In consulting sessions with Prevalent customers, we often start with a high-level evaluation of the three "abilities" that define an effective third-party risk management program: repeatability, sustainability and scalability. Each represents unique attributes that your team should possess as they establish the processes and procedures to manage third-party risk to acceptable levels. Let's take a closer look at each ability:
Repeatability is all about developing a consistent set of rules — from classifying and categorizing vendors to framing responses and mapping risks to controls. The outcome of a repeatable process is that you can apply this set of rules across your vendor landscape instead of doing it individually. This results in a predictable set of actions, activities and outcomes. As you consider the repeatability of your third-party risk program, know that:
The most sustainable third-party programs are built on foundations of solid data and practices that can adapt to changing business requirements. As you consider the sustainability of your TPRM program, ensure that:
Scalability is about doing more with the resources you have. For instance, if you have a predictable, programmatic process for classifying and tiering vendors, you can more efficiently collect and analyze vendor assessment content. Consider the following:
If you're curious about the repeatability, sustainability and scalability of your TPRM program, I recommend engaging with one of third-party risk management specialists who can guide you through a complimentary, 1-hour maturity assessment. You'll walk away with a report that specifically outlines a roadmap to address any shortcomings in your third-party risk management program. Contact us to schedule this assessment today!
Assess your organization's exposure with these essential questions for your vendors, suppliers and other third parties.
Vendor risk continues to be in the spotlight as 2020 comes to an end. Here’s the...