We have three functionalities related to supplier reviews:
- Organisation / Third Parties (were you define your suppliers)
- Risk Management / Third Party Risk Management (where you document risks related to your Third Parties)
- Compliance Analysis / Online Assessments (where you can collect evidence from them using questionnaires)
how we answer this questions?
1- who are our suppliers?
on the third party module you could get a list
2- have we assess them? which ones yes, which ones not?
you could run a filter on the OA module to get the list of OAs where a give third party is listed, same for the third party risk module … but we miss some sort of pivot table that shows the counter of risks or OAs
3- which one is ok which ones is not ok?
this will be in theory be addressed by dynamic statuses … on the third party module you will include your own status that will say “Compliant” if there is one or more OAs with status “Pass” (another dynamic status)
4- where are the questions we asked them?
5- what findings we have for each one of them?
6- when will they be assessed next time?
7- what risks we run with them?
8- how much risk they represent to us?
9- which ones is the “worst” in terms of risk?