Kick-start your third-party management program for 2020 with this master-class session with expert Michael Rasmussen, GRC Economist and Pundit, GRC 20/20.
This practical workshop session is drawn from Michael’s vast experience of helping companies across the world understand and enable best practice approaches to manage third-party risk.
During this workshop, you will learn how you can integrate strategy, process, and architecture to better manage third party relationships, and drive better efficiency, effectiveness, and agility in your third party programs.
Michael will also cover emerging trends such as how the UK SM&CR together with regulator focus on operational resiliency intersects with how you manage your third parties.
Organizations are no longer a self-contained entity defined by brick and mortar walls and traditional employees. The modern organization is comprised of a mixture of third-party relationships that often nest themselves in complexity such as with deep supply chains. Organizations are a mixture of contractors, consultants, temporary workers, agents, brokers, intermediaries, suppliers, vendors, outsourcers, service providers and more. The extended enterprise of third-party relationships brings on a range of risks that the organization has to be concerned about. Managing third-party risk has risen to be a significant regulatory, contractual, and board-level governance mandate. Organizations need to be fully aware of the risks in third-party relationships and manage this risk throughout the lifecycle of the relationship, from on-boarding to off-boarding of a third party.
Third-party GRC management is a capability to reliably achieve objectives [GOVERNANCE] while addressing uncertainty [RISK MANAGEMENT], and act with integrity [COMPLIANCE] in and across and down throughout the organizations extended enterprise of third-party relationships.
Managing third-party activities in disconnected silos leads the organization to inevitable failure. Without a coordinated third-party management strategy, the organization and its various departments never see the big picture and fail to put third-party GRC management in the context of business strategy, objectives, and performance, resulting in complexity, redundancy, and failure. The organization is not thinking about how processes can be designed to meet a range of third party needs. An ad hoc approach to third-party GRC management results in poor visibility across the organization because there is no framework or architecture for managing risk and compliance as an integrated part of the business. When the organization approaches third-party GRC management in scattered silos that do not collaborate with each other, there is no possibility to be intelligent about third-party performance, risk management, and compliance and understand its impact on the organization.
A haphazard department and document-centric approach for third-party GRC management compounds the problem and does not solve it. It is time for organizations to step back and define a cross-functional and coordinated strategy and team to define and govern third-party relationships. Organizations need to wipe the slate clean and approach third-party GRC management by design with an integrated strategy, process, and architecture to manage the ecosystem of third-party relationships with real-time information about third-party performance, risk, and compliance and how it impacts the organization.
Join Michael Rasmussen, GRC Economist, and Pundit, GRC 20/20 for a practical workshop session on effective third-party GRC management – drawn from Michael’s vast experience of helping companies across the world understand and enable best practice approaches.
Third-parties are strategically important to business strategy today, yet with their opportunity comes risk. During this workshop, you will learn how you can integrate strategy, process, and architecture to better manage third party relationships, and drive better efficiency, effectiveness, and agility in your third-party programs. This workshop provides a blueprint for attendees on effective third party management in a dynamic business, regulatory, and risk environment. Attendees will learn third party management governance and processes that can be applied across the organization at either an enterprise or a department level. Learning is done through lectures, collaboration with peers, and workshop tasks.
Objectives:
Bring A Peer
There are many stakeholders across the organization that is involved in third-party GRC management, and collaboration is key. We encourage attendees to bring a peer from their company. We encourage you to invite a peer.
Attendees will take back to their organization approaches to address:
Effectively managing due diligence and third-party risk.
Understand the challenges and pitfalls of managing third-party risk
Achieve success capitalizing on third-party relationships while maintaining compliance
Facilitate ongoing monitoring of third-party partners.
