third party risk management

SIG University Certified Third-Party Risk Management Professional (C3PRMP) program graduate MJ Ellis shares a unique perspective on the fundamentals of effective third-party risk management through the panes of Johari's Window.

SIG University Certified Third-Party Risk Management Professional (C3PRMP) program graduate Nathan Coffet discusses the process of  updating a Third-Party Risk Management program and the benefits it can have.

Large fast growing multinational companies involving multiple mergers & acquisitions will often have many disparate processes in place to manage Third-Party Risk. There may be programs developed by individual group companies or parts of the group to meet general procurement needs. Corporate functions such as Privacy, Information Security, Corporate Social Responsibility, or Anti-Corruption may have developed customized programs to meet regulatory requirements or address audit findings. Other programs may have been driven by the need to respond to vulnerabilities arising from macroeconomic events: systemic risks in the financial market; or the impact of Covid on the viability of cross-border supply lines. The multiple languages and cultures add a layer of complexity.

A root and branch review may enable the business to simplify processes, strip out unnecessary costs and duplication and ensure that the key risks are appropriately overseen proportionately. The approach must be focused on the return on investment to make it easier to justify and obtain necessary resourcing.

But where to start?

It is tempting to jump in and start solving the problem before it is well understood. But do not rush.

First - Remember to Reinvent the Wheel.

SIG University Certified Third-Party Risk Management Professional (C3PRMP) program graduate Jai Chinnakonda shares why every organization should adopt integrated third-party risk governance and management into their team structure.

Organizations increasingly depend on third-party service providers of varying sizes, including start-ups, to meet the digital age challenges of technological innovation and heightened competition. In a quest to succeed, organizations involved in digital transformation initiatives partner with more innovative start-ups, thereby increasing third-party risk. There is a progressive shift from a traditional 'cost' focus to a 'shared risk' and 'value-driven partnership.

This is also a growing reflection of organizational recognition that third parties can create strategic win-win opportunities. These new-age partnerships require a different approach to managing third-party risks. Organizations that can continuously monitor and take on calculated risks with their engagement with third parties are the ones that will be able to Stay Ahead. This article reflects on how technology can help support a new Integrated third-party governance and risk management approach.

Traditional Third-Party Risk Management Approach – the challenges 

Traditionally, organizations had relied on total upfront due diligence for risk mitigation. This approach attempts to identify potential third-party risks upfront before contracting, resulting in longer onboarding time. Typically, this involves sharing due-diligence questionnaires and collating responses from third parties. This only provides a point-in-time assessment – a highly ineffective approach prone to failures.

SIG University Certified Third-Party Risk Management Professional (C3PRMP) program graduate Jonathan Purdon discusses the vital aspects to add to your risk management framework and the best practices for creating a risk culture.

SIG University Certified Third-Party Risk Management Professional (C3PRMP) program graduate Noelia Valentina Novoa Pena discusses the value of Third-Party relationship management and how it can help take your team to the next level.