Organizations are no longer a self-contained entity defined by brick and mortar walls and traditional employees. The modern organisation is comprised of a mixture of third party relationships that often nest themselves in complexity such as with deep supply chains. Organizations are a mixture of contractors, consultants, temporary workers, agents, brokers, intermediaries, suppliers, vendors, outsourcers, service providers and more. The extended enterprise of third party relationships brings on a range of risks that the organisation has to be concerned about. Managing third party risk has risen to be a significant regulatory, contractual, and board level governance mandate. Organizations need to be fully aware of the risks in third party relationships and manage this risk throughout the lifecycle of the relationship, from on-boarding to off-boarding of a third party.
Managing third party activities in disconnected silos leads the organization to inevitable failure. Without a coordinated third party management strategy the organization and its various departments never see the big picture and fail to put third party management in the context of business strategy, objectives, and performance, resulting in complexity, redundancy, and failure. The organization is not thinking about how processes can be designed to meet a range of third party needs. An ad hoc approach to third party management results in poor visibility across the organization, because there is no framework or architecture for managing risk and compliance as an integrated part of business. When the organization approaches third party management in scattered silos that do not collaborate with each other, there is no possibility to be intelligent about third party performance, risk management, and compliance and understand its impact on the organization.
A haphazard department and document centric approach for third party management compounds the problem and does not solve it. It is time for organizations to step back and define a cross-functional and coordinated strategy and team to define and govern third party relationships. Organizations need to wipe the slate clean and approach third party management by design with an integrated strategy, process, and architecture to manage the ecosystem of third party relationships with real-time information about third party performance, risk, and compliance and how it impacts the organization.
Join Michael Rasmussen, GRC Economist and Pundit, GRC 20/20 for a practical workshop session on effective third party management – drawn from Michael’s vast experience of helping companies across the world understand and enable best practice approaches.
Third parties are strategically important to business strategy today, yet with their opportunity comes risk. During this workshop, you will learn how you can integrate strategy, process, and architecture to better manage third party relationships, and drive better efficiency, effectiveness, and agility in your third party programs. This workshop provides a blueprint for attendees on effective third party management in a dynamic business, regulatory, and risk environment. Attendees will learn third party management governance and process that can be applied across the organization at either an enterprise or a department level. Learning is done through lectures, collaboration with peers, and workshop tasks.
Principal Analyst, GRC 20/20
Michael Rasmussen is an internationally recognized pundit on governance, risk management, and compliance (GRC) – with specific expertise on the topics of enterprise GRC, GRC technology, corporate compliance, and policy management. With 22+ years of experience, Michael helps organizations improve GRC processes, design and implement GRC architecture, and select technologies that are effective, efficient, and agile. He is a sought-after keynote speaker, author, and adviser and is noted as the “Father of GRC” – being the first to define and model the GRC market in February 2002 while at Forrester.
Michael has contributed to U.S. Congressional reports and committees, and currently serves on the Leadership Council of the OCEG and chairs the OCEG Technology Council, OCEG Policy Management Group, and the OCEG GRC Architect Group.
Bring A Peer
There are many stakeholders across the organization that are involved in third party risk management, and collaboration is key. We encourage attendees to bring a peer from their company. If you are a senior compliance professional, we encourage you to invite a peer from procurement or Information Security. And vice versa.
Attendees will take back to their organization approaches to address:
- Effectively managing due diligence and third-party risk.
- Understand the challenges and pitfalls of managing third-party risk
- Achieve success capitalizing on third-party relationships while maintaining compliance
- Facilitate ongoing monitoring of third-party partners.
- Define a third party management lifecycle for managing and monitoring third party relationships
- Establish third party management ownership and accountability
- Provide third party management process consistency
- Communicate effectively with third parties on matters of risk and compliance
- Track critical workflow and tasks internally and with third party relationships
- Deliver effective third party governance and assurance to the board of directors, regulators, and stakeholders
- Monitor metrics to establish effectiveness or third party management
- Identify and resolve issues with third parties
- Map third party relationships to objectives, risks, controls, issues, and other GRC areas
Benefits to attendees:
- Understand a top-down as well as a bottom-up approach to third party management
- Implement third party management in the context of business strategy, process, and operations
- Explore third party management architecture models and how they apply to your organization
- Discover various third party assessment and monitoring techniques and how they apply to your business
- Develop an third party information architecture that aligns with business operations and processes
- Effectively communicate and gather attestation on third parties across your organizations
Who should attend?