Define a third-party GRC management lifecycle for managing and monitoring third party relationships
Establish third-party GRC management ownership and accountability
Provide third-party GRC management process consistency
Communicate effectively with third-parties on matters of risk and compliance
Track critical workflow and tasks internally and with third-party relationships
Deliver effective third party governance and assurance to the board of directors, regulators, and stakeholders
Monitor metrics to establish effectiveness or third party management
Identify and resolve issues with third-parties
Map third-party relationships to objectives, risks, controls, issues, and other GRC areas
Benefits to attendees:
Understand a top-down as well as a bottom-up approach to third-party GRC management
Implement third-party GRC management in the context of business strategy, process, and operations
Explore third-party GRC management architecture models and how they apply to your organization
Discover various third-party assessment and monitoring techniques and how they apply to your business
Develop a third-party information architecture that aligns with business operations and processes
Effectively communicate and gather attestation on third-parties across your organizations
Who should attend?
Procurement Professionals
Supply Chain Professionals
Ethics & Compliance Professionals
Risk Management Professionals
IT Security Professionals
Legal Professionals
Environmental, Health & Safety Professionals
Corporate Social Responsibility & Accountability Professionals
Individuals with third party management, ownership, or oversight responsibilities
Agenda
8.30am – Registration, Breakfast and Welcome
9:00am – 10:00am Part 1: Third-Party GRC Management by Design
Why Third-Party Management Matters
What Effective Third-Party GRC Management Achieves: third party management’s role in governance, risk management, and compliance
How regulations such as the UK SM&R, GDPR, and Operational Resiliency are impacting how companies should be looking at third-party management.
10:00am -11:30am Part 2: Third-Party Governance
Blueprint for Effective Third-Party GRC Management
Third-Party Governance Committee: bringing together the range of third party management roles and responsibilities in the organization
Third-Party GRC Management Charter: defining a structure to govern third party relationships
How to Develop a Third Party Management Strategic Plan
11:30am – 11:45am – Coffee Break and networking
11:45am – 1:15pm Part 3: Third-Party GRC Management Lifecycle
Managing Third Parties from Onboard to Off-boarding
Third-party identification & onboarding
Ongoing context monitoring
Third-party communications & attestations
Third-party monitoring & assessment
Third-party forms & approvals
Third-party metrics & reporting
Third-party re-evaluation and offboarding
1:15pm – 1:45pm – Lunch
1:45pm – 3:45pm Part 4: Third-Party GRC Management Architecture
Enabling Information & Technology Management of Third-Party Relationships
Third-Party GRC Management Information Architecture: Blueprint for Managing Third Party Content and Related Data
Types of third-party GRC management information and how it integrates into third party processes
Components and requirements for a third party information architecture
Third-Party GRC Management Technology Architecture: Blueprint for Enabling Third-Party Management Processes with Technology
Kinds of third party management technologies and what best serves the organization
Capabilities and requirements of third-party management platforms
Third-Party GRC Management Business Case: Articulating the Value of Effective Third-Party Management.
Defining a business case and value of third-party GRC management platform.
3.45pm – Workshop ends
Instructor
Michael Rasmussen – The GRC Pundit @ GRC 20/20 Research, Michael Rasmussen is an internationally recognized pundit on governance, risk management, and compliance (GRC) – with specific expertise on the topics of GRC strategy, process, information, and technology architectures and solutions. With 26+ years of experience, Michael helps organizations improve GRC processes, design and implement GRC architectures and select solutions that are effective, efficient, and agile. He is a sought-after keynote speaker, author, and advisor and is noted as the “Father of GRC” — being the first to define and model the GRC market in February 2002 while at Forrester Research, Inc.
Workshop Sponsor
Aravo’s mission is to provide continuous innovation and market leadership in Third Party Management solutions. Aravo’s customers are Fortune 1000 executives in procurement, finance, supply chain, compliance, legal and IT departments. The world’s best-run businesses know that accurate, validated and complete Third Party information and best-practice processes are essential to drive efficient relationship management, manage risk, and ensure compliance across distributed, global networks of suppliers, affiliates, contractors, resellers, brokers, and other Third Parties. Aravo was purpose-built to meet this need.