No Result
View All Result
SUBSCRIBE | NO FEES, NO PAYWALLS
MANAGE MY SUBSCRIPTION
NEWSLETTER
Corporate Compliance Insights
  • Home
  • About
    • About CCI
    • CCI Magazine
    • Writing for CCI
    • Career Connection
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Library
    • Download Whitepapers & Reports
    • Download eBooks
    • New: Living Your Best Compliance Life by Mary Shirley
    • New: Ethics and Compliance for Humans by Adam Balfour
    • 2021: Raise Your Game, Not Your Voice by Lentini-Walker & Tschida
    • CCI Press & Compliance Bookshelf
  • Podcasts
    • Great Women in Compliance
    • Unless: The Podcast (Hemma Lomax)
  • Research
  • Webinars
  • Events
  • Subscribe
Jump to a Section
  • At the Office
    • Ethics
    • HR Compliance
    • Leadership & Career
    • Well-Being at Work
  • Compliance & Risk
    • Compliance
    • FCPA
    • Fraud
    • Risk
  • Finserv & Audit
    • Financial Services
    • Internal Audit
  • Governance
    • ESG
    • Getting Governance Right
  • Infosec
    • Cybersecurity
    • Data Privacy
  • Opinion
    • Adam Balfour
    • Jim DeLoach
    • Mary Shirley
    • Yan Tougas
No Result
View All Result
Corporate Compliance Insights
Home Risk

Growing Use of Vendors Intensifies Risk of Business Interruption, According to PwC US

by Corporate Compliance Insights
April 18, 2014
in Risk
Growing Use of Vendors Intensifies Risk of Business Interruption, According to PwC US

Five steps to assess vendor resiliency and protect business continuity

NEW YORK, April 16, 2013 – As businesses increasingly rely on external parties for critical services, they become more vulnerable to business interruptions.  This is especially true when such businesses know little about their third-party vendors’ resiliency and recovery capabilities, according to a new PwC US whitepaper, which examines the effects that vendor resiliency, or lack thereof, can have on an organization’s business continuity strategy.  Titled Business continuity beyond company walls: When a crisis hits, will your vendors’ resiliency match your own?, the PwC report also notes that risk becomes greater when the organization has a limited understanding of its own business interruption threats, resiliency status and recovery capabilities and strategies.

“In a world of ever-increasing dependence on third-party vendors, you need to know if you can count on the other party when a crisis strikes,” said Phil Samson, principal in PwC’s Risk Assurance practice and the firm’s Business Continuity Management services leader. “It’s all about transparency – asking the right questions and pushing the right levers to determine whether your vendors will be able to weather a serious business interruption and quickly resume business as usual. The more you know about your own needs, your vendors’ capabilities and the robustness of your resiliency plans, the more comfort you’ll have about staying on track toward your long-term strategic and operational goals even when faced with adverse developments.”

According to PwC’s report, reliance on third parties is gaining momentum, and if companies lack insight into their critical vendors’ resiliency and recovery capabilities, they run the risk of their own strategic goals being derailed. “Our clients are adjusting to the shift in global economic power and demographic shifts – two of the mega-trends we identified – by increasing their use of strategic vendors to accelerate their global growth strategy and decrease time-to-market for their products and services.  Along with the increase in strategic vendor reliance comes the need to more formally monitor vendor and other third-party risks,” said Brian Schwartz, PwC US Risk Assurance,Governance, Risk and Compliance leader.

In order to protect against business interruption risks, companies should institute a business continuity management program that encompasses vendor risk by incorporating increased resiliency and rapid recovery.  PwC outlines five steps to help companies look beyond their own walls and examine interruption risk among the vendors who provide support.

Step 1: Map your vendor risk landscape

The journey to an integrated, responsive and proactive business continuity management program begins with a thorough business impact analysis (BIA), an interruption risk assessment (RA) and a high-level vendor interruption risk assessment. These allow for a company to review how interruption events, such as loss of technology or reduction in personnel and loss of facilities can impact the organization and move on to the next component of the vendor resiliency and recovery analysis: vendor resiliency stratification.

Step 2: Distinguish among different shades of red

Not all vendors are equally important to an organization, and it is critical for companies to take a risk-informed approach in determining which vendors are most integral to operational resilience. Within the BIA and RA documentation is the foundation for developing an approach that enables vendor resiliency and recovery assessment stratification.  PwC identifies nine critical risk variables that organizations should take into account when assessing their third parties, including revenue and inventory impact from loss, labor, country and geopolitical risks and regulatory and cross-border issues, among others. These risk variables provide a framework for organizations to determine their spectrum of vendor risk and what factors need to be highly safeguarded in the event of a crisis.

Step 3: Be specific

Companies can no longer rely on generic business continuity questionnaires in vendor risk management, but must assess the quality of a vendor’s resilience and recovery capabilities. PwC’s report outlines several factors that companies should be considering within their BIA and RA, such as a list of processes that consume the vendor’s outputs, a geographical depiction of the vendor’s activities and a description of the vendor’s role during an interruption that affects the organization.

Step 4: Trust, but verify

Once the organization has developed a vendor risk landscape, it is significant to verify the vendor’s resiliency and recovery capabilities. PwC provides six best practices that can aid a company’s vendor resiliency interaction and analysis, including enlisting the vendor as a resiliency partner, obtaining relevant portions of the vendor’s BIA and RA and having the vendor provide its framework for responding to crisis events.

