What is the significance of the 'inherent risk' assessment in third-party risk management before controls are applied?
-
A
It measures the risk that remains after all mitigating controls are in place
-
B
It establishes the baseline level of risk a vendor relationship poses before any controls or mitigations are considered
-
C
It quantifies the financial cost of the vendor relationship
-
D
It assesses the risk that a vendor will raise their prices