Third Party Risk: Gaining Certainty Amid a Web of Global Relationships

[button link=”https://www.brighttalk.com/webcast/13155/252863?utm_source=SureCloud&utm_medium=brighttalk&utm_campaign=252863″]Register[/button] [tabs style=”default”] [tab title=”Summary”] In today’s interconnected world, organizations struggle to adequately govern risk in third party business relationships. Over half of the organization’s insiders are no longer traditional employees. Insiders now include suppliers, vendors, outsourcers, service providers, contractors, subcontractors, consultants, temporary workers, agents, brokers, dealers, intermediaries, and more. Third party problems are the organization’s problems that directly impact brand, reputation, compliance, strategy, and risk to the organization. Join Michael Rasmussen, The GRC Pundit of GRC 20/20, and Nick Rafferty, SureCloud COO, to get an expert view of the challenges companies face and how to gain certainty amid an uncertain web of complex, global relationships. In this webinar you will learn:
  • Why fragmented approaches to third party governance are doomed to fail
  • How inadequate resources can’t keep up with growing risk and regulations
  • How document, spreadsheet and email-centric approaches lack current-state analyses and audit trails
  • Amid a challenging environment, what to do today by defining a strategy and adopting a single-version-of-the-truth software solution.
  • How SureCloud’s unique GRC Platform and its Third Party Risk Manager Application can strengthen your assessment process
Agenda includes plenty of time to address your questions. [/tab] [tab title=”GRC 20/20 Presenter”] rasmussenMichael Rasmussen – The GRC Pundit @ GRC 20/20 Research, Michael Rasmussen is an internationally recognized pundit on governance, risk management, and compliance (GRC) – with specific expertise on the topics of GRC strategy, process, information, and technology architectures and solutions. With 23+ years of experience, Michael helps organizations improve GRC processes, design and implement GRC architectures, and select solutions that are effective, efficient, and agile. He is a sought-after keynote speaker, author, and advisor and is noted as the “Father of GRC” — being the first to define and model the GRC market in February 2002 while at Forrester Research, Inc. [/tab] [tab title=”Webinar Sponsor”] SureCloud® is a rapidly growing Cybersecurity and GRC Cloud Service Provider focusing on best of breed Security, Risk, and Assurance applications that include Vulnerability Management, Risk Management, Policy Management, Compliance Management, Internal Audit, Incident Management, Business Continuity Management and Third Party Risk Management. [/tab][/tabs]

How to Design a Vendor Risk Management Information & Technology Architecture

Part 3 of 3 Part Series

[button link=”https://attendee.gotowebinar.com/register/3758522549649187842?source=GRC+20%2F20″]Register[/button] [tabs style=”default”] [tab title=”Summary”] Vendor risk management requires a robust and adaptable architecture that can model the complexity of vendor information, security, objectives, cause and effect, and analysis of information. The right vendor risk management architecture enables the organization to effectively manage vendor compliance and risk across extended business relationships and facilitates the ability to document, communicate, report, and monitor the range of assessments, remediation, documents, tasks, responsibilities, and action plans. Join Michael Rasmussen, The GRC Pundit at GRC 20/20, as he presents Part 3 of this 3 part educational webinar series on managing vendor risk and compliance. Part 3 of this 3 part webinar series will detail:
  • Components and requirements for a vendor risk information architecture
  • Types of vendor risk management information and how it integrates into vendor processes
  • Kinds of vendor risk management technologies and what best serves the organization
  • Capabilities and requirements of vendor risk management platforms
  • Approaches for integration between vendor’s security environment/tools and the organizations
  • Defining a business case and value of vendor risk management platforms
[/tab] [tab title=”GRC 20/20 Presenter”] rasmussenMichael Rasmussen – The GRC Pundit @ GRC 20/20 Research, Michael Rasmussen is an internationally recognized pundit on governance, risk management, and compliance (GRC) – with specific expertise on the topics of GRC strategy, process, information, and technology architectures and solutions. With 23+ years of experience, Michael helps organizations improve GRC processes, design and implement GRC architectures, and select solutions that are effective, efficient, and agile. He is a sought-after keynote speaker, author, and advisor and is noted as the “Father of GRC” — being the first to define and model the GRC market in February 2002 while at Forrester Research, Inc. [/tab] [tab title=”Webinar Sponsor”] Lynx Technology Partners is the trusted Cyber Security and IT Risk Management advisory firm helping highly-regulated industry enterprises improve information security, facilitate compliance, reduce risk, and improve IT GRC visibility to the business. For more information, LynxGRC.com. [/tab][/tabs]

