THE RISKS
SUPPLIER AND VENDOR MANAGEMENT KNOWLEDGE AND CAPABILITY
Denition:
Percentage who gave a rating of 6 or 7 on a scale of 1 to 7
Foranorganizationtobesuccessful, it has to maintain healthy and fruitful relationships with its external business partners and vendors. This risk examines organizations’ abilities to select and monitor third-party relationships.
Analysis: While more CAEs have high personal knowledge of this critical risk in an increasingly interconnected business environment, fewer perceive their organizations as having a high capability to manage this risk. This gap between CEsandtheirstakeholdersmaybedrivenbyahigher percentageofCEsviewingthisriskasbeinghighly relevant to their organizations, likely stemming from publicly reported cyber threats, compliance-related issues, and other disruptive events arising from thirdparty relationships.
RISK STAGE
Quotes: “The challenge is how do we keep this relationship with these long-time vendors, and at the same time how do we go out and find what we need if that vendor cannot provide it.” –C-suite, Manufacturing “Our organization has really strong relationships…but I gave it a lower capability score because data privacy, protection, cybersecurity…those things are harder to manage with our suppliers.” –CAE, Technology MovedfromExpleor toDevelop
RISK RELEVANCE Percentage who gave a rating of 6 or 7 on a scale of 1 to 7 – Supplier and Vendor Management
60% 67%
77%
Board C-suite
CAE
www.theiia.org 38
