This CPO from a buy-side member company in the finance industry would like to quickly benchmark on the reporting structures for risk management programs. Please take a moment and share your thoughts.
1. Do you have the third party risk management office flow through the procurement function or is led by the broader risk management group?
2. Do you keep all pieces of risk within one function or are some elements split between procurement and risk management function?
3. What are the advantages or disadvantages of using either model?