How to Define a Process Lifecycle for Vendor Risk Management

Part 2 of 3 Part Series

[button link=”https://attendee.gotowebinar.com/register/5831612141402196482?source=GRC+20%2F20″]Register[/button] [tabs style=”default”] [tab title=”Summary”] Vendor risk management processes are a part and extension of overall organization security operations and architecture. Processes are used to manage and monitor the ever-changing relationship, risk, and regulatory environments in extended business relationships. Organizations need to clearly define vendor risk management processes that address risk and compliance throughout the lifecycle of a vendor relationship. Join Michael Rasmussen, The GRC Pundit at GRC 20/20, as he presents Part 2 of this 3 part educational webinar series on managing vendor risk and compliance. Part 2 of this 3 part webinar series evaluates the following stages of a vendor management lifecycle:
  • Ongoing risk context monitoring
  • Vendor identification & onboarding
  • Vendor communications & attestations
  • Vendor risk monitoring & assessment
  • Forms & approvals
  • Metrics & reporting
  • Vendor re-evaluation
[/tab] [tab title=”GRC 20/20 Presenter”] rasmussenMichael Rasmussen – The GRC Pundit @ GRC 20/20 Research, Michael Rasmussen is an internationally recognized pundit on governance, risk management, and compliance (GRC) – with specific expertise on the topics of GRC strategy, process, information, and technology architectures and solutions. With 23+ years of experience, Michael helps organizations improve GRC processes, design and implement GRC architectures, and select solutions that are effective, efficient, and agile. He is a sought-after keynote speaker, author, and advisor and is noted as the “Father of GRC” — being the first to define and model the GRC market in February 2002 while at Forrester Research, Inc. [/tab] [tab title=”Webinar Sponsor”] Lynx Technology Partners is the trusted Cyber Security and IT Risk Management advisory firm helping highly-regulated industry enterprises improve information security, facilitate compliance, reduce risk, and improve IT GRC visibility to the business. For more information, LynxGRC.com. [/tab][/tabs]

How to Develop a Vendor Risk Management Strategy

Part 1 of 3 Part Series

[button link=”https://attendee.gotowebinar.com/register/3973187901321205506?source=GRC+20%2F20″]Register[/button] [tabs style=”default”] [tab title=”Summary”] Managing vendor risk management activities in silos of documents, spreadsheets, and emails leads to inevitable failure. Without a coordinated vendor risk management strategy, the big picture is lost and vendor management is not put in the context of business strategy, security, objectives and performance, resulting in complexity, redundancy and failure. Organizations need to develop a vendor risk management strategy that clearly understands security risk in context of the business relationship and its value and objectives to the organization. Join Michael Rasmussen, The GRC Pundit at GRC 20/20, as he presents Part 1 of this 3 part educational webinar series on managing vendor risk and compliance. Part 1 of this 3 part webinar series takes a close look at:
  • Current drivers & trends pressuring organizations in vendor risk management
  • Different ways organizations approach vendor risk management
  • How to develop a vendor risk management strategic plan
  • Establishing a vendor risk management governance team
  • Developing a vendor risk management charter and policy
[/tab] [tab title=”GRC 20/20 Presenter”] rasmussenMichael Rasmussen – The GRC Pundit @ GRC 20/20 Research, Michael Rasmussen is an internationally recognized pundit on governance, risk management, and compliance (GRC) – with specific expertise on the topics of GRC strategy, process, information, and technology architectures and solutions. With 23+ years of experience, Michael helps organizations improve GRC processes, design and implement GRC architectures, and select solutions that are effective, efficient, and agile. He is a sought-after keynote speaker, author, and advisor and is noted as the “Father of GRC” — being the first to define and model the GRC market in February 2002 while at Forrester Research, Inc. [/tab] [tab title=”Webinar Sponsor”] Lynx Technology Partners is the trusted Cyber Security and IT Risk Management advisory firm helping highly-regulated industry enterprises improve information security, facilitate compliance, reduce risk, and improve IT GRC visibility to the business. For more information, LynxGRC.com. [/tab][/tabs]
Posted on Leave a comment

