Which business area in the enterprise risk management (ERM) strategy is concerned with formal risk assessments when forming new or renewing existing vendor relationships?
Theprocurementfunction is directly responsible for vendor selection and contract management, including risk assessments of new or renewed vendor relationships. This ensures that third-party providers meet security, compliance, and performance requirements.
Software development and quality assurance focus on product creation and validation. Marketing manages branding and outreach. None of these directly involve evaluating external vendor risk.
Procurement integrates due diligence, contract clauses, and performance monitoring into enterprise risk management. This reduces exposure to third-party threats and ensures compliance with frameworks such as ISO 27036 (supplier relationships) and NIST vendor risk management guidelines.
Contribute your Thoughts:
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Submit