Search
Close this search box.

Third Party Risk Management

The global COVID-19 pandemic and increasing rate of cyber attacks has reminded us all that we must not be complacent about third party risk management.

Today, third parties are an integral part of the ‘extended enterprise’ and it is common (almost standard practice) for an organisation to utilise third parties to gain expertise, reduce costs or help accelerate growth, to support a wide range of processes and business activities.  Our third party risk management (TPRM) services aim to provide ongoing visibility into your supplier ecosystem.

Third parties include suppliers, service providers, consultants, vendors and strategic business partners.

Third parties can help deliver tremendous value, but poorly managed, can expose your organisation to a myriad of operational, financial, regulatory, strategic and reputational risks. 

The bottom line….the consequences of poorly managed third party risks will be transferred to you.

Management and the governing body have a responsibility to ensure that all material risks are managed to align within its risk appetite.

Therefore, it is critical for an organisation to have in place a robust third party governance framework. 

Successful companies will integrate Third Party Risk Management (TPRM) processes into their day-to-day procurement process and conduct regular multi-dimensional reviews of each material third party.

As a leader in risk management, InConsult can help organisations strengthen their third party risk management governance framework and practices.


"Only recently have people begun to recognise that
working with suppliers is just as important as listening to customers"
- Barry Nalebuff

Our Approach:

For Third Party Risk Management, our consulting approach and methodology considers better practice guidelines and standards relevant to the organisation including:

  • ISO 37500 Guidance on outsourcing
  • ISO 44001:2017 Collaborative business relationship management systems — Requirements and framework

In addition, we also consider industry specific compliance requirements relating to outsourcing. For example, for the Australian Prudential Regulation Authority (APRA) regulated financial institutions, we ensure compliance with the designated outsourcing Prudential Standards and Guidelines:

  • CPS 231 Outsourcing
  • CPG 231 Outsourcing

For Risk Management, our consulting approach and methodology considers better practice guidelines and standards relevant to the organisation including:


Our Third Party Risk Management services include:

TPRM Framework Development

We will design an appropriate third party risk management framework that is aligned to your enterprise risk management framework to help strengthen governance, culture and the internal control environment to support good practice, formalise reporting, metrics and monitoring mechanisms and improve third party risk management maturity. 

Comprehensive 360° Third Party Risk & Agility Assessments

More comprehensive risk assessments should be completed for material third parties.  Our 360° third party risk and agility assessment consists of  risk analysis (identification of key risks, sources, impacts, key risk indicators), control analysis (the three levels of controls – preventative, detective and corrective) and contingency planning.

Third Party Vendor Review and Cyber Risk Analysis

Technology plays an important role in moving from “good” to “great” third party risk management. 

Using ground-breaking technology, we can monitor  vendors, provide a security rating, identify gaps and co-ordinate the completion of a range of security questionnaires.

Internal Audit of TPRM Framework

An independent and holistic internal audit review of your organisation’s third party risk management framework and third party arrangements against best practice standards, applicable regulations and maturity models to provide your stakeholders with peace of mind and identify areas of improvement.

Access Our Third Party and Vendor Risk Publications

Would you like to know more about our Third Party Risk Management services and capabilities?