Define the risk tiers

All the risk factorsClosed Include assessments, questionnaires, categories, and CIP rankings, and other weighted risk factors. The weights assigned to each factor are used to calculate the risk score for the third party. you will define are used to return a risk scoreClosed Summary score of all the risk factors defined in the risk model. Set risk score ranges to define tier names, such as High, Medium, and Low. See Risk Tier. for the third-party. Risk tiersClosed Map risk scores for a third party to a recommended scope of due diligence. For example, high may require enhanced due diligence and low may require only internal review. See Risk Score. map the risk score to the recommended scope of the due diligence actions. For example, a tier defined as high risk with a high risk score may require enhanced due diligence. In contrast, the low tier with lower risk scores may require only internal review.

Important

Seek internal/external legal counsel guidance when considering the risk modelClosed Created for different third-party types and categories within the type to apply separate evaluation criteria to diverse types of third parties. Four factors make up a risk model: country, type and category, DDQ questions, and third-party custom field questions. factors and variables and the defensibility impacts. The steps and examples provided in this documentation are informational only and are not specific to an organization.

  1. Select the Tier name, such as Medium.

  2. Set a Start at minimum threshold for the new tier. For example, the Start at for the Medium Tier might be 40, Medium+ might start at 60, and so on.

  3. Select a Scope of due diligence for this risk tier to prescribe. For example, Open Source Investigation may be selected for the medium tier.

  4. Select Add.

  5. Continue to add and edit tiers until you are satisfied with the tiers and the due diligence required for each tier.

  6. Select Next Step.