主权项 |
1. A service provider risk management system operated by an organization, comprising:
a processor; a memory; a communication interface in communication with a distributed network, the distributed network comprising one or more data stores having service provider information regarding a multitude of service providers stored therein; a service provider risk management module stored in the memory, executable by the processor and configured for:
receiving, via network data feeds through the distributed network, service provider information for the multitude of service providers from the one or more data stores, wherein the multitude of service providers each provide a product or service to the organization, wherein the service provider information includes risk information for each of the multitude of service providers;determining at least one risk area associated with a business practice of the multitude of service providers;determining at least one risk factor associated with the multitude of service providers, wherein the risk factor is a result of the organization transacting with each of the multitude of service providers;calculating an inherent risk score for each of the multitude of service providers based on the service provider information, wherein the inherent risk score is based on the at least one risk area and the at least one risk factor;identifying risk mitigation controls for each of the multitude of service providers to mitigate an impact of the at least one risk factor and a probability of a risk event occurring in the at least one risk area;calculating a residual risk score for each of the multitude of service providers based on the service provider information and identifying the risk mitigation controls for each of the multitude of service providers; andpresenting a graphical representation of at least the inherent risk score and the residual risk score for at least one of the multitude of service providers to a user computing device, whereby the service provider risk management system enables the organization to mitigate risk as a result of the organization receiving the product or service from the multitude of service providers by enacting the risk mitigation controls. |