Q1 Please select the primary industry in which your company operates.
Size: px
Start display at page:

Download "Q1 Please select the primary industry in which your company operates."

Transcription

1 Q Please select the primary industry in which your company operates. Answered: 9 Skipped: Banking Construction & Real Estate Financial Services &... Food & Commodities Government Healthcare Higher Education Manufacturing & Distribution Not-for-Profit Private Equity Retail Dealer % % 2% 3% 4% 5% 6% 7% 8% 9% % Banking Construction & Real Estate Financial Services & Insurance Food & Commodities Government Healthcare Higher Education Manufacturing & Distribution Not-for-Profit Private Equity Retail Dealer 2.88% 9.% 27.47% % % % % % 5 2.2% 2 2.2% 2 / 25

2 Total 9 2 / 25

3 Q2 What is the annual revenue of your company? Answered: 98 Skipped: 3 Less than $5M $5M - $B $B - $5B More than $5B % % 2% 3% 4% 5% 6% 7% 8% 9% % Less than $5M $5M - $B $B - $5B More than $5B 22.45% % % % 25 Total 98 3 / 25

4 Q3 How many employees does your company have? Answered: 99 Skipped: 2 Less than,, - 5, 5, - 5, 5, - 25, 25, - 5, More than 5, % % 2% 3% 4% 5% 6% 7% 8% 9% % Less than,, - 5, 5, - 5, 5, - 25, 25, - 5, More than 5, 33.33% % % 3 5.5% 5 6.6% 6 2.2% 2 Total 99 4 / 25

5 Q4 How many third-party relationships does your company's third-party/vendor risk management program assess, manage, and/or monitor? Answered: Skipped: - -,, - 5, 5, -,, - 25, More than 25, % % 2% 3% 4% 5% 6% 7% 8% 9% % - -,, - 5, 5, -,, - 25, More than 25, 32.% % 32 3.% 3 6.% 6 7.% 7 Total 5 / 25

6 Q5 Please select the types of third-parties covered by your company's thirdparty/vendor management program (please select all applicable): Answered: Skipped: Traditional Vendors... Non-Traditional Vendors... Joint Ventures Affiliates Intra-group Outsourcing % % 2% 3% 4% 5% 6% 7% 8% 9% % Traditional Vendors (product / service providers, processors, etc.) Non-Traditional Vendors (dealers, brokers, correspondent lenders, etc.) Joint Ventures Affiliates Intra-group Outsourcing 96.4% % % % % 4 Total Respondents: 6 / 25

7 Q6 What percentage of the third-party population is considered high risk? Answered: Skipped: -% -25% 26-5% 5-75% More than 75% % % 2% 3% 4% 5% 6% 7% 8% 9% % -% -25% 26-5% 5-75% More than 75% 47.% % 37.% 3.% 3 2.% 2 Total 7 / 25

8 Q7 Please select the operating model that best describes your company's thirdparty/vendor management program: Answered: 99 Skipped: 2 Decentralized - Third Part... Centralized in Procurement Centralized in Operational... Centralized in Information... Centralized in IT / Operations Hybrid, with Centralized... Hybrid, with Centralized... Hybrid, with Centralized... Hybrid, with Centralized... % % 2% 3% 4% 5% 6% 7% 8% 9% % Decentralized - Third Party / Vendor Risk Management Offices Embedded within Each Business Area Centralized in Procurement Centralized in Operational / Enterprise Risk Management Centralized in Information Security Centralized in IT / Operations Hybrid, with Centralized Components in Procurement Hybrid, with Centralized Components in Operational / Enterprise Risk Management Hybrid, with Centralized Components in Information Security Hybrid, with Centralized Components in IT / Operations 8.8% 8 2.2% 2 6.6% 6 6.6% 6 2.2% 2 7.7% 7 4.4% 4 3.3% 3 3.3% 3 Total 99 8 / 25

9 Q8 Please select the level that best describes the maturity of your company's third-party/vendor management program: Answered: 99 Skipped: 2 Reacting: Assessing to... Anticipating: Assessment... Collaborating: Assessment i... Orchestrating: The program... % % 2% 3% 4% 5% 6% 7% 8% 9% % Reacting: Assessing to sign a contract, in "just get it done" mode, inventory is not yet comprehensive (not sure if all third-parties that need to be assessed are being assessed) 3.3% 3 Anticipating: Assessment assists in drafting of contract, assessing both risks and controls, findings are identified and tracked, moderate to high level of confidence high risk relationships are in inventory and being assessed Collaborating: Assessment is prioritizing both internal and external actions, program brings together experts from across the organization, trust and verify activities exist within program, results are informing business decisions 35.35% 26.26% Orchestrating: The program is integrated within other risk and compliance programs, third-party risks are well measured and controlled (risk appetites), there are built in and independent quality assurance functions 8.8% 8 Total 99 9 / 25

