Skip to main content

Banking – Technology Vendor Risk Assessment

A global trend for businesses is how to better manage supply chain risk. For the Australian retail banking sector, this includes assessing the risk of technology vendors, particularly those providing core banking platforms

The focus is on improving the capability of banks to better assess the risk of technology vendors, ensure continued alignment to business priorities and regulatory compliance

This Australian bank engaged Frazer Walker as its independent IT Strategy partner, to review on one of its major technology vendors. The purpose was to allow the bank to review the vendor’s risk profile and identify what interventions, if any, the bank should consider to manage the risk associated with this critical vendor

The Challenge

To develop a strategic risk assessment of this key technology provider. A qualitative risk assessment survey and process was developed to analyse the information and determine risk ratings across categories such as financial, strategic, governance and technological. Results were to be tabled for management and Board

Our Work

Frazer Walker was engaged for its knowledge and expertise with Information Technology Governance, Risk & Compliance (ITGRC)

The Outcome

Frazer Walker worked with the client to produce a comprehensive risk profile of the vendor across key risk categories, with accompanying recommendations to manage and control its ongoing risks. This enabled the client to determine alignment of the vendor to its future strategic plan

To achieve the client’s goals, Frazer Walker:

  • Developed risk ratings, treatment and reporting criteria
  • Researched and produced a comprehensive qualitative risk assessment questionnaire
  • Facilitated risk assessment workshops and interviews
  • Analysed and completed a high level review of the existing contract between the bank and the vendor
  • Externally sourced financial information on the vendor
  • Researched trends in IT outsourcing and managing supply chain risk
  • Collated all information and produced a comprehensive risk assessment profile of the vendor across key risk categories. This included recommendations to the client for next steps in managing the risk of the vendor going forward


For more information please contact Ian Chisholm, Phone: +61 401 316 004, Email: