we put a lot into vendor risk management to help you accurately assess the risk in complex organizations large complex vendor organizations can have multiple subsidiaries child genders each of those subsidiaries can have a variety and a mix of projects services and products that they're providing to us we can have a data center in the u.s and a data center in emea and we can have very different risk we want to be able to assess that we want to be able to assess the risk at the engagement level and we want to be able to get granular and then we want to be able to roll up that risk to the highest level so let's take a look at what this actually looks like in action all right we're here in the vendor catalog and we're going to click on vast corporation and scroll down and we're going to see there's two child vendors these are our subsidiaries that we were talking about earlier when we go into the child vendor we see that the record is very similar to the vendor record except for we have this parent field here for vast corporation we can have any number of levels of child vendors it's super simple to add another one just by clicking on the edit button and selecting the vendor that we want to add now let's go back and then go back one more time to the vendor record and then we'll scroll on down to the child vendors and we can add another child vendor here if we wanted to also just by using that edit button but what we want to do is we want to look at the risks and the risk roll up we have a moderate computed risk rating here which is made up of the three risk ratings to the right starting at the bottom with child vendors we can see we have two low risk ratings which computes to a low child vendor risk rating next we want to look at the engagement risk rating so let's go over and click on that tab and we see we've got a couple of engagements here and we're going to go into the crude oil engagement again you can see the engagement record looks very similar to the vendor record and you can even see that the tabs are similar we have contacts at the bottom we have tiering we have repeating assessments and we have assessments now the thing that is different is we only have one field under risk scoring that's because only the assessments are used to calculate that computed risk rating that we currently see of low we can overwrite this easily as long as we put in a justification so i'm going to get rid of that i'm going to go back to my vendor record again so now we have child vendor rating we have an engagement vendor rating and that engagement vendor rating is made up of a low and a moderate score which adds up to low we have qualitative values associated with those lows and moderates low is two moderate is three we average it out to two point five round down it's a 2 which is a low that's how we get that number so the third risk rating we need to use for our calculation now is the assessment risk rating so let's take a look at our assessments we have one closed assessment which we're going to go into and the difference here is this risk rating valid to date now previously we had to manually analyze the risk assessments to determine what that risk rating is now as long as the assessment has not expired it automatically is used to calculate the risk rating the other difference here if we go over to the questionnaire tab is we have vendor risk areas and we talked about those before also now associated with those are the risk ratings that have been calculated for those assessments now how did we get these values let's go look at the risk areas and we can see we've got our risk areas we've got our risk ratings we also have the number of objects so for financial risk that particular risk area if we had both the questionnaire and a document request associated with that financial risk area our number of objects would be two right now it's only a questionnaire we also have weightings and you can see our resiliency risk rating is low so it's factored very little into the computed value so we have moderate low and critical and that's what adds up to our moderate computed risk rating above i have overwritten that and made it a high all i have to do is add my justification so now when we go back to our vendor record i can then see i now have the high risk rating the low engagement rating and the low child vendor rating so how do i get that computed moderate risk rating if i go into my vendor risk components i can see my three areas very much like risk areas i see they have weightings associated with them the child vendor risk weighting is very low so again that factors very little into our computation so it's mostly the high assessment rating and the low engagement rating that we're using to be able to calculate that moderate computed risk rating so now we've seen what this looks like from the vendor record standpoint let's see what our vendors actually see so i'm going to go into the vendor portal and i'm going to see a new landing page that shows us the vendor assessments and the engagement assessments i'm going to see that i've got nine vendor assessments and i don't have any engagement assessments just like our previous vendor portal you can add contacts drop down click on the contact we're set if we go up and look at the actual assessments you can also see that our questionnaires looks very similar nothing has really changed here however if we go over and look at managing our teams we can see that we not only have our contacts for our vendors but we have our contacts for engagements so if i click on the cloud hosting services i can see i have my two contacts sarah is currently my primary contact i can very easily change that to alex and i can very easily change it back to sarah so it's very very flexible let's go into my hr host hr services here my management system and i see it i just have kevin i can't remove him because he's the only person there my primary contact but again i can add sarah if i add sarah i can easily remove kevin let's just get rid of sarah so i hope you can see that it's the same great user experience but we've given you the ability to get granular to better assess those complex vendor engagements thank you and have a nice day