Erran Thomas's blog

Establishing the Operating Framework Involved in the Third Party Risk Life Cycle

Image of Third-Party Risk Life Cycle

SIG University Certified Third-Party Risk Management Professional (C3PRMP) program graduate Erran Thomas discusses how to establish the operating framework of a Third-Party Risk life cycle

Regarding the Third Party Risk Management practice, we recognized that our organization performs many of the needed activities in a siloed manner. Many of the activities are happening in different ways to different levels of rigor, so there was a need to standardize the necessary actions, as we believe that it will help bring efficiency and support our organization in making better risk intelligent decisions, which in turn reduces time later. 

As a result, I will focus this essay on the learnings as it applies to establishing a formalized framework. The learnings covered in the C3PRMP course have helped by providing insights on some of the structured building blocks required in establishing a standardized Third Party Risk Management program (TPRM, which will be developed and piloted later this year). In one of the modules, Linda Tuck Chapman discussed the term' operating framework', which describes the necessary tasks and activities that organizations would go through within the TPRM lifecycle from the beginning of a relationship through termination or renewal. We've learned in the modules that the TPRM Framework (Operating Framework) sets out the requirements for effectively managing risks arising from Business Arrangements between our organization and Third Parties. This can range from arrangements that include products or services, business activities, functions, or processes that need to be undertaken.  

Erran Thomas, Transformation Consultant, WSIB