One of the greatest challenges upon organizations today is governing third party relationships, particularly the risk and compliance aspects of these relationships. Organizations today are dynamic, distributed, and face constant disruption and this is exponentially impacted by the number and variety of third party relationships in an organization.
Consider that over half of many organizations ‘insiders’ are no longer traditional employees. Brick and mortar walls no longer define the organization. An employee no longer defines the organization. The organization itself is mesh of nested business relationships, transactions, connections, and interactions. Organizations consist of vendors, suppliers, outsourcers, service providers, consultants, contractors, temporary workers, brokers, deleters, intermediaries, agents, and more. These often nest themselves in layers of relationships that impact the organization. The issues down the supply chain are the organizations issues and risks.
This is compounded by the ongoing change organizations are facing. Changing business, changing regulations, and changing risks. As much as the core organization is changing, all of these relationships are constantly changing as well. They might have been the right organization to contract with three years a go, but they have changed and may not be today.
There are a growing array of regulations and legal liabilities impacting organizations in context of third parties. Consider . . .
- Anti-bribery and corruption (e.g., US FCPA, UK Bribery Act, Sapin 2)
- Human rights/slavery (e.g, US Conflict Minerals, EU Conflict Minerals, UK Modern Slavery Act)
- Privacy and information security (e.g., GDPR, PCI DSS, HIPAA, GLBA, PIPEDA)
- International labor standards (e.g., child labor, forced labor, working hour, working hours)
- Health & safety
- Geo-political risk
- Business continuity
- And more . . .
Organizations cannot haphazardly manage third parties, they need a structured and governed process to see that risk and compliance is addressed in these relationships. GRC 20/20 is interacting in our research with organizations around the world developing third party risk management strategies and looking to define processes and solutions to address the growing challenge of third party governance, risk management, and compliance (GRC). This includes working with large global organizations on their social accountability and third party advisory boards, to helping companies develop strategies and select the right technology to manage third party risk, to identifying business value for an integrated and cross functional team on third party risk GRC.
GRC 20/20’s definition of Third Party Management/GRC is adapted from the OCEG GRC definition. It is . . .
Third party management is a capability that enables an organization to: reliably achieve objectives [GOVERNANCE], while addressing uncertainty [RISK MANAGEMENT, act with integrity [COMPLIANCE] in and across it’s third party relationships.
GRC 20/20 offers a variety of resources to organizations looking at developing their Third Party Management/GRC strategy. This includes our foundational written piece of research, Third Party Management by Design.
GRC 20/20 will be facilitating two upcoming (and complimentary) workshops on Third Party Management by Design in the next month. Complimentary registration is open to individuals responsible or part of a strategy for managing their organizations array of third party relationships. The format is a workshop and collaboration. While there are lecture portions to the day, the goal is learn through collaboration with peers and interaction on workshop activities. The upcoming workshops are:
- Third Party Management by Design Workshop, Philadelphia, November 2. Blueprint for an Effective, Efficient & Agile Third Party Management Program. Organizations are no longer a self-contained entity defined by brick and mortar walls and traditional employees. The modern organisation is comprised of a mixture of third party relationships that often nest themselves in complexity such as with deep supply chains. Organizations are a mixture of contractors, consultants, temporary workers, agents, brokers, intermediaries, suppliers, vendors, outsourcers, service providers and more. The extended enterprise of third party relationships brings on a… Find out more »
- Third Party Management by Design Workshop, New York, November 14. Blueprint for an Effective, Efficient & Agile Third Party Management Program. Organizations are no longer a self-contained entity defined by brick and mortar walls and traditional employees. The modern organization is comprised of a mixture of third party relationships that often nest themselves in complexity such as with deep supply chains. Organizations are a mixture of contractors, consultants, temporary workers, agents, brokers, intermediaries, suppliers, vendors, outsourcers, service providers and more. The extended enterprise of third party relationships brings on a range of… Find out more »
GRC 20/20 also offers a recorded Research Briefing to guide organizations on how to purchase Third Party Management/GRC solutions:
As part of GRC 20/20’s research, we offer complimentary inquiry to organizations working on strategies and exploring technology solutions. Simply ask GRC 20/20 your questions on third party management strategy, process, as well as information and technology solutions that we monitor in the market as part of our research.
Other GRC 20/20 Third Party Management resources can be found at: http://grc2020.com/product-category/grc-functional-area/third-party-management/