It’s that time of year again. Grocery stores have aisles decked out in red and pink, with chocolates and flowers everywhere you look. While couples focus on making dinner plans and figuring out gift ideas, this can also be a good time of year to think about the health of your relationships in general. For third-party risk management (TPRM) teams, doing your job well depends on having strong relationships with a number of other departments within your organization.
As with any good relationship, when TPRM works well with other departments, it’s good for both of you. Recognizing all the ways that are true—and ensuring other internal departments understand them too—can go a long way to helping you shore up your relationships with the rest of the enterprise this Valentine’s Day.
An organization’s executives are crucial to the success of its TPRM program on multiple levels. They’re privy to some of the most sensitive information about the company, so have an especially important responsibility to keep the details they know and have access to secure. Their support is directly linked to your ability to get the resources you need to do your job effectively. And when the C-suite treats TPRM as a priority, it’s easier to get the support of other internal departments.
All of that matters. “A global consulting firm recently identified a high correlation between board involvement and highly mature third-party risk management programs,” says Tom Garrubba, Vice President of Shared Assessments. “When the C-Suite (and ultimately, the Board) is made aware of how TPRM is protecting the interests of the company by ensuring security, privacy, and other business controls are in place, it establishes the recognition and draws support. It’s always AWESOME to have their support!”
And as with any good relationship, the benefits aren’t one-sided. As Nasser Fattah, Senior Advisor at Shared Assessments explains, “TPRM can provide the C-Suite ongoing visibility, based on vendor portfolio and risks, where there can be considerable impact based on key business drivers, including customer satisfaction, operational resiliency, and regulatory requirements, to name a few.”
Compliance and TPRM have similar goals: you’re both focused on keeping the organization safe. Their knowledge of laws and regulations is important to help you make sure the organization only chooses vendors that won’t get you in legal hot water. It just makes sense for the two departments to work closely together.
“TPRM can work with compliance to normalize and baseline the alphabet soup of regulations, and appropriately apply which regulation is associated with a vendor and if there are any risks that require proactive measures,” suggests Fattah.
The work both departments do is complementary enough that you can both make each other stronger. “When Compliance understands and works in lock-step with the TPRM program, they, in essence, support the TPRM program’s efforts to ensure vendor compliance with regulatory, industry standards, and contractual obligations. When this works, it’s a great way to share the LOVE,” suggests Garrubba.
As with compliance, TPRM and Legal have a lot in common. They’re focused on keeping the company on the right side of the law, safe from the repercussions that come from crossing legal lines. While you’re focused on keeping the organization safe from third-party risks, which sometimes involves legal concerns. At the end of the day, your roles are similar, but your specific responsibilities differ.
For that reason, it makes sense to develop a healthy relationship with them as well. “Get to know the attorneys in Legal to make sure you are connected to ensure TPRM services and required controls are included as needed as deals are being negotiated and contracts are being finalized,” suggests Charlie Miller, Senior Advisor at Shared Assessments.
If you’re worried about whether they’ll cooperate, “let them know you are trying to streamline the process,” he adds. “That benefits everybody, and helps the organization keep all their legal requirements in order.
Data privacy concerns are (or should be) top of mind at many businesses, and the teams involved in crafting privacy requirements and making sure the organization is set up to meet them have every reason to work closely with TPRM. Many third-party relationships involve sharing and transferring data, which makes those connections a prime risk for data leaks if you’re not careful.
This is a case where you can both help each other out in crucial ways. “Given the evolving global privacy regulations and breach reporting requirements, the privacy team can assist in addressing any potential data breach incidents involving one of your third parties,” says Miller. “Also tell them to keep you posted on the latest privacy items that may need to be added or modified in your TPRM program.”
Making sure your relationship is strong can help you keep the lines of communication open, which helps both departments do their jobs more effectively.
Money is an important part of the success of an organization, but it’s also one of its main vulnerabilities. An organization’s financial health impacts how much they’re likely (and able) to invest in TPRM. But also, the way money is stored and transferred—and the various third parties involved in that process—create sensitive points of risk.
“[It’s] truly important to have a close (huggable) relationship with your finance brethren, especially given recent increased mergers and acquisitions (M&A) activity, cyber ransomware attacks, pandemic supply chain disruption, the advent of decentralized finance (DeFi), cryptocurrencies, and adherence to Sarbanes Oxley (SOX) control requirements,” says Miller. “It is imperative to work together and validate the financial health of your third and Nth parties.”
Procurement works directly with a number of suppliers, meaning they and TPRM are a natural match. “Procurement is a critical path to onboarding and renewing supplier relationships,” points out Ron Bradley, Vice President of Shared Assessments. “It’s important to nurture the relationship with procurement as they can be your best ally or a serious impediment.”
As with all the best relationships, both parties bring something important to the table. “There is a win-win when procurement and TPRM collaborate to safely on-board vendors,” says Fattah. “Procurement can provide TPRM with visibility of vendors it is currently considering, [and] TPRM, knowing of vendors in advance, can inform them of vendor risks which they can use to select a better vendor, improve negotiations, and/or enhance contracts to include appropriate mitigation.”
Working with procurement helps TPRM proactively reduce the risks that each new supplier presents, and can help procurement make better decisions about who to work with and what to require from them.
Strengthen Your Internal Relationships
Effective TPRM has to happen across the enterprise. Departments throughout the organization develop and maintain third-party relationships. If they’re not in active communication with TPRM as they do so, every decision they make could introduce unnecessary risk. But guidelines and rules aren’t always enough to get better safety practices into place. Actually knowing the people in each of these departments and having an amicable relationship with them—one where you both listen to each other—always works better.
You don’t have to buy anyone a fancy dinner, or send flowers to various departments. But you do need to invest time and care into keeping these relationships strong.