Credentials Drive Credibility and New Business

Established in 1999, DVV Solutions is one of the U.K.’s leading managed service providers in the design, implementation and management of third party risk management solutions. DVV Solutions Managing Director Sean O’Brien describes a unique benefit of earning his Certified Third Party Professional (CTPRP) designation (October 2017) and his Certified Third Party Assessor credential (December 2018): the creation of a new business line of third party risk assessments that support client companies’ mergers & acquisitions (M&A) activities. On a personal level, O’Brien says that maintaining his certifications enable him to practice what he preaches within his firm while strengthening his credibility as a TPRM evangelist at conferences and industry events.

Tell us about your role managing third party risk.

Sean O’Brien: My primary role is serving as a trusted advisor on third party risk management to our customers and prospects. I also view my role as being an evangelist regarding standardization and knowledge-sharing within the discipline. We seek out every opportunity to present on third party risk management at events. Those aren’t sales presentations, but knowledge exchanges in which we share what leading [TPRM] practitioners are doing, why they’re doing it, and what works well. The U.K. market is less mature than the U.S. market in terms of third-party risk — we’re about two years behind. My team and I continually communicate that outsourcing does not mean you outsource the risk and that sound third party risk management requires a strong framework and a well-designed program that should steadily mature. 

You’ve been working in IT risk management for nearly two decades — what motivated you to earn your CTPRP and CTPRA designations?

Sean O’Brien: It really was a business decision. When our company began specializing in third party risk several years ago, we looked at what the relevant industry bodies were doing in relation to standards. There was really nothing out there in the U.K. and Europe. Through one of our vendor relationships, we were introduced to the Shared Assessments Program. We were impressed by the healthy adoption rate of the [SIG] standards in the U.S. as well as with the efficiency improvements the use of those standards helped drive. My eyes were really opened to the value of the Shared Assessment standards when I attended my first summit in Washington D.C. three years ago. We saw value in aligning with an industry standards-setter that offers a formal training and accreditation program. As a trusted advisor who regularly presents, the CTPRP enhances my credibility with my audiences as well as my peers. When the CTPRA became available, I jumped on that as well. As a leader, my certifications let me practice what I preach. When I’m talking to our assessors and new recruits about earning their CTPRA, it helps for them to know that the CEO has been through the program.

In addition to enhancing your professional credibility, how have the certifications helped the business?

Sean O’Brien: My experience in the workshops and my discussions with other people who have also taken the course helped me see that there is a major need for third party risk management prior to a merger or acquisition as well as right after a deal is completed. We designed a third-party risk offering that helps the acquiring company gain a clear understanding of the target company’s cybersecurity program and its related third party risk management capabilities.  We develop a questionnaire for the target company, score the responses and supporting evidence that the organization provides in responses, and then conduct an on-site assessment to assess the maturity of its cybersecurity and other risk management domains. We developed another offering designed to help the two security groups from each company work together in a highly practical and aligned manner immediately after the acquisition is completed. So, the process of going through the Shared Assessments accreditation process ultimately helped drive a new source of revenue. That’s probably the biggest business benefit to our organization.

What value do you gain from retaining your CTPRA and CTPRP credentials?

Sean O’Brien: It’s about maintaining credibility. The CTPRA recently has been redesigned and reissued, and I will probably take the course and the exam again within the next 12 months. As I spend more time advising customers, I tend to spend less time doing assessments, so I want to make sure I’m keeping up to date with leading practices.

Connect with Sean.