2016 Vendor Risk Management Survey

2016 Vendor Risk Management Survey

2016 Vendor Risk Management Survey Header

The Shared Assessments Program and Protiviti Examine the Maturity of Vendor Risk Management

Companies appear to have reached a positive turning point with regard to managing their vendor risks. The results of the latest Vendor Risk Management Benchmark Study indicate that:

  • Organizations in all industries are increasing their focus on managing vendor and third party risks.
  • Levels of maturity in different vendor risk management components have noticeably improved.


This is the third year that the Shared Assessments Program and Protiviti have partnered on this research, which is based on the comprehensive Vendor Risk Management Maturity Model (VRMMM) developed by the Shared Assessments Program.



Key Findings:

  1. Vendor risk management is garnering more attention and maturity levels are on the rise.
  2. Many boards have a high level of engagement regarding cybersecurity risks to the business, but less so for vendors.
  3. Board engagement in cybersecurity risk is a key differentiator.
  4. Metrics matter more.
  5. Despite higher maturity levels in most vendor risk components, there remain numerous areas for improvement.




2016 VRM Survey Infographic


Content Contributed by:

Cal Slemp
Managing Director
Gary S. Roboff
Senior Consultant
Shared Assessments