Vendor-GRC helps ensure Vendor Managers assess all new suppliers for Governance, Risk & Compliance (GRC) obligations as part of the take-on process and periodically thereafter. When there are changes to GRC procedures or rules, all relevant Vendor Managers can be notified, training examples provided and the changes acknowledged.
With Vendor-GRC you can automate your control environment, including reporting and managing:
Ensure Vendor Managers confirm compliance with regulatory rules and management procedures, including updating the vendor risk profile, due diligence assessments and measuring the vendor against peers and expectations.
Require Vendor Managers to certify the completeness and accuracy of data reported regarding the vendor, including complaints, compensation, risks and issues.
Require Vendor Managers to certify compliance with the clauses in the contract(s) and Service Level Agreements (SLAs), e.g. quality, timeliness, quantity etc.
Report and analyze issues regarding the vendor that require resolution. Ensure each issue/action point is assigned and resolved.
Ensure the risks associated with each Vendor are identified, analyzed and mapped to controls, e.g. legal jurisdiction, going concern, disaster recovery, etc.
Report, manage, authorize and analyze compensation payments due to or from Vendors. Link compensation payments to Complaints and/or Operating Errors.