DOI: 10.36347/sjet

Pages: 857-865

The telecommunications sector faces unprecedented vendor risk challenges due to complex supply chains, regulatory pressures, and evolving cybersecurity threats. Traditional vendor risk management approaches rely on qualitative assessments that lack consistency, transparency, and decision-support capabilities. This paper proposes a quantitative vendor risk scoring methodology grounded in integrated governance frameworks that unify COBIT, ISO 31000, and ISO 27001 into a coherent risk assessment architecture. Building upon Chinenye's (2013) conceptual framework for moving from fragmented compliance to integrated governance, this research develops a mathematical scoring model that transforms qualitative risk indicators into quantifiable metrics suitable for executive decision-making and regulatory reporting. The proposed methodology addresses critical gaps in telecommunications vendor management by establishing standardized risk metrics, enabling comparative vendor analysis, and supporting continuous risk monitoring. Through systematic integration of governance frameworks, the quantitative scoring system provides telecommunications organizations with enhanced risk visibility, improved resource allocation, and strengthened third-party risk management capabilities. This research contributes to both academic literature and industry practice by demonstrating how integrated governance principles can be operationalized through quantitative risk assessment methodologies specifically tailored to telecommunications sector requirements.