Nathan Coffey's blog

Updating A Third-Party Risk Management Program

Image of Third-Party Risk Management

SIG University Certified Third-Party Risk Management Professional (C3PRMP) program graduate Nathan Coffet discusses the process of  updating a Third-Party Risk Management program and the benefits it can have.

Large fast growing multinational companies involving multiple mergers & acquisitions will often have many disparate processes in place to manage Third-Party Risk. There may be programs developed by individual group companies or parts of the group to meet general procurement needs. Corporate functions such as Privacy, Information Security, Corporate Social Responsibility, or Anti-Corruption may have developed customized programs to meet regulatory requirements or address audit findings. Other programs may have been driven by the need to respond to vulnerabilities arising from macroeconomic events: systemic risks in the financial market; or the impact of Covid on the viability of cross-border supply lines. The multiple languages and cultures add a layer of complexity.

A root and branch review may enable the business to simplify processes, strip out unnecessary costs and duplication and ensure that the key risks are appropriately overseen proportionately. The approach must be focused on the return on investment to make it easier to justify and obtain necessary resourcing.

But where to start?

It is tempting to jump in and start solving the problem before it is well understood. But do not rush.

First - Remember to Reinvent the Wheel.

Nathan Coffey, Senior Vice President of Privacy & Compliance, Teleperformance