Working with Supplier Risk Assessments

You can manage the risk associated with different suppliers through Risk Ranking & Filtering (Supplier Risk) Assessments, which identify and rank complex risk factors associated with engaging or continuing to use a supplier. This assessment considers factors such as quality, compliance, financial health, geopolitics, and business continuity. Vault calculates an assessment score and suggests a risk level using criteria defined by your organization. Supplier Risk Assessments make it easier for your organization to remain compliant with requirements for risk-based decision making.

Process Overview

The Supplier Risk Assessment process may differ depending on your Vault’s configuration and organizational requirements, but a typical process includes:

  1. Define Risk Factor Templates and add supporting records to store assessment data.
  2. Create an Assessment for a supplier and select a Risk Factor Template. The Risk Factor Scorings section on the Assessment is populated with Risk Factor Categories based on the template you select.
  3. Add a Risk Factor to each Risk Factor Category to allow Vault to calculate an Assessment Score and suggest a Risk Level.
  4. Determine the Final Risk Classification based on the calculated Suggested Risk Level.

Defining Risk Factor Templates

A Risk Factor Template is a reusable collection of related records that defines how risk factors are weighted and scored on a Supplier Risk Assessment. This involves creating the following records:

  • Risk Factor Template: This record anchors the structure of related records. Users select a Risk Factor Template when creating a Risk Factor Assessment record.
  • Risk Factor Category: The general area you are assessing, for instance, the rate at which an organization completes CAPAs on time.
  • Risk Factor: Specific details about the risk factor category. For instance in the context of evaluating the on-time CAPA completion rate, a number such as 95%.
  • Risk Level: These records define risk levels, typically as low, medium, or high, and assign each a maximum threshold value.

To create a Risk Factor Template:

  1. Navigate to Business Admin > Objects > Risk Matrices, or to a custom tab.
  2. Click Create.
  3. From the dialog, select the Risk Factor Template type and click Continue.
  4. Enter a Name.
  5. Enter a Scoring Method. This defines how the Assessment Score is computed: either as a sum or an average of all the Risk Factor Scores from Risk Factor Scoring records associated with a Risk Factor Assessment.
  6. Click Save.
  7. In the Risk Factor Categories section of the newly created Risk Factor Template, create all relevant Risk Factor Categories and assign each a weightage.
  8. In the Risk Level section of the newly created Risk Factor Template, create all relevant Risk Levels and assign each a Maximum Threshold Value.
  9. Navigate to each Risk Factor Category, create Risk Factors as needed, and assign a Risk Factor Value to each Risk Factor to determine their scoring.
  10. When the Risk Factor Template contains all relevant data, move it to the Approved lifecycle state.

Creating Risk Factor Assessments

To create a Risk Factor Assessment:

  1. Navigate to Business Admin > Objects > Assessments, or to a custom tab.
  2. Click Create.
  3. Select the Risk Factor assessment type.
  4. Select the type of evaluation in Evaluation For. If you select Supplier Risk Assessment, you must also select an Organization. Other types of assessments may require different information.
  5. Select a Risk Factor Template.
  6. Enter a Description and any additional required information.
  7. Click Save. Vault generates Risk Factor Scorings based on the Risk Factor Template you selected.
  8. In the Risk Factor column of the Risk Factor Scorings section on the newly created record, select applicable Risk Factors. With each additional Risk Factor you select, Vault recalculates the Assessment Score, which determines the Suggested Risk Level. The Assessment Score is calculated by multiplying the Risk Factor Value of individual Risk Factor Scorings by the Weightage, then either by adding the resulting Risk Factor Scores together or determining the average. Refresh your browser tab to see the latest calculated score and suggested risk level.
  9. When you’re finished selecting Risk Factors, edit the record and select a Final Risk Classification. You can optionally base this classification on the calculated Suggested Risk Level.