- Procurement Professionals
- Supply Chain Professionals
- Ethics & Compliance Professionals
- Risk Management Professionals
- IT Security Professionals
- Legal Professionals
- Environmental, Health & Safety Professionals
- Corporate Social Responsibility & Accountability Professionals
- Individuals with third party management, ownership, or oversight responsibilities
Part 1: Third Party Management by DesignWhy Third Party Management Matters
- What Effective Third Party Management Achieves: third party management’s role in governance, risk management, and compliance
Part 2: Third Party Governance
Blueprint for Effective Third Party Management
Third Party Governance Committee: bringing together the range of third party management roles and responsibilities in the organization
Third Party Management Charter: defining a structure to govern third party relationships
How to Develop a Third Party Management Strategic Plan
Part 3: Third Party Management Lifecycle
Managing Third Parties from On-board to Off-boarding
Third Party Identification & On-boarding
Ongoing Context Monitoring
Third Party Communications & Attestations
Third Party Monitoring & Assessment
Third Party Forms & Approvals
Third Party Metrics & Reporting
Third Party Re-evaluation & Off-boarding
Part 4: Third Party Management Architecture
Enabling Information & Technology Management of Third Party Relationships
Third Party Management Information Architecture: Blueprint for managing third party content and related data
Types of third party management information and how it integrates into third party processes
Components and requirements for a third party information architecture
Third Party Management Technology Architecture: Blueprint for enabling third party management processes with technology
Kinds of Third Party Management Technologies and what best serves the organization
Capabilities and requirements of third party management platforms
Third Party Management Business Case: Articulating the value of effective third party management. Defining a business case and value of third party management platforms
Date: Tuesday 14th, November 2017
Time: 9:00am – 2:00pm. Working breakfast & lunch provided, refreshments all day
Convene, Pershing Hub Room, 101 Park Ave, New York City, NY 10017 (Off of 41st St & Park Avenue) Phone: 888-730-7307 Map
Conditions: Limited spaces. For senior risk, compliance, procurement, IT, data privacy, and information security professionals.
Aravo was founded in 2000 to bring order to the complex and dynamic world of enterprise Third Party Management. We deliver market-leading SaaS solutions for managing third party compliance and risk that help Global 2000 companies protect their brand, build customer trust and elevate business performance.
As a market pioneer, Aravo has defined best practices for Third Party Management for over fifteen years. Working with companies with the most complex and globally dispersed third party networks in the world, we have assembled impressive domain expertise on best practice processes and implementations, and are proven to scale. Accenture, BHP, Cisco, GE, Johnson & Johnson, Unilever and Visa, among others, all count on Aravo’s Enterprise Platform to achieve global continuous insight into third party risk and compliance. With our combination of technical innovation and deep domain expertise, Aravo delivers unrivaled configurability, regulatory agility, ease-of-use, high performance, and scalability.
As a company, we are passionate about helping companies eliminate corruption and social injustice from their extended enterprise.
Vice President of Sales
Marty Clough leads Aravo’s sales business and is responsible for new customer acquisition, existing customer relationships, and customer satisfaction. He brings 20 years of experience in audit, risk and compliance spanning the gamut from internal audit practitioner to business consultant, from technology strategist to sales leader.
The former head of Risk and Compliance assets at Thomson Reuters where Marty led strategy for the Governance Risk & Compliance content and technology business, he has led global teams contributing to success stories for customers in implementing technology to support functions such as Internal Audit, Operational Risk, Regulatory Compliance, and Third Party Risk Management. Marty has also led sales, product, and consulting teams at Paisley Consulting and SAI Global, and was the Internal Audit Manager of Operations at Fairview Health Services in Minneapolis, MN.
Marty is passionate about leveraging technology to solve business problems and improve efficiency and effectiveness of Aravo customers.
SVP Product Strategy and Alliances
Dave Rusher has over 20 years’ experience working with large global enterprises to find the right solutions to complex business problems. His experience in the enterprise software industry spans across most functional areas of business including engineering, product management, product marketing, solutions consulting and executive leadership. As Aravo Solution’s Senior Vice President of Product Strategy and Alliances, Dave works closely with Global 2000 customers to define and deliver best-in-class enterprise third party risk management (TPRM), anti-bribery & corruption, registration & qualification, data information and security, and responsible sourcing applications, that can scale to the business size, business complexity and business change requirements of large multinationals. He is also responsible for partner alliances, which has included pioneering work in building community/utilities TPRM applications for the defense and financial services industries in the UK.
Dave particularly enjoys the relationship-building, problem-solving, teamwork and accountability that comes with his experience of working with compliance, risk and procurement professionals.