Jai Chinnakonda, co-founder of a provider technology start-up, enrolled in SIG University's Certified Third Party Risk Management Professional (C3PRMP) program to learn how he can better serve his clients by gaining a more thorough understanding of third-party risk management best practices.
In the C3PRMP program, students focus on best and emerging practices to identify, assess, manage and control third-party risk throughout the lifecycle of relationships, and learn how to align risk fundamentals and frameworks with risk culture to develop the essential tools and controls for effective governance.
The digital age is seeing an increased dependence on third-party service providers of varying sizes – including start-ups – to meet the challenges of technological innovation, cost, demand for service excellence and heightened competition.
Organizations are often locked in a love-hate relationship with their vendors as they struggle to meet expectations, sometimes both ways. In today’s digital journey, no organization can thrive on its own. To create true value for your organization and help meet business objectives, your organization will need to build a lasting relationship with your third parties. Organizations will need to adopt the art and science of engagement.
The business ecosystem is experiencing a fundamental shift. Organizations are moving away from purely cost-savings partnerships to value-generating risk-sharing partnership models. As the third-party ecosystem grows, the ability to manage and govern third parties is becoming more critical to success.
Without an effective governance framework backed by a technology solution, organizations and their third parties will be locked in endless discussions, which often will lead to relationships turning sour.
Third-Party Governance – Playing Catch-Up
In many organizations, third-party governance is being driven by a vendor management office (VMO) that neither possesses the right skills nor the tools to drive third-party governance. Worst, some VMO leaders are not empowered.
“Relationships with strategic vendors are increasingly key to business performance, but many IT vendor management leaders struggle to compel their most important vendors to be proactive, collaborative and innovative,” said Joanne Spencer, Gartner Senior Director Analyst. “When managed badly, large strategic vendors can become complacent, slow-moving and intractable.”
As dependence on third parties becomes increasingly critical, organizations are being compelled to play “catch up” in enhancing their governance processes. More often than not, the innovative initiatives of these newly empowered vendor managers remain immobilized between business stakeholders on one side and unengaged vendors on the other. And this paralyzing paradox is what we should aim to solve.
The Core Components of Third-Party Governance
Vendor management leaders will need to take the lead and drive governance. This will entail influencing your internal information technology, business leaders and other enterprise functions such as risk, compliance and legal.
Third-party governance involves setting up periodic reviews and monitoring that focuses on the following nine core components:
1. Risk Management – Does your organization have a defined methodology to identify, measure, control and monitor third-party risks?
2. Contract Compliance – Are your third parties complying with their commitments? Do you have a mechanism in place to highlight non-compliances?
3. Financial Management – What mechanism does your organization have in place to track and monitor spend versus budget across your vendors?
4. Service Excellence – How are you collaboratively setting targets with your third-parties to measure, monitor and continuously improve performance?
5. Value Generation – What is the value your third party is delivering and how are you measuring it? Does your organization enjoy a win-win relationship with your third-party?
6. Demand Management – How is your organization tracking on-going demand on top of already contracted services?
7. Key Personnel Management – How often is your organization losing key supplier personnel either by resource attrition or due to third-party action? How is knowledge erosion managed?
8. Issues and Conflict Management – Does your organization have a central mechanism to track and monitor all issues and conflicts with your third parties?
9. Document Management – Does your organization struggle to locate key vendor documents during routine internal or external audits?
How Technology Can Support Third-Party Governance
A 2019 report from Deloitte confirms that “Existing technology platforms for managing third parties are considered inadequate.”
More and more organizations are now taking a closer look at current technology platforms. Automation has been there for a while, but AI-driven digital and cognitive enablement are evolving and is likely to further redefine engagement experience involving third parties. The challenge has been integrations with in-house systems.
Here are the ways that a technology solution can help:
- Centrally managing and tracking periodic reviews of your third parties based on criticality and risk-adjustments.
- Managing and tracking contract compliance items, including ensuring contracts are structured to meet your organizations standard clauses and regulatory requirements.
- Controlling costs by analyzing your spend pattern with third parties.
- Performance scorecards and defining KPIs for your third parties.
- Closely collaborating with your third parties to drive innovation and continuous improvement ideas.
- Managing and tracking key personnel risks, attrition and the impact to the service.
- Centrally managing and tracking all key vendor documents in an easily searchable form.
- Centrally managing and track all key issues, actions and conflicts so they can be actively resolved.
If your organization is one that is ambitious, then it can leverage artificial intelligence and machine learning technologies to help perform an Engagement Maturity Assessment (e.g., how well your organization is managing third parties) and Engagement Value Assessment (e.g., what value your organization is getting from third parties).
The ability to leverage the art and science of engagement to manage your strategic vendors has become more critical than ever before. Governance is not just about setting up a regular cadence with your third parties, it is more about how your organization can unlock value, mitigate risk, control costs and drive excellence with your third parties.
While emerging digital and artificial intelligence technologies can assist in the “science” of engagement, the “art” of engagement will largely depend on human intuition.
The Certified Third Party Risk Management Professional program is a video-based program designed for the time-constrained professional. Get more information on enrollment to join your colleagues in the virtual classroom!
Jai Chinnakonda is the co-founder of ENGAIZ, a technology start-up whose vision is to help unlock increased value from the business ecosystem by leveraging the art and science of engagement. ENGAIZ has built the NextGen AI-Driven Machine Learning & Analytics platform to help enterprise organizations gain increased value from their vendors by way of effective governance, mitigating third-party risks, controlling costs, driving innovation and service excellence.