Marya Roddis, Vice President of Communications
can be leveraged to achieve more than just cost savings
Santa Fe, NM – October 4, 2016 – The Shared Assessments Program is pleased to announce the release of its newest white paper: Building Best Practices in Third Party Risk Management: Involving Procurement. The paper outlines an integrated approach to risk management that consolidates third party onboarding processes by including all stakeholders before a third party is brought onboard.
With the right tools and framework, the Procurement function can work closely, efficiently and effectively with all areas of an organization to help provide partners and regulators with a level of assurance that third parties are appropriately vetted and monitored throughout the life of the relationship. Procurement can also help facilitate a centralized process that is designed to mitigate many of the risks associated with these relationships and should therefore be seen as a critical function that organizations can leverage for more than just achieving cost savings.
Not only does Procurement bring a body of knowledge to the table that can be leveraged; adding Procurement to the process from the outset allows stakeholders enterprise-wide to collectively establish a standardized internal program for handling third parties that meets the organization’s unique risk appetite needs. This paper provides guidance on building such a program. Recommendations include:
- Partnering business units with Procurement to achieve economies of scale and risk mitigation.
- Adopting methodologies that align with industry best practices, as well as regulatory requirements, allows for the most effective risk ranking of a given third party’s controls.
- Ensuring the process is practical, sustainable and defendable, by applying four guiding principles to the development of a holistic set of internal standards for vetting and onboarding third parties: consistency, objectivity, balance and management oversight.
Such an integrated approach consolidates third party onboarding processes, naturally resulting in better risk management controls, as risk ranking and negotiations take place in a consistent manner that aims to achieve common goals. This allows every department to remain advised of goals and objectives, so that they can each contribute the necessary elements to ensure that request for proposals (RFPs) and contract negotiations include elements of good risk management hygiene throughout the process.
About the Shared Assessments Program
This work is sponsored by the Shared Assessments Program, the trusted source in third party risk management, with more than a decade of developing program resources. Shared Assessments resources help organizations effectively manage the critical components of the vendor risk management lifecycle that are: creating efficiencies and lowering costs for all participants; kept current with regulations, industry standards and guidelines and the current threat environment; and adopted globally across a broad range of industries both by service providers and their customers. Shared Assessments membership and use of the Shared Assessments Program Tools: The Agreed Upon Procedures (AUP); Standardized Information Gathering (SIG) questionnaire and Vendor Risk Management Maturity Model (VRMMM), offers companies and their service providers a standardized, more efficient and less costly means of conducting rigorous assessments of controls for IT and data security, privacy and business resiliency. For more information on Shared Assessments, please visit https://sharedassessments.org.
The Shared Assessments Program is managed by The Santa Fe Group (www.santa-fe-group.com), a strategic advisory company providing unparalleled expertise to leading financial institutions, healthcare payers and providers, law firms, educational institutions, retailers, utilities and other critical infrastructure organizations. The core of The Santa Fe Group’s belief system is that, despite how complicated the world of commerce might be, business can—and should—be a good citizen. Corporations should be built on a foundation to provide greater good to society. We help organizations determine core values, make meaningful connections, facilitate collaboration and affect change.