2015 Vendor Risk Management Survey

2015 Vendor Risk Management Survey

2015 Vendor Risk Management Survey Header

The Shared Assessments Program and Protiviti Examine the Maturity of Vendor Risk Management

The results of the Vendor Risk Management Benchmark Study can be viewed as cause for optimism - or concern, depending on one's view of the world. From a "glass-is-half-empty" perspective, it appears that third-party risk management programs may be stagnating. The survey respondents rated their overall maturity in most of our vendor risk management categories to be virtually identical to levels reported in our 2014 results for the same areas. For those who favor the "glass-is-half-full" point-of-view, these changes may reflect increased knowledge among survey respondents who have gained a greater understanding of vendor risk over the past year.


Regardless of one's perspective, the 2015 survey findings are crystal clear on a crucial point: There is still a lot of vendor risk management work to be done.



Key Findings:

  1. Vendor risk management programs require more substantive advances – The overall maturity rating for program governance in this year’s survey (2.8 on a 5-point scale) should serve as a warning sign of the need for deeper changes that reach into organizational culture and behavior.
  2. Cybersecurity threats are a prominent challenge – Cybersecurity threats are clearly on the minds of risk managers, IT functions and regulators. High-profile data breaches, often involving millions of customer records and personally identifiable information, are being reported with greater frequency.
  3. Vendor risk management programs within financial services organizations are more mature – The financial services industry remains ahead of other industries, including insurance and healthcare, with regard to their vendor risk management programs.




2015 Vendor Risk Management Survey Infographic