Developing a Vendor Risk Management Strategy – Info/CyberSecurity Perspective

Organizations are porous: the modern organization is not defined by brick and mortar walls but is a complex web of business relationships. These relationships span vendors, suppliers, outsourcers, service providers, contractors, consultants, temporary workers, agents, brokers, dealers, intermediaries. It grows even more complex as there are nested relationships in subcontractors and supply chains. Approximately half of a typical organizations “insiders” are no longer employees but are third party relationships. The issues organizations face in managing vendor and third party risks are growing. These range from growing challenges in anti-bribery and corruption compliance (e.g., UK Bribery Act, US FCPA, OECD Bribery Convention), human rights and slavery (e.g., US Conflict Minerals, EU Conflict Minerals, UK Modern Slavery Act, California’s Transparency in Supply Chains Act), environmental, health and safety, physical security, business continuity and more. However, one of the growing challenges organizations face is information/cybersecurity across third party relationships, particularly vendor relationships. A significant number of information/cybersecurity breaches are the result of third party vendor relationships. It is not just IT related vendors that put organizations at risk, but could be a wide range of vendor relationships. The Target breach from a few years back was the result of a heating and air conditioning vendor (HVAC) that was broken into that had a connection to the Target network. With the Internet of Things (IoT) upon us, it has become critical for organizations to address information security in and across their third party relationships. I am doing a series of educational webinars on this specific topic over the next three weeks. These are as follow: Here is my specific advice on how to go about purchasing solutions for vendor and third party risk management: Additionally, here are some of my research papers that I have published on this topic:
Posted on Leave a comment

Increasing Exposure of Third Party Risks 

The Modern Organization is an Interconnected Mess of Relationships

Brick and mortar business is a thing of the past: physical buildings and conventional employees no longer define an organization. The modern organization is an interconnected mess of relationships and interactions that span traditional business boundaries. Over half of the organization’s ‘insiders’ are no longer traditional employees. Insiders now include suppliers, vendors, outsourcers, service providers, contractors, subcontractors, consultants, temporary workers, agents, brokers, dealers, intermediaries, and more. Complexity grows as these interconnected relationships, processes, and systems nest themselves in layers of subcontracting and suppliers. In this context, organizations struggle to adequately govern risk in third party business relationships. Third party problems are the organization’s problems that directly impact brand, reputation, compliance, strategy, and risk to the organization. Risk and compliance challenges do not stop at traditional organizational boundaries as organizations bear the responsibility of the actions or inactions of their extended third party relationships. An organization can face reputational and economic disaster by establishing or maintaining the wrong business relationships, or by allowing good business relationships to sour because of poor governance and risk management.  When questions of business practice, ethics, safety, quality, human rights, corruption, security, and the environment arise, the organization is held accountable, and it must ensure that third parties behave appropriately.

