Although he was referring to troop levels, George Washington demonstrated more than a little budgeting savvy when he wrote that “we must consult our means rather than our wishes.”
While third party risk management (TPRM) leaders would do well to heed that (founding) fatherly wisdom, they should also keep in mind that a number of emerging best practices have proven successful in boosting the means TPRM groups have at their disposal. Shared Assessments is currently analyzing research concerning how organizations are addressing heightened regulatory expectations related to TPRM requirements. The Vendor Risk Management Benchmark Study, in its fifth year, has just wrapped up and the research report expected to release in February 2019. Coupled with this annual research is a special project now underway sponsored by the Best Practices Awareness Group and the Regulatory Compliance Audit Awareness Group. One component of this research, which is being spearheaded by subject matter experts in both groups, examines the successful approaches TPRM leaders have deployed to fortify their case for more resources during annual budgeting activities.
While the research remains in process, it has already identified the importance of tightly linking vendor risk management objectives with an organization’s strategic business goals. That coupling of appropriate risk management capability with an enhanced ability to achieve strategic business goals significantly increases the likelihood of successfully procuring additional TPRM resources.
In many companies, for example, the failure to meet regulatory requirements may result in reputational damage. In a company that considers its brand a strategic asset, third party risk management leaders should show how specific vendor risk management gaps would potentially limit the company’s ability to protect its brand. A business case that supports that business-centered point is more likely to result in a favorable budgeting decision compared to a business case that centers only on the risk of a regulatory compliance failure.
This is just one of a number of other approaches TPRM leaders are marshalling in the ongoing battle for more funding. I’ll keep you posted on when in early 2019 a paper highlighting this research is available.