DOI: 10.36347/sjet

Pages: 750-756

Telecommunications operators face escalating vendor risk complexity driven by network criticality, regulatory pre17ssures, and supply chain vulnerabilities. Existing vendor risk frameworks lack integration of governance standards (COBIT) with systematic risk management (ISO 31000) and security controls (ISO 27001), while quantification remains ad hoc. This study develops and validates a COBIT-ISO hybrid model for quantifying vendor risk in telecommunications through a mixed-methods approach combining expert-driven framework integration with Analytic Hierarchy Process (AHP)-based quantification. An expert panel (n=10) validated the integration of COBIT processes (APO10, MEA03) with ISO 31000 risk management and ISO 27001 security controls, identifying five critical risk dimensions: financial, operational, security/compliance, technology, and strategic/relationship. AHP weight elicitation across 18 risk factors enabled composite risk scoring applied to five telecommunications vendors, demonstrating discriminant validity (F=12.34, p<0.001) and strong face validity (ρ=0.89). The hybrid framework provides the first systematic integration of COBIT-ISO for vendor risk quantification in telecoms, offering practitioners an actionable measurement tool while advancing IT governance theory to inter-organizational risk contexts.