Inevitable Failure of Silos of Third Party Governance

Governing third party relationships, particularly in context of risk and compliance, is like the hydra in mythology: organizations combat each head, only to find more heads springing up to threaten them. Departments are reacting to third party management in silos and the organization fails to actively implement a coordinated strategy to third party management from an enterprise perspective. The challenge: Can you attest to the governance, risk management, and compliance or third parties across your organization’s business relationships? Reality: Organizations manage third parties differently across different departments and functions with manual approaches involving thousands of documents, spreadsheets, and emails. Worse, they focus their efforts at the formation of a third party relationship during the on-boarding process and fail to govern risk and compliance throughout the lifecycle of the relationship. This fragmented approach to third party governance brings the organization to inevitable failure. Reactive, document-centric, and manual processes cost too much and fail to actively govern, manage risk, and assure compliance throughout the lifecycle of third party relationships. Silos leave the organization blind to the intricate exposure of risk and compliance that do not get aggregated and evaluated in context of the organization’s goals, objectives, and performance expectations in the relationship. Failure in third party management happens when organizations have:
  • Growing risk and regulatory concerns with inadequate resources. Organizations are facing a barrage of growing regulatory requirements and expanding geo-political risks around the world. Many of these target third party relationships specifically, while others require compliance without specifically addressing the context of third parties. Organizations are, in turn, encumbered with inadequate resources to monitor risk and regulations impacting third party relationships and often react to similar requirements without collaborating with other departments which increases redundancy and inefficiency.
  • Interconnected third party risks that are not visible. The organization’s risk exposure across third party relationships is growing increasingly interconnected.  An exposure in one area may seem minor but when factored into other exposures in the same relationship (or others) the result can be significant. Organization often lack an integrated and thorough understanding of the interconnectedness of performance, risk management, and compliance of third parties.
  • Silos of third party oversight. Allowing different departments to go about third party management without coordination, collaboration, consistent processes, information, and approach leads to inefficiency, ineffectiveness, and lack of agility. This is exacerbated when organizations fail to define responsibilities for third party oversight and the organization breeds an anarchy approach to third party management leading to the unfortunate situation of the organization having no end-to-end visibility and governance of third party relationships.
  • Document, spreadsheet, and email centric approaches. When organizations govern third party relationships in a maze of documents, spreadsheets, and emails it is easy for things to get overlooked and buried in mountains of data that is difficult to maintain, aggregate, and report on. There is no single source-of-truth on the relationship and it becomes difficult, if not impossible, to get a comprehensive, accurate, and current-state analysis of a third party. To accomplish this requires a tremendous amount of staff time and resources to consolidate information, analyze, and report on third party information. When things go wrong, audit trails are non-existent or are easily covered up and manipulated as they lack a robust audit trail of who did what, when, how, and why.
  • Scattered and non-integrated technologies. When different parts of the organization use different approaches for on-boarding and managing third parties; the organization can never see the big picture. This leads to a significant amount of redundancy and encumbers the organization when it needs to be agile.
  • Due diligence done haphazardly or only during on-boarding. Risk and compliance issues identified through an initial due diligence process are often only analyzed during the on-boarding process to validate third parties. This approach fails to recognize that additional risk and compliance exposure is incurred over the life of the third party relationship and that due diligence needs to be conducted on a continual basis.
  • Inadequate processes to monitor changing relationships. Organizations are in a constant state of flux. Governing third party relationships is cumbersome in the context of constantly changing regulations, risks, processes, relationships, employees, processes, suppliers, strategy, and more. The organization has to monitor the span of regulatory, geo-political, commodity, economic, and operational risks across the globe in context of its third party relationships. Just as much as the organization itself is changing, each of the organization’s third parties is changing introducing further risk exposure.
  • Third party performance evaluations that neglect risk and compliance. Metrics and measurements of third parties often fail to properly encompass risk and compliance indicators. Too often metrics from service level agreements (SLAs) focus on delivery of products and services by the third party but do not include monitoring of risks, particularly compliance and ethical considerations.
The bottom line: When the organization approaches third party management in scattered silos that do not collaborate with each other, there is no possibility to be intelligent about third party performance, risk management, compliance, and impact on the organization. An ad hoc approach to third party management results in poor visibility across the organization, because there is no framework or architecture for managing third party risk and compliance as an integrated framework. It is time for organizations to step back and define a cross-functional strategy to define and govern risk in third party relationships that is supported and automated with information and technology.

Additional resources on Third Party Management

Research Briefings Upcoming Webinars Written Research

Strategies to Anticipate and Mitigate Vendor Risks

[button link=”https://event.webcasts.com/starthere.jsp?ei=1121365″]Register[/button] [tabs style=”default”] [tab title=”Summary”] Threat from vendors is real and damaging. The recent headline-making massive customer privacy and data security breaches, that have affected various industries, emphasize the need for re-evaluating the Vendor risk management program. As organizations grapple with vast vendor network, they often overlook eminent risks. To enhance their Vendor Risk management program, leading organizations have adopted best practices such as risk based screening and on-boarding, on-going monitoring, improving collaboration with vendors to resolve issues, and structuring contract management. With a well-defined strategy to identify and mitigate vendor risks, organizations can anticipate and resolve issues, thus reducing vendor negligence, penalties and associated costs. In this webinar our experts will share some of the key strategies to identify and mitigate vendor risks. Join this webinar to:
  • Identify the risks in an extended ecosystem
  • Understand the significance of a risk based approach to vendor due diligence
  • Learn the importance of validating vendors with external data sources
  • Understand the role of technology to simplify and strengthen vendor risk management program
[/tab] [tab title=”GRC 20/20 Presenter”] rasmussenMichael Rasmussen – The GRC Pundit @ GRC 20/20 Research, Michael Rasmussen is an internationally recognized pundit on governance, risk management, and compliance (GRC) – with specific expertise on the topics of GRC strategy, process, information, and technology architectures and solutions. With 23+ years of experience, Michael helps organizations improve GRC processes, design and implement GRC architectures, and select solutions that are effective, efficient, and agile. He is a sought-after keynote speaker, author, and advisor and is noted as the “Father of GRC” — being the first to define and model the GRC market in February 2002 while at Forrester Research, Inc. [/tab] [tab title=”Webinar Sponsor”]
MetricStreamMetricStream is simplifying Governance, Risk, and Compliance (GRC) for modern and digital enterprises. Their enterprise and cloud Apps for GRC enable organizations to strengthen risk management, regulatory compliance, vendor governance, and quality management while driving business performance. Leading companies across industry verticals are benefiting from MetricStream’s approach to GRC that is transforming risk management in a business environment that is increasingly mobile, social, global, and virtual. [/tab][/tabs]

