THE IMPACT OF EFFECTIVE VENDOR RISK MANAGEMENT IN RAPIDLY CHANGING BUSINESS ENVIRONMENTS AND A NEW PROPOSED RISK UNIVERSE PROFILE

Open Access
Author:
Lee, Sang Yeop
Area of Honors:
Accounting
Degree:
Bachelor of Science
Document Type:
Thesis
Thesis Supervisors:
  • Scott Collins, Thesis Supervisor
  • Henock Louis, Honors Advisor
Keywords:
  • Accounting
  • Vendor Risks
  • VRM
  • Risk Management
  • Third Party
Abstract:
After the 2008 financial crisis, regulatory scrutiny has been rising to reach not only financial organizations but also to the vendors and third parties that supply them. As responsibilities cannot be outsourced, financial institutions are being held responsible by regulators for not only their actions, but also for those of their vendors and suppliers. Financial institutions now have started looking at ways to broaden their risk profiles of their suppliers and vendors with an increased emphasis placed on preventive, detection, and mitigation controls. This thesis shines light on the importance of vendor risk management (VRM) and its rising need for businesses with IT related vendors. The specific industry analyzed is the financial services industry where, on average, more than 20,000 vendors supply major financial institutions. Big Four public accounting firms are analyzed as main VRM service providers in the financial industry. Through analysis of current VRM methodologies and risk profiles, this thesis draws a conclusion on the impact of the VRM for businesses to manage emerging risks and stay competitive in the market. From research, a new proposed VRM risk universe profile is introduced and applied to a case of Target’s data breach incident to demonstrate how VRM could prevented such tragedy.