citicus
 

Managing supplier risk with Citicus ONE

Citicus ONE provides you with an efficient and consistent way of tracking risk in your supply chain. This can encompass a wide range of scenarios such as the risks associated with:

  • Outsourcing development and / or operation of IT systems, including the use of cloud computing
  • Sourcing external services to support or replace your internal business processes
  • Sourcing raw materials and products.

Citicus ONE's customizable risk scorecards allow you to ‘unpack’ supplier risk to focus on: 

  • Risks associated with your relationship with a particular supplier
  • Risks associated with a specific supplied service / product.

These can be combined with information about the risks to IT systems that support supplied services through Citicus ONE’s unique dependency risk mapping and consolidated reporting to give an overview of the risks across the whole supply chain. 

 

 

Supplier risk scorecards probe five risk factors as illustrated below:

 

 Citicus ONE enables risk management of a wide range of outsourced services.

Illustrating the complexity of outsourced services whose risks need to be managed
      

The Citicus ONE supplier risk scorecard probes risk factors specific to the supply chain.

 

 

Criticality: Identifying the potential impact of incidents on the quality, cost and delivery of services or products supplied

Control weaknesses*: eg in contractual arrangements, relationship administration, service delivery, service assurance, exit strategy.

Special circumstances* that can drive risk up: eg the maturity, viability, geographic location of suppliers

Level of threat*: eg from disputes, poor performance, misconduct, business interruption

Business impact: The impact of actual supply chain incidents in financial, reputational, operational and other ways.

*These risk factors can be assessed at varying levels of detail by employing Citicus ONE’s drill-down checklists. For example the geographic location of suppliers may be further probed to identify risks from unreliable power/telecommunications, political unrest, strikes, environmental events, etc.

Citicus ONE has pre-configured content optimized for probing these supplier risk factors based on industry best practice, developed in conjunction with Citicus’ customers with high levels of expertise in supply chain risk management. This built-in content can be easily customized to match an organization’s specific requirements and standards. For example this could include:

  • The BITS Framework for Managing Technology Risk for Service Provider Relationships
  • The FFIEC Outsourcing Technology Services standards
  • Data privacy requirements imposed on suppliers
  • Guidance from Basel II, Intellect, OGC, ISO/IEC, OCC and others.

The results of risk assessments of suppliers and supplied services are presented using Citicus ONE’s graphical reporting process. Examples are shown below and on the Results produced pages.

A Citicus ONE compliance chart showing how well a specific supplied service meets an organizations specified standards.

Reporting compliance of an individual supplied service against required standards

A Citicus ONE league table ranking suppliers and supplied services according to their relative business criticality to the organization.

Providing a league table of the relative criticality of suppliers and the services they provide

Citicus ONE tracks the volume of incidents associated with specific suppliers or supplied services.

Tracking actual incidents affecting supplied services

 

Home | Our software | Services | Resources | News/events | Customers | Partners | About us | Contact us | Privacy policy | © 2012 Citicus Ltd