

Free Newsletters from TheStreet

My Subscriptions:

After the Bell

Before the Bell

Booyah! Newsletter

Midday Bell

TheStreet Top 10 Stories

Winners & Losers

Register for Newsletters
Top Rated Stocks Top Rated Funds Top Rated ETFs