Inherent Risk Rating Solution (IRR)
Understand the inherent amount and types of risk posed by prospective third-party engagements.

Inherent Risk
Inherent Risk is the natural level of risk that is part of any process or activity — given an existing understanding of how the service is being orchestrated and some detail of the components of its delivery. Inherent risk rating should take place prior to the evaluation of controls.
Third-Party Service Inherent Risk Rating
Our TPSIRR solution provides a consistent technique for practitioners and other risk stakeholders to identify third-party risks inherent in the services being provided to them. The product then scores these risks in an organization-controllable way and recommends a scoped SIG Questionnaire or extended assessment. The TPSIRR allows practitioners to:
- Determine third-party Inherent Risk Ratings (IRR) across vendor portfolios
- Discern areas of focus (including controls) for risk-based due diligence
- Report on the types of third-party risks introduced to an organization by third-party vendors.
Key Functionalities
- Vendor Risk Scoring in accordance with an organization’s customizable risk classifications
- Quick-Glance Assessments using RAG reporting for levels of risk (Red=High, Amber=Moderate, Green=Low)
- Due-diligence scoping and frequency planning including identification of the appropriate SIG Questionnaire (Lite, Core, Full)
- Risk Tiering derived from inherent risk ratings
- Dashboard tracking on Inherent Risk Ratings (IRR) completed across vendor portfolios
TPSIRR Areas Of Impact
The TPSIRR “Areas of Impact” and the SIG Questionnaire risk domains they encompass:
TPSIRR Areas Of Impact | Included SIG Risk Domain(s) |
Operational Resilience | Operational Resilience Compliance Management |
Artificial Intelligence/Machine Learning & Financial Model Risk | Compliance Management |
Use of Technology Providers | Cloud Hosting |
Cyber Security and Information Protection/Technology | Access Control Application Security |
Subcontractors/Fourth and Nth Parties | Nth-Party Management |
Network Connectivity/API Integration | Security Nth Party Management Network Security |
Geo-Location Factors | Compliance Management |
Learn about the SIG Risk Domains.