Third-Party Risk Management by Design Workshop, London

The structures and realities of business today have changed. Traditional brick-and-mortar business is outdated: physical buildings and conventional employees no longer define the organization. The modern organization is an interconnected web of relationships, interactions, and transactions that span traditional business boundaries. Layers of relationships go beyond traditional employees to include suppliers, vendors, outsourcers, service providers, contractors, subcontractors, consultants, temporary workers, agents, brokers, dealers, intermediaries, partners, and more. Complexity grows as these interconnected relationships, processes, transactions, and systems nest themselves in intricacies, such as deep supply chains and subcontracting relationships. Roaming the hallways of an organization means crossing paths with contractors, consultants, temporary workers, and more. Business today relies and thrives on third-party relationships; this is the extended enterprise. 

In this context, organizations struggle to govern their third-party relationships and too often manage risk and compliance within those relationships in silos that fail to see the big picture of risk exposure and the impact on the relationship’s objectives. Risk and compliance challenges do not stop at organizational boundaries. This is particularly true in this new era of ESG in the extended enterprise. An organization can face reputational and economic disaster by establishing or maintaining the wrong business relationships or allowing good business relationships to sour because of weak risk governance. Third-party problems are the organization’s problems and directly impact the brand and reputation, increasing exposure to risk and compliance matters. When questions of delivery, business practice, ethics, privacy, safety, quality, human rights, resiliency, corruption, security, and the environment arise, the organization is held accountable, and it must ensure that third-party partners behave appropriately. 

Dissociated data, systems, processes, and a myopic risk vision leaves the organization with fragments of the truth that fail to see the big picture of third-party performance, risk, and compliance across the enterprise and how it supports its strategy and objectives. The organization needs to have holistic visibility and situational awareness of third-party risk across the enterprise. The complexity of business, intricacy, and interconnectedness of third-party risk data requires that the organization implement a third-party risk management strategy. 

This workshop aims to provide a blueprint for attendees on effective third-party risk management in a dynamic business, regulatory, ESG, and risk environment. Attendees will learn third-party risk management strategies and processes that can be applied across the organization at either an enterprise or a department level. Learning is done through lectures, collaboration with peers, and workshop tasks.

Objectives of workshop:

Attendees will take back to their organization approaches to address:

• Effectively managing due diligence and third-party risk.
• Understand the challenges and pitfalls of managing third-party risk
• Achieve success capitalizing on third-party relationships while maintaining compliance
• Facilitate ongoing monitoring of third-party partners.
• Define a third party management lifecycle for managing and monitoring third party relationships
• Establish third party management ownership and accountability
• Provide third party management process consistency
• Communicate effectively with third parties on matters of risk and compliance
• Track critical workflow and tasks internally and with third party relationships
• Deliver effective third party governance and assurance to the board of directors, regulators, and stakeholders
• Monitor metrics to establish effectiveness or third party management
• Identify and resolve issues with third parties
• Map third party relationships to objectives, risks, controls, issues, and other GRC areas

Benefits to attendees:

• Understand a top-down as well as a bottom-up approach to third party management
• Implement third party management in the context of business strategy, process, and operations
• Explore third party management architecture models and how they apply to your organization
• Discover various third party assessment and monitoring techniques and how they apply to your business
• Develop an third party information architecture that aligns with business operations and processes
• Effectively communicate and gather attestation on third parties across your organizations

Who should attend?

• Procurement Professionals
• Supply Chain Professionals
• Ethics & Compliance Professionals
• Risk Management Professionals
• IT Security Professionals
• Legal Professionals
• Environmental, Health & Safety Professionals
• Corporate Social Responsibility & Accountability Professionals
• Individuals with third party management, ownership, or oversight responsibilities

Agenda:

Part 1: Third Party Management by Design

Why Third Party Management Matters

• Third Parties in Disarray: how organizations mismanage third parties
• Third Party Exposure: how mismanaged third parties expose the organization to risk
• Current drivers & trends pressuring organizations in third party management
• Different ways organizations approach third party management
• What Effective Third Party Management Achieves: third party management’s role in governance, risk management, and compliance

Part 2: Third Party Governance

Blueprint for Effective Third Party Management

• Third Party Governance Committee: bringing together the range of third party management roles and responsibilities in the organization
• Third Party Management Charter: defining a structure to govern third party relationships
• How to Develop a Third Party Management Strategic Plan

Part 3: Third Party Management Lifecycle

Managing Third Parties from Onboard to Offboarding

• Third party identification & onboarding
• Ongoing context monitoring
• Third party communications & attestations
• Third party monitoring & assessment
• Third party forms & approvals
• Third party metrics & reporting
• Third party re-evaluation and offboarding

Part 4: Third Party Management Architecture

Enabling Information & Technology Management of Third Party Relationships

• Third Party Management Information Architecture: Blueprint for Managing Third Party Content and Related Data
  • Types of third party management information and how it integrates into third party processes
  • Components and requirements for a third party information architecture
• Third Party Management Technology Architecture: Blueprint for Enabling Third Party Management Processes with Technology
  • Kinds of third party management technologies and what best serves the organization
  • Capabilities and requirements of third party management platforms
• Third Party Management Business Case: Articulating the Value of Effective Third Party Management
  • Defining a business case and value of third party management platforms

GRC 20/20 Instructor

GRC 20/20 ResearchMichael Rasmussen – The GRC Pundit @ GRC 20/20 Research, Michael Rasmussen is an internationally recognized pundit on governance, risk management, and compliance (GRC) – with specific expertise on the topics of GRC strategy, process, information, and technology architectures and solutions. With 30+ years of experience, Michael helps organizations improve GRC processes, design and implement GRC architectures and select solutions that are effective, efficient, and agile. He is a sought-after keynote speaker, author, and advisor and is noted as the “Father of GRC” – being the first to define and model the GRC market in February 2002 while at Forrester Research, Inc.

Roadshow Host

CoreStream is a firm specialising in the delivery of technology solutions to help our clients improve operational effectiveness, manage risk and streamline workflow processes. Alongside our core service delivering bespoke software solutions, we also offer a range of ‘off-the-shelf’ solutions addressing common customer requirements. This enables our clients to benefit from rich functionality at a fraction of the cost were it to be developed from scratch. Our flagship product is a Governance, Risk and Compliance (GRC) solution, which provides a single platform for organisations to manage policies, risks and controls, demonstrate compliance and gain immediate visibility into performance.