10 Q9 Please select the ways your company segments its third-party population (please select all applicable): Answered: 99 Skipped: 2 Risk Level / Tiers Category of Product /... Category of Product /... North American Industry... Other Industry Classification Company Process... Risk Type (i.e., Risk... % % 2% 3% 4% 5% 6% 7% 8% 9% % Risk Level / Tiers Category of Product / Service Provided to Company Category of Product / Service Supported (i.e., the Third-Party supports your company's product / service) North American Industry Classification System (NAICS) Other Industry Classification Company Process Supported by the Third-Party (i.e., Process Taxonomy) Risk Type (i.e., Risk Taxonomy) 63.64% % % % 5 4.4% 4 5.5% 5 2.2% 2 Total Respondents: 99 / 25

11 Q Please select the components that are included in your company's thirdparty/vendor management program (please select all applicable): Answered: Skipped: Risk Assessment Reassessment Control Questionnair... Testing / Evidence... On-Site Reviews Desktop Reviews Shared Assessments... Continuous Monitoring... Completeness of Inventory... Fraud Analytics Internal Change of Us... External Change of... Joint Disaster Recovery... Review of SOC, SSAE 6, or... Justification for Use... Cost / Benefit Analysis Assessment of Experience % % 2% 3% 4% 5% 6% 7% 8% 9% % / 25

12 Risk Assessment 8 8 Reassessment Control Questionnaires (Trust Practices) Testing / Evidence Reviews (Verify Activities) On-Site Reviews Desktop Reviews Shared Assessments (Working with other companies to review the same third-party/vendor) Continuous Monitoring Activities (Negative News, Litigation, Reputation, Events, etc.) Completeness of Inventory Controls Fraud Analytics Internal Change of Use Monitoring (to identify if the Company changes how it is using the third-party/vendor) External Change of Delivery, Product or Service Monitoring (to identify if the third-party/vendor changes their product / service or delivery channel) Joint Disaster Recovery Testing Review of SOC, SSAE 6, or Other Attestation / Audit Reports Justification for Use (Strategy) Cost / Benefit Analysis Assessment of Experience % % % 35 2.% 2 44.% 44 6.% 6 9.% 9 3.% 3 2.% 2 32.% % 35 Total Respondents: 2 / 25

13 Q Are the Procurement and Contracting functions at your company integrated with the third-party/vendor risk management program? Answered: 98 Skipped: 3 Yes, both Procurement... Yes, Procurement... Yes, Contracting... No, but we plan to... No, but we plan to... No, but we plan to... No, and we don t have... % % 2% 3% 4% 5% 6% 7% 8% 9% % Yes, both Procurement and Contracting are integrated Yes, Procurement is integrated Yes, Contracting is integrated No, but we plan to integrate both Procurement and Contracting No, but we plan to integrate Procurement No, but we plan to integrate Contracting No, and we don t have plans to integrate Procurement or Contracting 46.94% % 8 4.8% % 4.2% 3.6% % 22 Total 98 3 / 25

14 Q2 How does your company s thirdparty/vendor risk management program manage Anti-Bribery Anti-Corruption (ABAC)? (please select all applicable): Answered: 98 Skipped: 3 Employee Code of Conduct Employee Training Third-Party / Vendor Code... Separation of Duties Betwe... Independent Credible... Corruption and Anti-Bribery... Tracking of Geographical... Related Party Checks Other Reputation... Additional Scrutiny or... Review of Third-Party... % % 2% 3% 4% 5% 6% 7% 8% 9% % Employee Code of Conduct Employee Training Third-Party / Vendor Code of Conduct Separation of Duties Between Contract Negotiator and Contract Signer Independent Credible Challenge of Third-Party / Vendor Relationship Corruption and Anti-Bribery Terms in Contracts Tracking of Geographical Locations Related Party Checks Other Reputation Checks 82.65% % % % 24.22% 52.4% % % % 26 4 / 25

15 Additional Scrutiny or Due Diligence for Sales Agents, Lobbyists, Distributors, Resellers, and Joint Ventures Review of Third-Party / Vendor ABAC oversight for Third-Party / Vendor subcontractors (4th Parties) 5.3% 5 9.8% 9 Total Respondents: 98 5 / 25