Third Party Management by Design Workshop, Chicago

Blueprint for an Effective, Efficient & Agile Third Party Management Program

[button link=”https://www.eventbrite.com/e/third-party-management-by-design-workshop-tickets-26903621456″]REGISTER[/button] [tabs style=”default”] [tab title=”Overview”]
Organizations are no longer a self-contained entity defined by brick and mortar walls and traditional employees. The modern organisation is comprised of a mixture of third party relationships that often nest themselves in complexity such as with deep supply chains. Organizations are a mixture of contractors, consultants, temporary workers, agents, brokers, intermediaries, suppliers, vendors, outsourcers, service providers and more. The extended enterprise of third party relationships brings on a range of risks that the organisation has to be concerned about. Managing third party risk has risen to be a significant regulatory, contractual, and board level governance mandate. Organizations need to be fully aware of the risks in third party relationships and manage this risk throughout the lifecycle of the relationship, from on-boarding to off-boarding of a third party. Managing third party activities in disconnected silos leads the organization to inevitable failure. Without a coordinated third party management strategy the organization and its various departments never see the big picture and fail to put third party management in the context of business strategy, objectives, and performance, resulting in complexity, redundancy, and failure. The organization is not thinking about how processes can be designed to meet a range of third party needs. An ad hoc approach to third party management results in poor visibility across the organization, because there is no framework or architecture for managing risk and compliance as an integrated part of business. When the organization approaches third party management in scattered silos that do not collaborate with each other, there is no possibility to be intelligent about third party performance, risk management, and compliance and understand its impact on the organization. A haphazard department and document centric approach for third party management compounds the problem and does not solve it. It is time for organizations to step back and define a cross-functional and coordinated strategy and team to define and govern third party relationships. Organizations need to wipe the slate clean and approach third party management by design with an integrated strategy, process, and architecture to manage the ecosystem of third party relationships with real-time information about third party performance, risk, and compliance and how it impacts the organization.
This workshop aims to provide a blueprint for attendees on effective third party management in a dynamic business, regulatory, and risk environment. Attendees will learn third party management governance and process that can be applied across the organization at either an enterprise or a department level. Learning is done through lectures, collaboration with peers, and workshop tasks.
[/tab] [tab title=”Objectives & Benefits”]
Attendees will take back to their organization approaches to address:
  • Effectively managing due diligence and third-party risk.
  • Understand the challenges and pitfalls of managing third-party risk
  • Achieve success capitalizing on third-party relationships while maintaining compliance
  • Facilitate ongoing monitoring of third-party partners.
  • Define a third party management lifecycle for managing and monitoring third party relationships
  • Establish third party management ownership and accountability
  • Provide third party management process consistency
  • Communicate effectively with third parties on matters of risk and compliance
  • Track critical workflow and tasks internally and with third party relationships
  • Deliver effective third party governance and assurance to the board of directors, regulators, and stakeholders
  • Monitor metrics to establish effectiveness or third party management
  • Identify and resolve issues with third parties
  • Map third party relationships to objectives, risks, controls, issues, and other GRC areas
Benefits to attendees:
  • Understand a top-down as well as a bottom-up approach to third party management
  • Implement third party management in the context of business strategy, process, and operations
  • Explore third party management architecture models and how they apply to your organization
  • Discover various third party assessment and monitoring techniques and how they apply to your business
  • Develop an third party information architecture that aligns with business operations and processes
  • Effectively communicate and gather attestation on third parties across your organizations
[/tab] [tab title=”Who Should Attend”]
  • Procurement Professionals
  • Supply Chain Professionals
  • Ethics & Compliance Professionals
  • Risk Management Professionals
  • IT Security Professionals
  • Legal Professionals
  • Environmental, Health & Safety Professionals
  • Corporate Social Responsibility & Accountability Professionals
  • Individuals with third party management, ownership, or oversight responsibilities
[/tab] [tab title=”Workshop Agenda”]

