Use Case: Vendor Governance

Alyne provides a scalable option for organisations to digitalise vendor governance and supplier risk management within minutes.

Introduction

Businesses rely on more and more vendors as they continue to shift focus to core competencies and reduce depth in value creation. This does not reduce or increase risk in most cases - it simply reallocates risk to different categories. What used to be a risk in operating IT now becomes a vendor risk, third party risk or outsourcing risk - depending on the terms used in your organisation. A scalable option to identify and evaluate risks resulting from working with vendors is an important capability for many of Alyne’s customers where we have observed some common challenges and success factors.

Common Challenges

  • Focus on Perfect Assessment
    Much time is spent in reviewing and agreeing the perfect assessment with all involved stakeholders. The output can be a lengthy process with questions that have a “design by committee” quality. We suggest rapid iteration and generating quick assurance value instead.

  • Unclear Consequences
    Some vendor assurance or third party risk processes are executed as a “tick the box” exercise, with unclear consequences for identified risks. If thresholds for mitigation and ending the vendor relationship are not defined, the outcome of the process is incomplete.

  • Manual Analytics
    Most third party or vendor governance processes still involve a significant aspect of manual analytics to understand the output of a potentially large number of assessment results. Automating both analysis and insights is a key to process success. 

Success Factors

  • Generate Deep Insights Quickly
    Ask questions that allow insight beyond the immediate question. A great way of doing this is providing multiple unique answer options. This method can replace multiple questions with one.
     
  • Build Relationships
    Enable collaboration throughout the assessment with your vendors. They need to be on your team and close communication can be a great tool to achieve this.

  • Focus on Risk Portfolio View
    Viewing each vendor individually can be relevant for making decisions specific to that vendor, however risk exposure is often only revealed in a portfolio view. Analyse the risk exposure across multiple vendors from various perspectives to gain a better understanding.
PreviousNext
Karl Viertel

Related Posts

A 360 Degree Risk View of Your Vendors with Alyne and SecurityScorecard

Recently, Alyne’s third party risk management capabilities became a whole lot more powerful with the introduction of the SecurityScorecard integration which offers users a comprehensive 360 degree risk view of their third party dependancies. Read more about how you can power-up your vendor governance process with the help of Alyne and SecurityScorecard.
Read more

Integrating Cyber Security, IT and Vendor Strategy for Improved Enterprise Risk Management

This year, United State's President Joe Biden signed a cyber security executive order to increase scrutiny and raise the bars for software security standards. In this article, Christina Casino from Alyne’s Customer Success Team unpacks and explains Alyne’s approach that can help your organisation streamline and integrate IT, cyber security and vendor strategy all within a single SaaS platform.
Read more

Data Security, Data Sovereignty and Data Residency Within a SaaS Cloud Environment

The convergence of big data and hyper cloud infrastructure has created a myriad of issues around the access, use and storage of data. The wave of nationalism and ‘inward focus’ as a reaction to a sustained period of outward-looking globalism is a major reason for this. Data custodians have very strong views and often regulatory requirements around how data should be treated. In this article, Stephen Nyabadza from Alyne’s Sales Team unpacks and explains Alyne’s approach to data within a Software-as-a-service (SaaS) cloud environment satisfies all concerns in this area.
Read more