The structures and realities of business today have changed. Traditional brick-and-mortar business is outdated: physical buildings and conventional employees no longer define the organization. The modern organization is an interconnected web of relationships, interactions, and transactions that span traditional business boundaries. Layers of relationships go beyond traditional employees to include suppliers, vendors, outsourcers, service providers, contractors, subcontractors, consultants, temporary workers, agents, brokers, dealers, intermediaries, partners, and more. Complexity grows as these interconnected relationships, processes, transactions, and systems nest themselves in intricacies, such as deep supply chains and subcontracting relationships. Roaming the hallways of an organization means crossing paths with contractors, consultants, temporary workers, and more. Business today relies and thrives on third-party relationships; this is the extended enterprise.
In this context, organizations struggle to govern their third-party relationships and too often manage risk and compliance within those relationships in silos that fail to see the big picture of risk exposure and the impact on the relationship’s objectives. Risk and compliance challenges do not stop at organizational boundaries. This is particularly true in this new era of ESG in the extended enterprise. An organization can face reputational and economic disaster by establishing or maintaining the wrong business relationships or allowing good business relationships to sour because of weak risk governance. Third-party problems are the organization’s problems and directly impact the brand and reputation, increasing exposure to risk and compliance matters. When questions of delivery, business practice, ethics, privacy, safety, quality, human rights, resiliency, corruption, security, and the environment arise, the organization is held accountable, and it must ensure that third-party partners behave appropriately.
Dissociated data, systems, processes, and a myopic risk vision leaves the organization with fragments of the truth that fail to see the big picture of third-party performance, risk, and compliance across the enterprise and how it supports its strategy and objectives. The organization needs to have holistic visibility and situational awareness of third-party risk across the enterprise. The complexity of business, intricacy, and interconnectedness of third-party risk data requires that the organization implement a third-party risk management strategy.
This workshop aims to provide a blueprint for attendees on effective third-party risk management in a dynamic business, regulatory, ESG, and risk environment. Attendees will learn third-party risk management strategies and processes that can be applied across the organization at either an enterprise or a department level. Learning is done through lectures, collaboration with peers, and workshop tasks.
Attendees will take back to their organization approaches to address:
GRC 20/20 ResearchMichael Rasmussen – The GRC Pundit @ GRC 20/20 Research, Michael Rasmussen is an internationally recognized pundit on governance, risk management, and compliance (GRC) – with specific expertise on the topics of GRC strategy, process, information, and technology architectures and solutions. With 30+ years of experience, Michael helps organizations improve GRC processes, design and implement GRC architectures and select solutions that are effective, efficient, and agile. He is a sought-after keynote speaker, author, and advisor and is noted as the “Father of GRC” – being the first to define and model the GRC market in February 2002 while at Forrester Research, Inc.
CoreStream is a firm specialising in the delivery of technology solutions to help our clients improve operational effectiveness, manage risk and streamline workflow processes. Alongside our core service delivering bespoke software solutions, we also offer a range of ‘off-the-shelf’ solutions addressing common customer requirements. This enables our clients to benefit from rich functionality at a fraction of the cost were it to be developed from scratch. Our flagship product is a Governance, Risk and Compliance (GRC) solution, which provides a single platform for organisations to manage policies, risks and controls, demonstrate compliance and gain immediate visibility into performance.