Risk Rating Third Parties: Optimizing Risk Management Outcomes

The objectivity of a risk rating process that follows best practices informs more effective evaluation and comparison of third party control postures.

This white paper discusses:

  • What third party risk rating is;
  • Why risk rating is needed; and
  • How an organization can apply risk rating best practices as part of their risk management program.

A formal risk rating process will determine assessment cadence and enables and prioritizes the assessment depth and specific actions for those assessments. To be effective, risk rating must be based on documented parameters, which include scoring against the defined risk tolerance and risk appetite statement of the outsourcer. It is essential that a pre-engagement risk rating is performed on every potential third party to determine appropriate levels of due diligence oversight and set relevant expectations for ongoing assessments.

To obtain a copy of this paper, please complete the form below. The paper will be sent upon receipt of submission to the email address provided.
  • This field is for validation purposes and should be left unchanged.
Shared Assessments Program licensee Churchill & Harriman logo
Shared Assessments Licensee ControlCase
intralinks-logo
Shared Assessments Logo first data
Shared Assessments Logo usbank
Viewpoint Logo
Shared Assessments Licensee Rsam
Shared Assessments Licensee Pivot Point Security
Shared Assessments Logo sei
MetricStream logo
Shared Assessments Licensee TD Ameritrade
Shared Assessments Licensee Protiviti
Shared Assessments Logo dtcc
Shared Assessments Logo pwc
Shared Assessments Licensee Lockpath
Shared Assessments Logo radian
Shared Assessments Logo Deloitte
Shared Assessments Logo Iron Mountain
Shared Assessments Logo Ernst & Young
Shared Assessments Licensee ZS logo
Shared Assessments Licensee Bank of the West
Shared Assessments Logo Bank Of New York Mellon
Shared Assessments Logo Deluxe Corp
Shared Assessments Licensee Power Advocate