"Without data, you're just another person with an opinion."
Edwards Deming, Statistician
Linda Tuck Chapman, instructor and course designer at SIG University, states that Third-Party Risk Management is a team sport. A team consists of lots of different people with lots of different opinions. These opinions might be based on the various roles and result in other goals they have. They all strive for the same overall target, a managed and their company acceptable risk, but might have a different focus. The risk analyst might be especially eager to analyze the risk deeply, and the buyer might want to focus on a fast decision to close a deal.
So, what can help turn their opinions into a decision? Or help, whoever has the right and the responsibility, help them make a decision? Of course, the answer is a high-quality database that turns opinions into facts. It is essential to ensure a high-quality database, especially in a worldwide program with different risk areas, teams, and global regulatory requirements. High quality, in that case, means (at least) that the data is accurate, that it contains all required data fields, that it has a clear structure, and that it is accessible to all relevant people while still restricting the possibility of editing the database itself (meaning strict controls).
Mona Josten, Senior Consultant, Deloitte Deutschland
Certified Third Party Risk Management Professional (C3PRMP) Program from SIG University covered all areas of third-party risk management. It provided practical tips and guidance to tackle today’s challenges from Third-party risks. I have more than 15+ years of experience in the Banking & Financial Services industry. During this time, I have been involved in various regulatory projects and worked closely with Third Party Governance, Procurement, and Legal teams. In this essay, I would like to examine the technology risk area in general, and Artificial Intelligence (AI) risks in specific. Also, review the sources of AI risks, challenges faced by firms, specifically in Financial Services, in managing AI risks, and a practical approach to managing those risks.
Understanding the Problem
AI technologies and solutions are used in most industries, especially in financial services. Banks and financial firms use AI-based solutions or models to optimize their operations and remain competitive. However, many third-party vendors supply these services, which directly impact the AI-governed systems of banks or other businesses. Therefore, firms must understand how their business can be affected by AI-driven systems and how to manage the new and varied risks posed by third parties.
Senthil Jagadeesan, Head of Procurement Ops & Tech, Valley Bank
Each business unit owns the risks associated with the contracts they decide to enter into. This is a fundamental principle built into third-party risk management (TRPM) programs. In large organizations, the program's success is highly dependent upon each Business Unit fulfilling their responsibilities.
The Business Unit Structure for Risk Management Success
The business unit needs to ensure they have a suitable organizational structure and resources to fulfill their third-party risk management program responsibilities. This includes having team members trained in specific competencies and adequate capacity based on the level of risk associated with the business unit's third parties and sufficient capacity based on the level of risk associated with the business unit's third parties.
Once the contract is set, the business unit is responsible for the activities and tasks related to owning the relationship ( “relationship management”), including communication, contract, performance, and risk management. Team Members who reside within a business unit who perform relationship management activities comprise the largest internal population of team members who should manage risk due diligence activities with third parties.
Outlined here is information about the upcoming changes and benefits of your C3PRMP designation, as well as a profile of our students.
What is different about SIG University’s C3PRMP program?
In January of 2020, the duration of SIG University's C3PRMP program was extended from eight weeks to 10 weeks. Multiple-choice review questions at the end of each module will test all students’ knowledge and require a minimum passing score of 80%.
Members of the Global Association of Risk Professionals (GARP) will continue to earn 20 Continuing Professional Development (CPD) credits, GARP’s highest award for a continuing professional development program.
Stacy Mendoza, Managing Editor, Future of Sourcing
SIG University Certified Third-Party Risk Management Professional (C3PRMP) program graduate Andrea Solano discusses how taking the C3PRMP program helped her to implement the framework for her team to operate as an optimal risk management and risk mitigation function across her department and enterprise-wide.
There are different types of workstreams and specializations that have been around a long time. However, the discipline of Third-Party Risk Management is something that is in the very beginning stages of inception. Currently, it is evolving into a discipline that many organizations shall be implementing as a standard operating function in the Silicon Valley business sector I work at. Working at Silicon Valley, the term Third-Party Risk management is still somewhat foreign and not understood as a critical and vital risk management function.
Third-Party Risk Management Function
The key role that I fulfill within the Third-Party Risk Management life cycle is in the due diligence process, which is the internal audit function that serves as a 2.5 – 3rd line of defense within my organization’s Risk Management Function. The SIG University Third-Party Risk Management training that I have taken throughout these past ten weeks has been highly instrumental for me. It will help create, build-out, and develop an internal audit framework that will be customized to meet the needs of this brand-new Third-Party Risk Management function within my organization.
Andrea Solano, Global Security 3rd Party/Outsourced Audit Manager, Facebook