Description
Managing Risk & Compliance in the Extended Enterprise
Executive Summary
A haphazard department, and document centric approach for third party management, compounds the problem and does not solve it. It is time for organizations to step back and define a cross-functional and coordinated strategy, as well as teams to define and govern third party relationships. Third party management is, “A capability that enables an organization to reliably achieve objectives, while addressing uncertainty, and act with integrity in and across its 3rd party relationships” . Organizations need to approach third party management with an integrated strategy, process, and architecture to manage the ecosystem of third party relationships with real-time information about performance, risk, and compliance, and how it impacts the organization.
Assent Compliance, with their Assent Compliance Platform, is a supply chain data and risk management company that GRC 20/20 has researched, evaluated, and reviewed with organizations that are using it in complex, distributed, and dynamic business environments. Assent Compliance delivers cloud Software as a Service (SaaS) solutions to manage third party relationships in the organization. The solution helps companies to identify and assess specific third party risks (e.g., REACH, RoHS, anti-bribery & corruption, conflict minerals, privacy/GDPR, and responsible sourcing) and manage their product compliance, corporate social responsibility and vendor management program requirements.
Table of Contents
- Modern Organization: Interconnected Maze of Relationships
- Inevitable Failure of Silos of Third Party Governance
- Assent Compliance
- Managing Risk & Compliance in the Extended Enterprise
- What Assent Compliance Does
- Assent Compliance Enables the Third Party Management Lifecycle
- Foundational Capabilities in Assent Compliance
- Benefits Organizations Have Received through Assent Compliance
- Considerations in Context of Assent Compliance
- About GRC 20/20 Research, LLC
- Research Methodology
Author
Michael Rasmussen – The GRC Pundit @ GRC 20/20 Research, Michael Rasmussen is an internationally recognized pundit on governance, risk management, and compliance (GRC) – with specific expertise on the topics of GRC strategy, process, information, and technology architectures and solutions. With 23+ years of experience, Michael helps organizations improve GRC processes, design and implement GRC architectures, and select solutions that are effective, efficient, and agile. He is a sought-after keynote speaker, author, and advisor and is noted as the “Father of GRC” — being the first to define and model the GRC market in February 2002 while at Forrester Research, Inc.
©GRC 20/20 Research, LLC. All Rights Reserved.
No part of this publication may be reproduced, adapted, stored in a retrieval system or transmitted in any form by any means, electronic, mechanical, photocopying, recording or otherwise, without the prior permission of GRC 20/20 Research, LLC. If you are authorized to access this publication, your use of it is subject to the Usage Guidelines established in client contract. The information contained in this publication is believed to be accurate and has been obtained from sources believed to be reliable but cannot be guaranteed and is subject to change. GRC 20/20 accepts no liability whatever for actions taken based on information that may subsequently prove to be incorrect or errors in analysis. This research contains opinions of GRC 20/20 analysts and should not be construed as statements of fact. GRC 20/20 disclaims all warranties as to the accuracy, completeness or adequacy of such information and shall have no liability for errors, omissions or inadequacies in such information. Although GRC 20/20 may include a discussion of related legal issues, GRC 20/20 does not provide legal advice or services and its research should not be construed or used as such.