Best Practices
Risk Rating Third Parties: Optimizing Risk Management Outcomes
The objectivity of a risk rating process that follows best practices informs a more effective evaluation and comparison of third party control postures. This paper discusses what third party risk rating is, what risk rating is needed and how an organization can apply risk rating best practices as part of their risk management program.
It is essential that a pre-engagement risk rating is performed on every potential third party to determine appropriate levels of due diligence oversight and set relevant expectations for ongoing assessments.