16 Q3 Please select the types of reporting your company's third-party/vendor risk management program regularly produces (please select all applicable): Answered: 94 Skipped: 7 Key Risk Indicator (KRI) Key Performance... Third Party Performance... Risk Appetite Measurements Reporting to Board Reporting to Senior... Concentration by Geography Concentration of Specific... Concentration of Spend Fourth-Party / Subcontracto... % % 2% 3% 4% 5% 6% 7% 8% 9% % Key Risk Indicator (KRI) Key Performance Indicator (KPI) Third Party Performance Scorecards Risk Appetite Measurements Reporting to Board Reporting to Senior Operating Committees Concentration by Geography Concentration of Specific Product / Service Concentration of Spend Fourth-Party / Subcontractor Concentration 39.36% % % % % % 3.7% 7.2% % % 6 Total Respondents: 94 6 / 25

17 Q4 Please select the tools/technologies your company uses for each of the following functions (please select all applicable): Answered: 98 Skipped: 3 Sourcing/Procur ement Third-Party / Vendor... 7 / 25

18 Risk Assessment Control Assessment Issue / 8 / 25

19 Issue / Findings... Crowe Horwath Third-Party Risk Management Survey Contract Repository Contract Administration 9 / 25

20 Performance Scorecards Risk Reporting % % 2% 3% 4% 5% 6% 7% 8% 9% % End User Computing (Excel, Access, SharePoint, etc.) Internally Developed Solution Archer Ariba Bwise Hiperos MetricStream OpenPages Other Commercially Available Software 2 / 25

21 End User Computing (Excel, Access, SharePoint, etc.) Internally Developed Solution Archer Ariba Bwise Hiperos MetricStream OpenPages Other Commercially Available Software Total Respondents Sourcing/Procurement 48.24% % % 3 4.2% 2.8% 2.35% % 9 85 Third-Party / Vendor Inventory 44.83% % 2 4.6% 4 8.5% 7.5%.5%.5%.5% 34.48% 3 87 Risk Assessment 53.57% % % 5.9%.9%.9%.9%.9% 2.43% 8 84 Control Assessment 57.75% % 7 7.4% 5.4%.4% 2.3% 5 7 Issue / Findings Management 55.26% % % 6.32%.32% 2.63% 2.32% 23.68% 8 76 Contract Repository 46.43% % % % 5.9% 3.95% Contract Administration 53.95% % 8.32% 6.58% 5.32% 22.37% 7 76 Performance Scorecards 58.82% % % 2.47%.47%.47% 22.6% 5 68 Risk Reporting 55.3% % % 3.28%.28%.28%.28%.28% 23.8% / 25

22 Q5 Please select the current challenges facing your company s third-party/vendor risk management program (please select all applicable): Answered: 96 Skipped: 5 Finding Competent Staff Retaining Competent Staff Third-Party Response /... Third-Party Acceptance o... Identifying Third-Party... Lack of Technology t... Ability to Produce... Meeting Regulatory... % % 2% 3% 4% 5% 6% 7% 8% 9% % Finding Competent Staff Retaining Competent Staff Third-Party Response / Participation in Program Third-Party Acceptance of Contract Clauses Identifying Third-Party Relationships / Completeness of Third-Party Inventory Lack of Technology to Help Manage Workflow Ability to Produce Meaningful Reporting Meeting Regulatory Expectations 35.42% % % 4 25.% % % % % 3 Total Respondents: / 25

23 Q6 In comparison to the current year's budget, does your company plan to spend more, the same, or less on the following activities: Answered: 97 Skipped: 4 Staffing Training/Confer ences/certif... Oversight and Governance Tools / Technologies Travel for Internal Sta... Outside Consultants... Outside Consultants... Outside Consultants... Outside Counsel Other More Same Less Total Weighted Average Staffing 25.% % 6.46% Training/Conferences/Certifications 29.3% % % Oversight and Governance 27.47% % % Tools / Technologies 42.55% % 5 3.9% Travel for Internal Staff to Visit Third Parties / Vendors 6.3% % % Outside Consultants for Program Advisement and/or Assessment of Program 9.78% % % Outside Consultants to Assess Third Party / Vendor Relationships (on-sites / desktops) 4.4% % % Outside Consultants for Other Activities 6.74% % % / 25

24 Outside Counsel 6.67% % Other.26% % % / 25

25 Q7 If you wish to be entered into the $ gift card raffle, please enter you address below. If not, please skip this question. The winner will be announced when the survey has concluded. Answered: 5 Skipped: 5 25 / 25

Similar documents
2024 © businessdocbox.com Privacy Policy | Terms of Service | Feedback