Steve Williams's blog

Understanding A Risk Profile While Supporting It Through Negotiated Contracts And Governance

Image of third party risk management

SIG University Certified Third-Party Risk Management Professional (C3PRMP) program graduate Steve Williams provides a look through Johari’s Window, and how knowing what we know and don’t know can unlock our understanding of a company’s risk profile while supporting it through negotiated contracts and governance.

Procurement is such an interesting field because so many companies do it differently. This is especially true in the area of third-party risk management and the role that procurement practitioners play in that area, and I submit that most practitioners could be doing more to support their organizations when it comes to managing third party risk, from understanding the company’s risk profile, to helping stakeholders and business owners identify risk, to being part of the solution in terms of mitigating or preventing known risks.

To lean on Johari’s Window, I believe many practitioners sit in the you don’t know what you know, or you don’t know what you don’t know spaces. The pendulum needs to shift drastically and as procurement professionals we need to know what we know and know what we don’t know more than anything else– but how do we get there? Surely this is not something that happens overnight and developing the knowledge required to assess and address third party risk at a company takes time during the employee onboarding process and consistently throughout their career.

Steve Williams, Technology Procurement Manager, REI