The KCM GRC Vendor Risk Management (VRM) module can help you centralize your third-party risk management processes. You can prequalify risk, assess your vendors, and conduct remediation efforts in the VRM module. The VRM module is available to Platinum subscriptions.
Once a vendor contact completes a questionnaire that you assigned to them, you can review the questionnaire from the vendor's vendor profile on their Vendor Details page. If the vendor provided an undesirable answer to one or more questions, you can create an issue to request additional information or to further discuss your concern with the vendor.
See the sections below to learn how to review questionnaires and how to create and communicate with your vendors through questionnaire issues.
Reviewing Questionnaires
Once a vendor contact completes a questionnaire that you assigned to them, the Vendor Owner will receive an email notification. The Vendor Owner is the user who created the vendor in KCM GRC. You can find the email address of the Vendor Owner on each vendor's vendor profile.
From the vendor profile, you can review your vendor's responses and any attachments or comments they may have included.
To review a questionnaire, follow the steps below:
- Log in to KCM GRC.
- Navigate to the Vendors page by clicking Vendor Management, then Vendors from the navigation panel.
- From the Vendors page, click the vendor's name to open their vendor profile.
- From the Vendor Details page, select the Assigned Questionnaires tab.
- Click the questionnaire name to open the questionnaire.
Note: When you open a completed questionnaire for the first time, the questionnaire status will change from Pending Review to In Review.
- From the Questionnaire Review page, view the answer that the vendor added or selected for each question. If the vendor answered a multiple choice or Yes/No/N/A question incorrectly, a red line will display next to the question.
Tip: To view specific questions instead of all questions in the questionnaire, you can use the By Question Type filter or check boxes at the top of the page.
- If applicable, view the file attachments or comments that the vendor contact added to questions in the questionnaire. Click the dialogue icon to view the comment, or click the download icon to download the attachment.
- If necessary, you can manually change the score for each of your vendor's responses. Use the Current Score field to change the answer value to any number equal to or less than the Max Score for the question. This may be useful if you would like to give your vendor a partial score for their response.
- Create issues for any questions that the vendor provided an undesirable answer for. To learn more about creating issues, see the Creating Issues section below.
- After you finish reviewing the questionnaire and creating issues, click the Finish Review button in the bottom-right corner of the page. If you would like to return to the questionnaire to review it later, click the Save for Later button instead.
Note: When you click the Finish Review button, the questionnaire status will change from In Review to Reviewed. Once the questionnaire is in the Reviewed status, you will not be able to create issues for the vendor's responses.
Creating Issues
If your vendor provided an undesirable answer to one or more questions, you can create an issue for the questions. Creating an issue for a question opens a line of communication specifically for that question. You can use issues to request additional information about a question or to further discuss a concern with the vendor.
To create an issue, follow the steps below:
- Log in to KCM GRC.
- If you're not already reviewing the questionnaire, navigate to the Vendors page by clicking Vendor Management, then Vendors from the navigation panel.
- From the Vendors page, click the vendor's name to open their vendor profile.
- From the Vendor Details page, select the Assigned Questionnaires tab.
- Click the questionnaire name to open the questionnaire.
- From the Questionnaire Review page, click the +Create Issue button next to the question that you would like to create an issue for.
Note: The + Create Issue button will be disabled if an issue has already been created for the question.
- In the New Issue window that opens, create the issue. For more information about this window, see the list below:
- Question: Review the original question and answer that you're creating an issue for.
- Issue Description: In this field, enter your reason for creating the issue. For example, you can describe your concern, ask the vendor a question, or request for more information. The vendor contact will be able to view this description in their KCM GRC account. This field has a character limit of 1000 characters.
- Issue Priority: Click the drop-down menu, and select Minor, Moderate, High, or Critical, depending on how urgent the issue is. The vendor contact will be able to view the priority in their KCM GRC account.
- Click the Save button to create the issue.
After you create one or more issues, your vendor will receive an email notification for the issues you created. To learn more about the vendor's user experience, see our How to Complete Questionnaires and Respond to Issues: A Guide for Vendor Users article.
Reviewing and Responding to Issues
Once your vendor has responded to your Issue, the KCM GRC Vendor Owner will receive an email notification. Click the link in the email or follow the steps below to navigate to the issue and view the vendor's response.
Once you've reviewed their response and any files they may have provided, you can change the score you assigned the vendor for this question. Then, after you and the vendor resolve the issue, you can close the issue. For more information, see the Updating Issue Details and Closing Issues subsections below.
To view the issues you've created for a vendor from their vendor profile, follow the steps below:
- Log in to KCM GRC.
- Navigate to the Vendors page by clicking Vendor Management, then Vendors from the navigation panel.
- From the Vendors page, click the vendor's name to open their vendor profile.
- From the Vendor Details page, select the Issues tab.
- From the Issues tab, click the Issue Description to open the issue.
For information about responding to and closing issues, see the Updating Issue Details subsection below.
Updating Issue Details
As you communicate with your vendor, you can update the issue from the Issue Details page. To learn about each section of the Issue Details page, click the drop-down menus below.
-
- Status: Change the status to Pending if you're waiting on your vendor's response. Change the status to Closed once the concern has been resolved.
- Priority: Change the issue priority. The vendor user will be able to view the priority when they log in to their KCM GRC account.
- Current Score: After working through the issue, change the score you want to the vendor's for their response. The new score must be less than the maximum points allowed for the score.
-
If your vendor contact has uploaded a file for this assessment response or issue, you will be able to download the file from this area of the page. Click the cloud icon to download the file.
-
In this section, you can view the issue description that your vendor is responding to. The original question will also be displayed here.
-
Use this area to communicate with your vendor. The vendor user's responses are shown in grey. The vendor contact will automatically receive an email notification when you send a response.
-
Use this area to leave notes for yourself or to communicate with other KCM GRC users. The vendor contact cannot see this communication.
Closing Issues
When you're finished communicating with your vendor about an issue, you can close the issue from the Issue Status, Priority, & Grade section of the Issue Details page. To close an issue, click the Status drop-down menu, and select Closed. Then, in the pop-up window that opens, click the OK button.