Today, third parties are an integral part of the ‘extended enterprise’ and it is common (almost standard practice) for an organisation to utilise third parties to gain expertise, reduce costs or help accelerate growth, to support a wide range of processes and business activities. Our third party risk management (TPRM) services aim to provide ongoing visibility into your supplier ecosystem.
Third parties include suppliers, service providers, consultants, vendors and strategic business partners.
Third parties can help deliver tremendous value, but poorly managed, can expose your organisation to a myriad of operational, financial, regulatory, strategic and reputational risks.
The bottom line….the consequences of poorly managed third party risks will be transferred to you.
Management and the governing body have a responsibility to ensure that all material risks are managed to align within its risk appetite.
Therefore, it is critical for an organisation to have in place a robust third party governance framework.
Successful companies will integrate Third Party Risk Management (TPRM) processes into their day-to-day procurement process and conduct regular multi-dimensional reviews of each material third party.
As a leader in risk management, InConsult can help organisations strengthen their third party risk management governance framework and practices.
For Third Party Risk Management, our consulting approach and methodology considers better practice guidelines and standards relevant to the organisation including:
In addition, we also consider industry specific compliance requirements relating to outsourcing. For example, for the Australian Prudential Regulation Authority (APRA) regulated financial institutions, we ensure compliance with the designated outsourcing Prudential Standards and Guidelines:
For Risk Management, our consulting approach and methodology considers better practice guidelines and standards relevant to the organisation including:
We will design an appropriate third party risk management framework that is aligned to your enterprise risk management framework to help strengthen governance, culture and the internal control environment to support good practice, formalise reporting, metrics and monitoring mechanisms and improve third party risk management maturity.
More comprehensive risk assessments should be completed for material third parties. Our 360° third party risk and agility assessment consists of risk analysis (identification of key risks, sources, impacts, key risk indicators), control analysis (the three levels of controls – preventative, detective and corrective) and contingency planning.
Technology plays an important role in moving from “good” to “great” third party risk management.
Using ground-breaking technology, we can monitor vendors, provide a security rating, identify gaps and co-ordinate the completion of a range of security questionnaires.
An independent and holistic internal audit review of your organisation’s third party risk management framework and third party arrangements against best practice standards, applicable regulations and maturity models to provide your stakeholders with peace of mind and identify areas of improvement.