Part 1

Part 1: Third Party Management by Design
Why Third Party Management Matters
  • Third Parties in Disarray: how organizations mismanage third parties
  • Third Party Exposure: how mismanaged third parties expose the organization to risk
  • Current drivers & trends pressuring organizations in third party management
  • Different ways organizations approach third party management
  • What Effective Third Party Management Achieves: third party management’s role in governance, risk management, and compliance
Part 2: Third Party Governance
Blueprint for Effective Third Party Management
  • Third Party Governance Committee: bringing together the range of third party management roles and responsibilities in the organization
  • Third Party Management Charter: defining a structure to govern third party relationships
  • How to Develop a Third Party Management Strategic Plan
Part 3: Third Party Management Lifecycle
Managing Third Parties from Onboard to Offboarding
  • Third party identification & onboarding
  • Ongoing context monitoring
  • Third party communications & attestations
  • Third party monitoring & assessment
  • Third party forms & approvals
  • Third party metrics & reporting
  • Third party re-evaluation and offboarding
Part 4: Third Party Management Architecture
Enabling Information & Technology Management of Third Party Relationships
  • Third Party Management Information Architecture: Blueprint for Managing Third Party Content and Related Data
    • Types of third party management information and how it integrates into third party processes
    • Components and requirements for a third party information architecture
  • Third Party Management Technology Architecture: Blueprint for Enabling Third Party Management Processes with Technology
    • Kinds of third party management technologies and what best serves the organization
    • Capabilities and requirements of third party management platforms
  • Third Party Management Business Case: Articulating the Value of Effective Third Party Management
    • Defining a business case and value of third party management platforms
[/tab] [tab title=”Instructor”] rasmussenMichael Rasmussen – The GRC Pundit @ GRC 20/20 Research, Michael Rasmussen is an internationally recognized pundit on governance, risk management, and compliance (GRC) – with specific expertise on the topics of GRC strategy, process, information, and technology architectures and solutions. With 23+ years of experience, Michael helps organizations improve GRC processes, design and implement GRC architectures, and select solutions that are effective, efficient, and agile. He is a sought-after keynote speaker, author, and advisor and is noted as the “Father of GRC” — being the first to define and model the GRC market in February 2002 while at Forrester Research, Inc. [/tab] [tab title=”Workshop Sponsor”]
LockPath-LogoLockPath® was created by GRC experts who recognized the need for intuitive GRC software that was flexible and scalable to serve ever-changing and expanding organizations. In addition to the company’s founders, LockPath’s executive team comprises top industry professionals in the fields of software development, accounting and consulting, cybersecurity, financial services, market development and other industries. LockPath employs dozens of talented professionals and has several open positions. LockPath serves a client base of global organizations ranging from small and midsize companies to Fortune 10 enterprises across industries. Along with their ecosystem of technology and channel partners, LockPath provides unparalleled customer satisfaction from initial project discovery discussions to ongoing customer support.
[/tab] [/tabs]

