Measuring Engagement Risk

Measuring engagement risk is a process that involves evaluating the inherent risk of an engagement by risk category and evaluating residual risk either manually or by generating and distributing a questionnaire for the third party to complete. Inherent risk is the impact and likelihood of a risk in the absence of controls and risk transfer.

Here are the tasks to measure Engagement risk:

  1. Review the Engagement Risk categories.

  2. Initiate a risk analysis by identifying the risk categories to assess and the key assessors for each set of inherent risk category questions.

  3. Analyze the inherent risk by answering inherent risk questions for each risk category being assessed.

  4. Manually select or allow the system to calculate the residual risk to evaluate controls that are in place to mitigate inherent risk for each risk category.

Engagement risk categories

The Third Party Risk Management use case has seven risk categories that you can assess. These risk categories provide your organization with a broadened perspective of the overall risk that a third party or an engagement presents.

The following table describes the seven risk categories.

Risk Category

Description

Compliance / Litigation Risk

Assesses the risk involved if a third party engagement violates laws or regulations or introduces litigation risk from product or general liability claims.

Financial Risk

Assesses the risk introduced by an engagement through credit, market, or liquidity risk, or as a result of theft.

Information Security Risk

Assesses the amount of risk associated with the compromise or theft of customer, employee, partner information or company intellectual property.

Reputation Risk

Generally a function of all the other risk categories, the Reputation Risk Assessment is a subjective assessment of an engagement and the other risks the engagement introduces.

Resiliency Risk

Assesses the risk to your organization resulting from the interruption or failure of a third party to deliver an engagement.

Strategic Risk

Assesses the strategic importance of a third party engagement to your organization and the effectiveness of that third party in fulfilling your strategic expectations.

Sustainability Risk

Assesses the potential environmental impact associated with the delivery of an engagement.