Third Party Risk Management, Virtual Assessment

Ten Tips for Virtual Risk Assessments using Shared Assessments’ TPRM Toolkit

This blogpost offer ten tips in checklist format for Virtual Risk Assessments.The Covid-19 Pandemic quickly shifted our world to a virtual perspective. Remote workers, remote vendors, remote classes and even remote family get togethers. These changes are not seen as a temporary shift; global companies have announced no plans to require a return to work until the end of 2021. This pivot requires organizations to think differently, act differently and view risk with new perspectives.


In response to these challenges, the Shared Assessments Program created a webinar series Onsite Assessments in a Virtual World: How Third Party Risk Programs Must Adapt (sponsored by Prevalent) exploring tools, policies, processes and protocols to efficiently transition to virtual assessments.  Participants in the initial sessions responded to key questions to share the challenges and priorities they are experiencing in adapting their approach to Third Party Risk Management (TPRM).  The starting point in this interactive dialog was to identify the biggest impact to TPRM due to Covid-19. The top 2 challenges included Assessing Security of Remote Vendors (36%); Increased Focus on Business Resiliency (30%).

Shorter term priorities for TPRM included addressing the security of the internal employees or remote workforce and helping staff navigate new technology and productivity while changing processes. TPRM Assessments have always included some aspect of virtual or remote work – whether that involved questionnaires, conference calls or reviews of documentation. Many organizations required physical site visits, tours and observation as part of their program. From program governance to execution, this transition has created operational challenges in implementing these changes.


These operational challenges also triggered the identification of emerging gaps and process improvement opportunities:

  • Managing third party risk virtually requires a strong set of risk knowledge for TPRM professionals. Operating and conducting assessments virtually requires expanded skills and expertise for scoping, controls evaluation, and soft skills.
  • The readiness of service providers has varied to adapt to this new normal and may require additional education and collaboration to refine a new approach
  • The “kick the tires” types of assessments are becoming obsolete as companies adapt and the need for stronger, in depth assessments and continual monitoring become the norm.


The Virtual Assessment Webinar series is designed to educate both outsourcers and service providers on how to navigate these challenges with actionable insights and lessons learned from third party risk practitioners. The Shared Assessments Program Tools are built by third party risk professionals for use by third party risk professionals. This member-driven perspective enables real life experiences to provide inputs to tool content, features, and functionality.  A sub-team of participants created a Top Ten List for specific ways to utilize functionality within the TPRM toolkit uniquely and specially to address the transition to virtual assessments. While the “SIG” is the industry recognized standard for questionnaires, the broader SIG Management Tool and complete toolkit has functionality inside that the vendor risk community can leverage today to address many of these operational challenges.


In these times of crisis management, the third party risk management community is Stronger Together. The following ideas/tips on how to optimize TPRM Tool functionality helps third party risk professionals work smarter, not harder.