How to Design a Third Party Management Architecture

[button link=”http://info.aravo.com/best-practices-for-third-party-management-webinar?utm_campaign=Webinar-%20Best%20Practices%20for%20Third%20Party%20Management&utm_content=GRC2020&utm_medium=GRC2020&utm_source=email”]Register[/button] [tabs style=”default”] [tab title=”Summary”] Third party management requires a robust and adaptable architecture that can model the complexity of third party information, transactions, interactions, relationship, cause and effect, and analysis of information. The right third party management architecture enables the organization to effectively manage third party performance and risk across extended business relationships and facilitate the ability to document, communicate, report, and monitor the range of assessments, documents, tasks, responsibilities, and action plans. Join GRC experts Michael Rasmussen, Principal Analyst at GRC 20/20, and Dave Rusher, SVP Product Strategy & Alliances at Aravo, as they present an Executive Insights Series on managing third-party risk and compliance. Each webinar is at 8am PST / 11am EST / 3pm GMT and is valuable individually. Part 3 of the webinar series will detail:
  • Components and requirements for a third party information architecture
  • Types of third party management information and how it integrates into third party processes
  • Kinds of third party management technologies and what best serves the organization
  • Capabilities and requirements of third party management platforms
  • Defining a business case and value of third party management platforms
[/tab] [tab title=”GRC 20/20 Presenter”] rasmussenMichael Rasmussen – The GRC Pundit @ GRC 20/20 Research, Michael Rasmussen is an internationally recognized pundit on governance, risk management, and compliance (GRC) – with specific expertise on the topics of GRC strategy, process, information, and technology architectures and solutions. With 23+ years of experience, Michael helps organizations improve GRC processes, design and implement GRC architectures, and select solutions that are effective, efficient, and agile. He is a sought-after keynote speaker, author, and advisor and is noted as the “Father of GRC” — being the first to define and model the GRC market in February 2002 while at Forrester Research, Inc. [/tab] [tab title=”Webinar Sponsor”]
 Screen Shot 2016-06-16 at 12.59.06 PMAravo’s mission is to provide continuous innovation and market leadership in Third Party Management solutions. Aravo’s customers are Fortune 1000 executives in procurement, finance, supply chain, compliance, legal and IT departments. The world’s best-run businesses know that accurate, validated and complete Third Party information and best-practice processes are essential to drive efficient relationship management, manage risk, and ensure compliance across distributed, global networks of suppliers, affiliates, contractors, resellers, brokers, and other Third Parties. Aravo was purpose-built to meet this need. [/tab][/tabs]

How to Define a Third Party Management Process Lifecycle

[button link=”http://info.aravo.com/best-practices-for-third-party-management-webinar?utm_campaign=Webinar-%20Best%20Practices%20for%20Third%20Party%20Management&utm_content=GRC2020&utm_medium=GRC2020&utm_source=email”]Register[/button] [tabs style=”default”] [tab title=”Summary”] Third party management processes are a part and subset of overall business processes. Processes are used to manage and monitor the ever-changing relationship, risk, and regulatory environments in extended business relationships. Join GRC experts Michael Rasmussen, Principal Analyst at GRC 20/20, and Dave Rusher, SVP Product Strategy & Alliances at Aravo, as they present an Executive Insights Series on managing third-party risk and compliance. Each webinar is at 8am PST / 11am EST / 3pm GMT and is valuable individually. Part 2 of the webinar series evaluates the following stages of a third party management lifecycle:
  • Ongoing context monitoring
  • Third party identification & onboarding
  • Third party communications & attestations
  • Third party monitoring & assessment
  • Forms & approvals
  • Metrics & reporting
  • Third party re-evaluation
[/tab] [tab title=”GRC 20/20 Presenter”] rasmussenMichael Rasmussen – The GRC Pundit @ GRC 20/20 Research, Michael Rasmussen is an internationally recognized pundit on governance, risk management, and compliance (GRC) – with specific expertise on the topics of GRC strategy, process, information, and technology architectures and solutions. With 23+ years of experience, Michael helps organizations improve GRC processes, design and implement GRC architectures, and select solutions that are effective, efficient, and agile. He is a sought-after keynote speaker, author, and advisor and is noted as the “Father of GRC” — being the first to define and model the GRC market in February 2002 while at Forrester Research, Inc. [/tab] [tab title=”Webinar Sponsor”]
 Screen Shot 2016-06-16 at 12.59.06 PMAravo’s mission is to provide continuous innovation and market leadership in Third Party Management solutions. Aravo’s customers are Fortune 1000 executives in procurement, finance, supply chain, compliance, legal and IT departments. The world’s best-run businesses know that accurate, validated and complete Third Party information and best-practice processes are essential to drive efficient relationship management, manage risk, and ensure compliance across distributed, global networks of suppliers, affiliates, contractors, resellers, brokers, and other Third Parties. Aravo was purpose-built to meet this need. [/tab][/tabs]