The structures and realities of business today have changed. Traditional brick-and-mortar business is outdated: physical buildings and conventional employees no longer define the organization. The modern organization is an interconnected web of relationships, interactions, and transactions that span traditional business boundaries. Layers of relationships go beyond traditional employees to include suppliers, vendors, outsourcers, service providers, contractors, subcontractors, consultants, temporary workers, agents, brokers, dealers, intermediaries, partners, and more. Complexity grows as these interconnected relationships, processes, transactions, and systems nest themselves in intricacies, such as deep supply chains and subcontracting relationships. Roaming the hallways of an organization means crossing paths with contractors, consultants, temporary workers, and more. Business today relies and thrives on third-party relationships; this is the extended enterprise.
In this context, organizations struggle to govern their third-party relationships and too often manage risk and compliance within those relationships in silos that fail to see the big picture of risk exposure and the impact on the relationship’s objectives. Risk and compliance challenges do not stop at organizational boundaries. This is particularly true in this new era of ESG in the extended enterprise. An organization can face reputational and economic disaster by establishing or maintaining the wrong business relationships or allowing good business relationships to sour because of weak risk governance. Third-party problems are the organization’s problems and directly impact the brand and reputation, increasing exposure to risk and compliance matters. When questions of delivery, business practice, ethics, privacy, safety, quality, human rights, resiliency, corruption, security, and the environment arise, the organization is held accountable, and it must ensure that third-party partners behave appropriately.
Dissociated data, systems, processes, and a myopic risk vision leaves the organization with fragments of the truth that fail to see the big picture of third-party performance, risk, and compliance across the enterprise and how it supports its strategy and objectives. The organization needs to have holistic visibility and situational awareness of third-party risk across the enterprise. The complexity of business, intricacy, and interconnectedness of third-party risk data requires that the organization implement a third-party risk management strategy.
This workshop aims to provide a blueprint for attendees on effective third-party risk management in a dynamic business, regulatory, ESG, and risk environment. Attendees will learn third-party risk management strategies and processes that can be applied across the organization at either an enterprise or a department level. Learning is done through lectures, collaboration with peers, and workshop tasks.
Objectives of workshop:
Attendees will take back to their organization approaches to address:
Effectively managing due diligence and third-party risk.
Understand the challenges and pitfalls of managing third-party risk
Achieve success capitalizing on third-party relationships while maintaining compliance
Facilitate ongoing monitoring of third-party partners.
Define a third party management lifecycle for managing and monitoring third party relationships
Establish third party management ownership and accountability
Provide third party management process consistency
Communicate effectively with third parties on matters of risk and compliance
Track critical workflow and tasks internally and with third party relationships
Deliver effective third party governance and assurance to the board of directors, regulators, and stakeholders
Monitor metrics to establish effectiveness or third party management
Identify and resolve issues with third parties
Map third party relationships to objectives, risks, controls, issues, and other GRC areas
Benefits to attendees:
Understand a top-down as well as a bottom-up approach to third party management
Implement third party management in the context of business strategy, process, and operations
Explore third party management architecture models and how they apply to your organization
Discover various third party assessment and monitoring techniques and how they apply to your business
Develop an third party information architecture that aligns with business operations and processes
Effectively communicate and gather attestation on third parties across your organizations
Who should attend?
Supply Chain Professionals
Ethics & Compliance Professionals
Risk Management Professionals
IT Security Professionals
Environmental, Health & Safety Professionals
Corporate Social Responsibility & Accountability Professionals
Individuals with third party management, ownership, or oversight responsibilities
Part 1: Third Party Management by Design
Why Third Party Management Matters
Third Parties in Disarray: how organizations mismanage third parties
Third Party Exposure: how mismanaged third parties expose the organization to risk
Current drivers & trends pressuring organizations in third party management
Different ways organizations approach third party management
What Effective Third Party Management Achieves: third party management’s role in governance, risk management, and compliance
Part 2: Third Party Governance
Blueprint for Effective Third Party Management
Third Party Governance Committee: bringing together the range of third party management roles and responsibilities in the organization
Third Party Management Charter: defining a structure to govern third party relationships
How to Develop a Third Party Management Strategic Plan
Part 3: Third Party Management Lifecycle
Managing Third Parties from Onboard to Offboarding
Third party identification & onboarding
Ongoing context monitoring
Third party communications & attestations
Third party monitoring & assessment
Third party forms & approvals
Third party metrics & reporting
Third party re-evaluation and offboarding
Part 4: Third Party Management Architecture
Enabling Information & Technology Management of Third Party Relationships
Third Party Management Information Architecture: Blueprint for Managing Third Party Content and Related Data
Types of third party management information and how it integrates into third party processes
Components and requirements for a third party information architecture
Third Party Management Technology Architecture: Blueprint for Enabling Third Party Management Processes with Technology
Kinds of third party management technologies and what best serves the organization
Capabilities and requirements of third party management platforms
Third Party Management Business Case: Articulating the Value of Effective Third Party Management
Defining a business case and value of third party management platforms
GRC 20/20 Instructor
GRC 20/20 ResearchMichael Rasmussen – The GRC Pundit @ GRC 20/20 Research, Michael Rasmussen is an internationally recognized pundit on governance, risk management, and compliance (GRC) – with specific expertise on the topics of GRC strategy, process, information, and technology architectures and solutions. With 30+ years of experience, Michael helps organizations improve GRC processes, design and implement GRC architectures and select solutions that are effective, efficient, and agile. He is a sought-after keynote speaker, author, and advisor and is noted as the “Father of GRC” – being the first to define and model the GRC market in February 2002 while at Forrester Research, Inc.
CoreStream is a firm specialising in the delivery of technology solutions to help our clients improve operational effectiveness, manage risk and streamline workflow processes. Alongside our core service delivering bespoke software solutions, we also offer a range of ‘off-the-shelf’ solutions addressing common customer requirements. This enables our clients to benefit from rich functionality at a fraction of the cost were it to be developed from scratch. Our flagship product is a Governance, Risk and Compliance (GRC) solution, which provides a single platform for organisations to manage policies, risks and controls, demonstrate compliance and gain immediate visibility into performance.