Framing TPRM for the C-Suite

Framing TPRM for the C-Suite

Nov 22, 2020 | Corporate Culture, Corporate Reporting

frame

Third Party Risk is increasingly a topic addressed in board rooms. As Rocco Grillo (Managing Director, Global Cyber Risk Services, Alvarez and Marshal) notes “the C-Suite and Board members are critical to the success and effectiveness of any TPRM program.  Successful TPRM requires executive sponsorship and the proverbial Tone-At-the-Top.”

As a risk practitioner, how do you reach through to the top to communicate the importance of your program? We’ve asked experts in risk:

What one piece of advice would you give to third-party risk managers presenting to the C-suite and boards?

The answers fit within the acronym FRAMES– Focus, Roadmap, Align, Maturity, Educate and Story.

To frame something is to provide a structure for understanding. Think of artwork: a frame complements, supports and highlights the work within. It directs the viewers’ focus offering “a guardrail for the viewer’s wandering eye.” In a conceptual sense, a frame supports your communication. Use it to convey your view and highlight the effectiveness of your Risk Program.

Focus

TPRM and the C-Suite

Similarly, Phil Bennett, Manager (Information Security Governance, Metrics & Analytics at Navy Federal Credit Union) suggests that you communicate to the board that “your risk footprint isn’t limited to the environment you control (on-premise data centers with public cloud) but rather what you control as well as your extended network (supply chain ecosystem).”

 

Roadmap

TPRM is a program - not a project 

 

Align

Align Vendor Risk with C-Suite

Fattah continues “It is easier for me to tell C-suite that a vendor is putting our brand and customers at risk because they are not appropriately protecting our customer information, which is currently accessible via the Internet.  Make sure to be pin accurate about your finding, and MAKE SURE you have an ensuing plan…even that plan is one that is dependent on the business/vendor.”

Material

Presenting TPRM to the board

 

Educate

TPRM and the C-Suite

Gary Roboff (Senior Advisor, Santa Fe Group/Shared Assessments) furthers Allen’s advice: “Speak the board’s language, quantify whenever possible, and show why and how what you’re presenting matters to your organization.”

 

Story

TPRM and the C-Suite

“Yes, sometimes there is bad news to share, but the important part of the message is what to do about it that matters” continues Solem.

 

Charlie Miller – a great storyteller and Senior Advisor to Santa Fe Group/Shared Assessments – recommends that when framing TPRM for the C-Suite you “Tell a story of how one of your vendors stepped up (or not) to deal with a challenging business / customer issue.”

Sabine Zimmer

Sabine is Senior Manager of Marketing Communications for Shared Assessments. Sabine finds creative joy in describing Third Party Risk Management visually and verbally. When she's not at work posting on this blog, she is out in the mountains of New Mexico with her children.


Sign up for our Newsletter

Learn about upcoming events, special offers from our partners and more.

Sub Topics