3rd Party Risk

3rd Party Risk Feature

This page contains information to assist our customers with utilizing the 3rd party risk Enterprise feature in RegScale. It describes what it is, why you would use it, the benefits, and provides instructions on getting started.

What is it?

The 3rd party risk feature analyzes multiple sources of risk data about a given supply chain contract to build a dynamic risk model for the customer's supply chain. Sources include:

• Published violation data from regulators
• Stock market data for publicly traded companies
• Assessment results and open issues from company audits
• Risk register data related to this contract
• Requirement implementation status (compliance data)

The data from these sources are aggregated into a composite risk score to provide an objective view of risk for the supply chain or the company's vendor list.

NOTE: RegScale continues to add external sources of data over time to increase the maturity and sophistication of the risk modeling.

Why would you use it?

There are many reasons to use this feature which include:

• Understand the risks in the supply chain to take pro-active risk mitigation steps
• Understand compliance status for contractual flow down requirements
• Aggregate risk data from multiple sources into an easy to understand risk view
• Provide evidence of flow down clauses on customer contracts

What are the benefits?

This feature has multiple benefits for an organization; to include:

• Reducing risks by applying mitigations
• Improving audit compliance posture for the supply chain
• Reducing the risk of regulatory fines
• Justifying risk reduction relative to cost benefit for mitigations

How do I use it?

The first step is to setup the URLs used for scraping data for violations and stock options. Instructions for configuring the scrapers are shown below:

Stock Scraper

Option 1:

• Go to the Macrotrends.net website
• In the search bar in the top right corner, type in "Company Name - Stock Price History"
• Make sure you select the correct company and ensure you enter the "-" for the the "Stock Price History" option
• If you can't find the company that you are looking for, skip to option 2.
• If the company is found, it should redirect you to a new URL that looks something like "https://www.macrotrends.net/stocks/charts/ticker/stock-name/stock-price-history"
• Copy this URL for use in the configuring RegScale step below

Option 2:

• Go to the Macrotrends.net stock screener
• Find the stock name or symbol for the company of interest by configuring search options using the website's UI
  • NOTE: When you choose to alphabetize the list by stock name, it may return a list alphabetized by stock symbol
• Click on the link in the "Stock Name" column
• Link should look something like "https://www.macrotrends.net/stocks/charts/ticker/stock-name/stock-price-history"
• Copy this URL for use in the configuring RegScale step below

Violation Scraper

• Navigate to the Violation Tracker website
• Go to Option 2 and enter the name of the company in the search box
• Click the "Search" button at the bottom of the page
• Review the results and if the company is found, click the "Parent" column of the company name
• Copy this URL for use in the configuring RegScale step below

Configuring RegScale

• Enter a new Supply Chain contract in RegScale or select an existing one from the list
• Navigate down the form to the "3rd Party Risk Configuration" section
• Enter the URLs from the above steps into the form
• Click Save to update the URLs for this Supply Chain contract

Updating Results

COMING SOON

Viewing Results

The risk results are available on the Supply Chain Status Board. It provides interactive visualizations with the ability to drill into the data. Each supply chain contract shows the aggregate risk score to allow RegScale customers to easily visualize the highest risk vendors for their organization. Screenshot below: