SIG University Certified Third Party Risk Management Professional (C3PRMP) Program graduate Cindy Lingerfelt works at Blue Cross Blue Shield of Florida. She shares what she’s learned about third-party risk management and how her small team plans to build a stronger risk culture.
In the C3PRMP program, students focus on best and emerging practices to identify, assess, manage and control third-party risk throughout the lifecycle of relationships, and learn how to align risk fundamentals and frameworks with risk culture to develop the essential tools and controls for effective governance.
I work for Blue Cross Blue Shield of Florida on the Procurement team. My sub-team, Supplier Management, is small and we wear many hats. We were the first in our organization to implement some standardization for how critical suppliers were managed by developing a segmentation questionnaire to tier our suppliers and worked with business owners to get all Tier 1 suppliers on performance scorecards. Our role was to provide standard formatted scorecards with a library of the most common KPIs, stationary, QBR templates and more.
Due to an incident with a supplier, the board made a directive that supplier risk should have a more explicit focus. A new team called Enterprise Risk Management was formed within Corporate Affairs/Internal Audit to address supplier risk and closely partner with Procurement on new suppliers and manage risk with our current supplier base.
Cindy Lingerfelt, C3PRMP, Sourcing Specialist, Florida Blue