ProcessUnity Vendor Risk Management protects companies and their brands by reducing risks from third-party vendors and suppliers. Combining a powerful vendor services catalog with risk process automation and dynamic reporting, ProcessUnity VRM streamlines third-party risk activities while capturing key supporting documentation that ensures compliance and fulfills regulatory requirements. ProcessUnity VRM provides powerful capabilities that automate tedious tasks and free risk managers to focus on higher-value mitigation strategies.
ProcessUnity Best Practice Program
Best Practice Program for ProcessUnity Vendor Risk Management (VRM) is a pre-configured third-party risk program with turn-key workflow, assessments, calculations, risk analysis and reporting. Developed by Third-Party Risk Management subject matter experts and perfected via hundreds of successful customer implementations, Best Practice Program delivers a complete, “out-of-the-box” program with a high-quality, systematic and repeatable assessment process that improves communication between lines of business, third-party risk analysts and third-parties to ultimately drive risk out of an organization. The low-touch, low-cost implementation gets customer programs up and running in no time. As a program changes and matures, customers can modify the pre-defined processes, calculations, roles and workflows via ProcessUnity’s unparalleled platform configuration capabilities.
Personal Dashboard: Monitor and track your program status with a configurable dashboard and real-time updates.
Third-Party Request: Document key vendor data to expedite third-party requests, track status through closure and standardize onboarding processes.
Service Review Scheduler: Schedule automatic service reviews and performance evaluations based on inherent risk scores.
Assessment Review Report: Review vendor responses by priority level via automated preferred responses and yearly aggregate response comparison; create and track issues directly within the report
ProcessUnity Best Practice Program leverages a sophisticated data model which includes pre-built relationships and workflows between key data elements and system users. The elements of the data model include:
Third Parties – External vendors, suppliers and organizations from which services are contracted
Third-Party Requests – Requests from line of business employees for new third-party services
Third-Party Services – The specific service(s) contracted from various vendors and suppliers
Agreements – Contracts and other legal documents signed with third parties
Assessments – Completed due diligence reviews from third parties
Third-Party Issues – Issues identified during vendor onboarding or via ongoing monitoring
Service Reviews – Periodic inherent risk and performance evaluations on contracted third-party services
Questionnaires – Pre-configured third-party surveys used to conduct due diligence
Workflows & Assessments
Pre-configured workflows establish the repeatable processes necessary for effectively managing third-party risk – from initial service identification and onboarding through contracts, ongoing vendor monitoring and offboarding.
Onboarding Request Workflows – Capture a new service request, automatically determine inherent risk, perform due diligence, manage issues and track contract data
Ongoing Monitoring Workflows – Conduct periodic service reviews to monitor inherent risk changes, remediate issues, monitor vendor performance against KPIs and maintain a schedule for ongoing due diligence
Offboarding Workflows – Securely offboard third parties and ensure sensitive data is safely transitioned in a compliant manner
Automated questionnaires end inefficient paper surveys and spreadsheets and simplify the assessment process for both organizations and their partners. Employing industry-standard questionnaires from Shared Assessments (SIG Core and SIG Lite) further streamlines the vendor assessment process.
Easy to read reports of assessment results, third-party summary reports and program-level reporting help demonstrate program status to key stakeholders.
Calculations & Scoring
ProcessUnity’s Best Practice Program provides built-in calculations, rating tiers, scoring and other logic critical to an automated third-party risk program, including:
Inherent Risk – Determine inherent risk based on responses to a pre-determined set of questions sourced from recommendations by the Office of the Comptroller of the Currency (OCC) and other governing bodies.
Automated Scoping – Based on the inherent risk score, ProcessUnity calculates the breadth and depth of the questions required for the third-party assessment.
Assessment Review Rating – Every external assessment receives a score calculated based on the number of high and medium severity issues identified.
Residual Risk – Determine control effectiveness based on a third party’s inherent risk rating and most recent assessment review rating.
Ongoing Monitoring Schedules – The risk methodology automatically determines ongoing due diligence frequency – annually, biennially or triennially.
Issue Remediation – Issues identified during assessment analysis are assigned a severity rating. Based on the severity, the issues are assigned a remediation schedule.
Preferred Responses – Preferred/non-preferred response calculations allow analysts to quickly make business decisions during due diligence reviews.
Performance Management – Centralize and track year-over-year trend analysis of vendor performance evaluations to better manage vendor relationships.
Geographic Risk – Automatically flag pre-determined domestic, foreign or sanctioned third-party services based on the organization’s unique criteria or published lists such as OFAC.
Key Performance Indicators (KPI) – Benchmark and track key performance indicators throughout onboarding third-party services, assessment completion and issue management.
ProcessUnity’s Vendor Portal provides third parties with a secure, online environment to complete questionnaires, provide responses and comments, and attach supporting documentation. An easy-to-use interface, combined with instructions and guidance, improves vendor response time and response quality.
Interactive Dashboards & Reports
Built-in reports provide real-time visibility into the state of third-party risk and demonstrate to key stakeholders the existence of a consistent, reliable and repeatable program. Trend analysis monitors and manages changes in vendor performance with a side-by-side comparison of historical vendor responses. Interactive dashboards give visibility into ongoing risk assessment progress, the status of remediation activity and vendor risk ratings. Drill-down capabilities allow risk managers to quickly find the details in areas of concern.
Best Practice Program contains a comprehensive library of pre-built reports to track critical vendor and service-risk information. Extensive custom reporting capabilities allow third-party managers to create management-level reports and individual dashboards through a simple-to-use interface. With ProcessUnity, organizations gain program-level reporting that manual methods simply cannot provide.