This is the second in a two-part series by Michael Rasmussen on how to take a strategic approach to effectively manage and mitigate third-party risk.
To maintain the integrity of the organization and execute on strategy, the organization has to be able to see their individual third party relationships (the tree) as well as the interconnectedness of third party relationships (the forest). Third party relationships are non-linear. They are not a simple equation of 1 + 1 = 2. They are a mesh of exponential relationship and impact in which 1 + 1 = 3 or 30 or 300. What seems like a small disruption or exposure may have a massive and cascading impact. In a linear system, effect is proportional with cause. In the non-linear world of business, third party risk is exponential. If we fail to see the interconnections of third party risk on the organization, the result is often massive to unpredictable.
The challenge is that different organizational areas are doing similar things in different ways in context of their third parties. Various departments with different responsibilities for pieces of third party oversight will communicate and interact with third parties in different ways. The chaos of these many-to-many communications is slowing down relationships in a time where they need to be more nimble and agile.
The organization needs a common process, information, and technology architecture to support third party management across organization departments that includes a vested interest in third party relationships. Third party management is enabled at an enterprise level through implementation of an integrated third party management architecture. This offers the adaptability needed as a result of the dynamic nature and geographic dispersion of the modern enterprise. The right third party management platform enables the organization to effectively manage risk across extended business relationships and facilitates the ability to document, communicate, report, and monitor the range of assessments, documents, tasks, responsibilities, and action plans.
Third Party Management Process Architecture
Third party management processes are used to manage and monitor the ever-changing relationship, risk, and regulatory environments in extended business relationships. While third party processes can vary by organization and industry, the common components are . . .