The Union | The Future of Third-Party Risk Management

Most third-party risk lifecycles adhere to a similar pattern: planning, due diligence, contract negotiations, ongoing monitoring, and termination. However, the management and responsibility of these processes differ significantly across organizations. Traditionally, the information security department carried this burden, but recent events like Covid, regional wars, political changes, and socially-focused laws have broadened organizations’ risk perception beyond just IT. They now include geographical, reputational, concentration, and compliance risks.

Different departments, leveraging their unique expertise, now seek information from third parties to manage diverse risk types. Third-party risk management expert, Tom Garrubba, practical advice to assist companies in tailoring third-party risk management activities to their size, risk profile, and risk management necessities. Regardless of where the organization situates third-party risk management, the ultimate responsibility rests with the third-party risk manager and the business owner. They must identify the necessities and required documentation for each vendor, enabling a thorough assessment and due diligence or ongoing monitoring.

The assessment process presents challenges for both the vendor and the risk manager, often requiring over 40 hours to complete and validate. Midsize companies dealing with dozens to hundreds of third parties quickly face the reality of these complications. Additionally, vendors often feel overwhelmed with assessment requests from their many customers and may instead issue a “customer assurance packet” containing broad information sets for you to sift through to identify potential risks.

Third-party risk management is essential, even for industries not legally required to do so. Those lacking a robust strategy and supporting technology risk overloading their vendors with assessments and distracting internal teams. Furthermore, if you operate in a regulated industry, expect your strategy and technology to face scrutiny eventually.

Speakers

Sam Abadir

VP Solutions @ Krista

Tom Garruba

TPRM Expert

AI Fear and the Fear of Missing Out Prev post

2024 AI Outlook: What Business Leaders Need to Know Next post

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Use Cases

By Industry

Risk Management

The Future of Third-Party Risk Management

Speakers

Sam Abadir

Tom Garruba

Read our comprehensive LLM testing guide

Product

Solutions

Resources

Company