Blogpost

2016 Tone at the Top and Third Party Risk: Upcoming Report from the Ponemon Institute and Shared Assessments

The Shared Assessments Program sponsored a new study, conducted by the Ponemon Institute, which explores the role of executives in the risk management process in order to determine the role of Tone at the Top in minimizing business risks within organizations. The new report, Tone at the Top and Third-Party Risk, is due to be released May 2nd and will be available for download on the Shared Assessments Program website. This continues the Shared Assessments Program exploration of the third party risk management landscape in our white papers and benchmarking surveys.

The study examines the state of third party risk management from the perspective of C-level and senior executives, managers and consultants who have executive roles within risk management processes. This report stratifies findings by industry and respondent’s role within their organization, allowing for analysis at a deeper level, not only by sector, but also by the role individuals play within the risk management process and the ways in which that role ties setting and communication of “Tone at the Top” to effective third party risk assessment and management practices. Industries represented in the survey include communications (5%), defense and aerospace (2%), banking (20%), insurance (8%), health and pharmaceutical (12%), industrial (11%), retail (14%), transportation (5%), energy and utilities (9%) and education and research (6%).

With third party outsourcing increasing dramatically as the norm, organizations are recognizing that for their control environment to be effective, it must be led by Tone at the Top that is well communicated enterprise wide. This study is part of a larger effort focused on the impacts of Tone at the Top and the setting of best practices among top-level management, as they relate to third party risk mitigation enterprise wide. Tone at the Top and Third-Party Risk digs into elements that Shared Assessments has been examining during its development of its recent white paper, In-Tune Tone at the Top, which responds directly to the need for robust Board and C-Suite engagement in driving management program development in light of escalating consequences of ongoing and highly publicized, vendor-related breaches and other incidents.

This study provides information on the effectiveness of risk planning, third party assessments and new and evolving threats that will help in guiding improvements in the risk management environment. It provides insight into the third party risk landscape, what elements are expected to have the most significant impact on an organization’s third party risk profile and leading risk management objectives.

Every organization can gain a significant return on their investment in vendor risk assessment by building common evaluation criteria assessments and standardized practices. To learn more, see the Shared Assessments Blog and Newsletter archive which offers ongoing discussion by industry thought leaders on best practices that inform the evolution of each industry sector’s standards surrounding a growing list of issues related to incident response and management across enterprises.

Charlie Miller, is a Senior Vice President with The Santa Fe Group, with key responsibilities that include managing and expanding the Collaborative Onsite Assessments Program and facilitating regulatory, partner and association relationships. Charlie was previously the Director of Vendor and Business Partner Risk Management at AIG, where he managed regulatory and governance activities for the organization’s enterprise vendor risk management program.