Step 5: React

According to PwC, vendors often have minimal formal resiliency or business continuity management programs in place, focusing solely on IT disaster recovery and life safety. Companies should determine how much vendor resiliency risk they are willing to accept. If a third party is critical to a strategic growth goal or to fulfilling a regulatory requirement, then resiliency levels should never be negotiable; replacing the vendor is a less risky and costly alternative to poor disaster preparedness and recoverability.

“Even the most internally prepared organization can be deeply impacted by an interruption at a third party. When disaster strikes, it is imperative to understand where your organization ranks in importance among the vendor’s customers, as it can significantly damage your market share, brand and reputation,” concluded Samson. “Although an organization may have reached a mature level of operational resiliency and recoverability by developing its own business continuity management program, it is still imperative to go beyond just basic vendor risk management.”

About PwC’s Risk Assurance Practice

PwC understands that significant risk is rarely confined to discrete areas within an organization.  Rather, most significant risks have a wide-ranging impact across the organization. As a result, PwC’s Risk Assurance practice has developed a holistic approach to risk that protects business, facilitates strategic decision making and enhances efficiency. This approach is complemented by the extensive risk and controls technical knowledge and sector-specific experience of its Risk Assurance professionals. The end result is a risk solution tailored to meet the unique needs of clients.

About PwC US

PwC US helps organizations and individuals create the value they’re looking for. We’re a member of the PwC network of firms in 157 countries with more than 184,000 people. We’re committed to delivering quality in assurance, tax and advisory services. Tell us what matters to you and find out more by visiting us at www.pwc.com/US. Gain customized access to our insights by downloading our thought leadership app: PwC’s 365™ Advancing business thinking every day

Learn more about PwC by following us online: @PwC_LLP, YouTube, LinkedIn, Facebook and Google +.

© 2014 PricewaterhouseCoopers LLP, a Delaware limited liability partnership. All rights reserved. PwC US refers to the US member firm, and PwC may refer to either the PwC network of firms or the US member firm. Each member firm is a separate legal entity. Please see www.pwc.com/structure for further details.


Previous Post

Why Don’t We Forget How to Ride Bikes?

Next Post

To Be a Criminal, You Have to Act Like a Criminal

Corporate Compliance Insights

Corporate Compliance Insights

Corporate Compliance Insights

Related Posts

doj distorted

FCPA Enforcement Back on at DOJ — With a New Look

by Jennifer L. Gaskin
June 18, 2025

After a shorter-than-expected pause, officials with the DOJ have formally renewed the department’s enforcement of the FCPA. CCI’s Jennifer L....

toxic positivity concept melting smiley face

Good Vibes Do Not Always Mean Good Ethics

by Vera Cherepanova
June 18, 2025

Sound ethics can’t exist without a culture of accountability

robot nurturing a good idea

Innovation vs. Compliance: In the Age of AI, Why Not Both?

by Asha Palmer
June 17, 2025

As governments scramble to regulate AI, forward-thinking companies are writing their own compliance playbooks

human robot working as team pie chart

Smart Machines, Smarter Humans: Why Compliance Still Needs a Human Touch

by Roman Eloshvili
June 17, 2025

From the 2008 financial crisis to everyday judgment calls, the case for keeping humans in the compliance loop

Next Post
To Be a Criminal, You Have to Act Like a Criminal

To Be a Criminal, You Have to Act Like a Criminal

No Result
View All Result

Privacy Policy | AI Policy

Founded in 2010, CCI is the web’s premier global independent news source for compliance, ethics, risk and information security. 

Got a news tip? Get in touch. Want a weekly round-up in your inbox? Sign up for free. No subscription fees, no paywalls. 

Follow Us

Browse Topics:

  • CCI Press
  • Compliance
  • Compliance Podcasts
  • Cybersecurity
  • Data Privacy
  • eBooks Published by CCI
  • Ethics
  • FCPA
  • Featured
  • Financial Services
  • Fraud
  • Governance
  • GRC Vendor News
  • HR Compliance
  • Internal Audit
  • Leadership and Career
  • On Demand Webinars
  • Opinion
  • Research
  • Resource Library
  • Risk
  • Uncategorized
  • Videos
  • Webinars
  • Well-Being
  • Whitepapers

© 2025 Corporate Compliance Insights

Welcome to CCI. This site uses cookies. Please click OK to accept. Privacy Policy
Cookie settingsACCEPT
Manage consent

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
CookieDurationDescription
cookielawinfo-checbox-analytics11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional11 monthsThe cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy11 monthsThe cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
Functional
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
Performance
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Analytics
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
Advertisement
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
Others
Other uncategorized cookies are those that are being analyzed and have not been classified into a category as yet.
SAVE & ACCEPT
No Result
View All Result
  • Home
  • About
    • About CCI
    • CCI Magazine
    • Writing for CCI
    • Career Connection
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Library
    • Download Whitepapers & Reports
    • Download eBooks
    • New: Living Your Best Compliance Life by Mary Shirley
    • New: Ethics and Compliance for Humans by Adam Balfour
    • 2021: Raise Your Game, Not Your Voice by Lentini-Walker & Tschida
    • CCI Press & Compliance Bookshelf
  • Podcasts
    • Great Women in Compliance
    • Unless: The Podcast (Hemma Lomax)
  • Research
  • Webinars
  • Events
  • Subscribe

© 2025 Corporate Compliance Insights