2015 at Shared Assessments was a year for building best practices and compliance awareness, continuing longitudinal third party risk management and assurance research and reporting and providing risk professionals with development opportunities unique in the marketplace. Program efforts this year also reflect increased international focus, working with organizations with a global presence, as well as those headquartered overseas.
In addition to increasing Shared Assessments membership from 121 in 2014 to 180 in 2015, additional highlights for the year include:
2015 Shared Assessments Summit
Our eighth annual Shared Assessments Summit was held April 29-30, 2015 in Baltimore, MD. A record 250 attendees participated in roundtables, discussions, workshops and presentations focused on the need in third party risk assurance. The Shared Assessments Summit has grown to be the leading third party risk assessment event for industries that include financial services, healthcare, retail, academia and energy. You can read more about the Shared Assessments Summit here.
Collaborative Onsite Assessments
The Shared Assessments Collaborative Onsite Assessment Project, leveraging the Shared Assessments Agreed Upon Procedures (AUP) as the common onsite risk assessment methodology, undertaken beginning in 2014 was continued with additional participants. The project has developed a standardized risk assessment tool to improve assessment-related economies and scalability for outsourcers and service providers. The study used the collective intelligence of several top-tier leading multi-national financial services industry institutions to inform the Program Tools at the most robust level. The Collaborative Onsite Assessments pilots have been met with enthusiasm at the highest levels among participants. Currently eight of the top 10 financial institutions have mapped their corporate requirements to the new AUP and signed off that it fully meets their expectations.
International Expansion
In 2015, the Shared Assessments Program began working towards expanding its international footprint. The Program is working with leaders in some of the most heavily-regulated foreign markets including the UK, and Asia-Pacific to involve them in building best practices for third party risk in their countries.
Roundtables and Awareness Groups
This past year, Shared Assessments Program members and other thought leaders convened, providing a venue for:
2015 Studies and Papers
Shared Assessments Certified Third Party Risk Professional Certification
Our Certified Third Party Risk Professional (CTPRP) Program has been a terrific success. In 2015, over 250 individuals received their CTPRP certification, improving their organization’s risk awareness and management capacity and their own professional standing. Earning the CTPRP designation shows proficiency in third party risk management concepts and principles. This includes managing the vendor lifecycle, vendor risk identification and rating and the fundamentals of third party risk assessment, monitoring and management. There is planned expansion of the CTPRP program in 2016 for additional online opportunities, at national universities and for in-person workshops educating third parties overseas.
Updated 2016 Program Tools
The Shared Assessments Program Tools help organizations create sustainable, organization-wide efficiencies in today’s high risk environment. The Program Tools are: the Standardized Information Gathering (SIG) questionnaire; the Shared Assessments Agreed Upon Procedures (AUP), a tool for standardized onsite assessments; and the Vendor Risk Management Maturity Model (VRMMM). The updated Shared Assessments Program Tools will be released in early 2016. These assessment tools serve organizations as they meet the recent surge in regulatory, consumer and business scrutiny alongside rapidly increasing threats and vulnerabilities, including those posed by third party service providers.
The Program Tools have been updated with focus on business continuity and resiliency, operational risk as it relates to information security, ensuring adequate controls to prevent Denial of Service (DoS) attacks, and the addition of maturity ranking. Among the industry standards, regulations and guidance the Program Tools currently align to include:
Mapping is underway to ensure we further align to:
What Else is on the Horizon for 2016?
Shared Assessments 2016 initiatives respond directly to the dynamic landscape of third party risk management by addressing the increased need for direct board involvement, compliance awareness and research and education opportunities for risk professionals to inform and support establishment and refinement of best practices within and across verticals.
The Shared Assessments Program will be convening and/or participating in the following industry roundtables, as well as developing those in other relevant sectors:
The Program will be releasing several original and highly-influential papers at the end of the year and into 2016, which include:
And, the full Shared Assessments Collaborative Onsite Assessments Program will roll out in 2016. Learn how you can review the testing procedures outlined in the Shared Assessments AUP and participate in the Program by contacting Charlie Miller, Senior Vice President, The Santa Fe Group and Shared Assessments Program, at charlie@santa-fe-group.com.
The Shared Assessments Program continues to provide a professional platform for examining and resolving critical issues as they emerge in the evolving third party risk landscape, including managing for risk rather than compliance, optimizing third party risk mitigation and leveraging resilience to ensure positive outcomes. Members can sign up to participate in 2016 initiatives by completing the “request to participate.” For more information about each activity and to sign up, click here.
Robin Slade is Executive Vice President and Chief Operating Officer with The Santa Fe Group and the Shared Assessments Program. Robin leads all activities of the Shared Assessments Program, including managing its Member Forum, Advisory Board, Steering Committee and working groups and the Certified Third Party Risk Professional program. Connect with Robin on LinkedIn.
By downloading this software, you acknowledge that you may be invited to provide usability feedback to help improve its functionality. Feedback does not guarantee changes or compensation.