Most Popular Posts

Subscribe by Email

Your email:

Browse by Tag

About the Risk Intelligence Blog

The Evantix Blog offers insight, tips and intelligence from leading risk authorities in enterprise vendor risk management and compliance.

Managing Vendor Risk, Performance and Compliance just got a whole lot easier || Evantix Risk & Compliance Portal ™  delivers a low cost high value solution to managing Vendor Exposure, Performance, Regulatory Compliance, Privacy and Information Risk across your entire portfolio of vendors and suppliers.

Risk Intelligence Blog

Current Articles | RSS Feed RSS Feed

4 Benefits of On-Demand Risk Reporting

Posted by Rene Barraza on Fri, Sep 03, 2010 @ 10:00 AM
  
  
Add to delicious  delicious  
  
data coming out of screen.In vendor risk management, the annual audit cycle is quickly becoming obsolete. Both regulators and clients continue to push for more timely and relevant data requests. Vendor risk management is moving toward on-demand reporting, which allows companies to call up the latest risk data and format it in the most relevant way to meet client and regulatory requests.

Whether you conduct risk management in-house or work with a third party vendor, there is a need to upgrade to an on-demand reporting solution. Below are four examples of how on-demand reporting can help businesses to stay leading-edge and offer their customers the best service:

1. Efficiently meet data requests
The reality in today's business world is that demand for data can come at any time. You do not want to be stuck providing outdated information, or asking vendors for reports that are outside of your contract terms.  What if a client wants to see the current details of your vendor risk management solution before signing a contract with you? In order to get their business, you'll need to supply current data fast. If you have an annual audit cycle, you may be stuck with data from the first quarter of 2009, because the report for the 2010 audit is still being written. On-demand reporting eliminates this time delay and allows you to share up-to-the minute data that's not locked into an annual or even quarterly reporting cycle. This also helps you to quickly analyze and update controls in response to evolving industry regulations.

2. Provide targeted formatting
On-demand reporting allows you to respond to specific requests and formats. When requests come in for information detailing vendor risk, even within the same industry, they are often going to be formatted in different ways. While you may have a timely PCI report ready, you may not have information that's formatted in a way that maps across the same data set included in a BITS* report. An on-demand system can very quickly build a new report to bridge this format gap and meet a client's needs.

3. Build a scalable solution
On-demand systems also make vendor risk reporting a scalable service that's easy to adapt across new industries. Let's say you primarily serve pharmaceutical clients and have never before worked with a healthcare client. You can leverage an on-demand system to provide data for a new prospective health care client in compliance with HIPAA requirements. It is also easier to build new reports without working from the ground up. From existing controls, you can map a subset of controls for a new type of request. This allows you to build on existing controls to build a new report quickly and to focus on the difference that you haven't measured yet.

4. Reduce time and costs
If you make a request for information outside of the annual audit reporting cycle, this request may not be covered under the terms of your contract. A vendor may deny the request and ask you to pay out of pocket or wait until next year for this crucial data. Like most business-to-business software solutions, on-demand vendor risk reporting software uses a simple back-end interface. This takes the added costs, mystery and waiting out of new vendor risk reporting formats. You no longer have to rely on annual or quarterly reports or put in a ticket with your provider and wait weeks for results. On-demand means the data is there and it's as simple as you or your vendor putting in a query, pushing a button and getting the data out.

It is becoming critical for companies to gather risk reporting data and develop reports according to specific frameworks and on a very timely and responsive basis. On-demand risk reporting software is very much in keeping with the accelerated pace of contracting and using third parties to meet information needs.  It can be the difference between “just in time” and “not quite In time” reporting. 
* BITS is a division of the Financial Services Roundtable.  “BITS”  originally stood for “Banking Information Technology Secretariat” but is  no longer used as an acronym.  BITS maintains an extensive library of  security requirements for use in financial services organizations and  applications.

About the Author: James M. Anderson is President of Professional Assurance, LLC, an advanced enterprise security consultancy.  Over his 30-year career, he has served as Vice President, Global Information Security Services for Visa, head of the information security unit of Morgan Stanley and as Director of Security and Information Services at Lexis-Nexis, Inc.  He holds the CISSP, CISM and CGEIT certifications.  You can follow his writing on the Evantix blog or connect with him on LinkedIn.

Find out how risk reporting software can help improve your business.

risk webinar cta In this educational personal webinar, you’ll learn how Evantix’s risk intelligence solution creates a credit bureau for your vendors enabling you to make intelligence decisions about your business risk.  Register for your personal webinar today.
Tags: , ,

Comments

Currently, there are no comments. Be the first to post one!
Post Comment
Name
 *
Email
 *
Website (optional)
Comment
 *

Allowed tags: <a> link, <b> bold, <i> italics