How to Handle Critical Third-Party Vendor Failures due to the COVID-19 Pandemic
The economic effects of the COVID-19 pandemic crisis are far-reaching and catastrophic. Most likely, you have already implemented your business continuity plan and disaster recovery (BCP/DR) which should incorporate your pandemic planning.
But what can you do if a critical third-party vendor fails to deliver necessary services for your organization?
How will your business be impacted if a supplier can’t continue operating due to the coronavirus? You need to understand and quantify your dependence on third- and even fourth-party suppliers.
A vendor risk management (VRM) solution with vendor risk assessment (VRA) scoring methodology and application can help you identify and detail your risk. A balanced scorecard of residual risk should include a Business Impact Analysis (BIA) that contextualizes the vendor risk assessment. You need to perform both the risk assessment and impact analysis to understand what control failures or probabilistic failures could materially impact your organization and to what degree.
Adapt to changing business conditions to prioritize operational resilience
You need to prioritize operational resilience above all else. You don’t want to put pressure on a customer or force them to terminate a relationship in these uncertain times.
Identify your critical vendors. What commodities and services are required for your organization to stay operational and continue delivering to customers? Then evaluate the possible impact of delays or disruptions to your organization.
You don’t want to be highly dependent on a vendor’s services or products without having a viable contingency plan in place. Compile a list of alternative vendors and explore alternative applications. Unfortunately, transitioning services to alternate vendors requires significant time, money, resources, and, most likely, technology.
In some cases, your plan may be to support a vendor to maintain its relationships and delivery obligations. You may need to redistribute capital or resources from parts of your organization to ensure the supply and services cycle time isn’t disrupted.
There are options to adapt to changing business conditions — but what if you’re forced to take the loss? How will your business be affected? Vendor risk assessments can provide you with the necessary insights for you to make data-driven decisions in a timely manner.
Weigh the risk of critical vendors
A vendor risk assessment scorecard can summarize the findings of vendor due diligence reviews and the evaluation of vendor controls. This helps you mitigate the inherent risk that exists in the vendor relationship.
A VRA scorecard should contain a series of Business Impact Analysis questions that collect associated risks. The BIA scores the risk of working with each vendor that is critical to your business.
Vendors who have a high BIA score are the vendors you need to monitor to assess their ability to maintain operations. You’ll want to evaluate the vendor’s Business Continuity and Disaster Recovery plan, pandemic readiness, cybersecurity, human capital risk, and concentration risk reviews.
Are your high-risk and critical vendors managing the coronavirus pandemic? Or are they at risk of failing to deliver on your critical services and products? Don’t be taken by surprise. Identify critical vendors and assess their stability. Utilize vendor risk assessments to determine your level of risk in a worst-case vendor scenario.