Despite accruing more than 15 years of third party risk management (TPRM) experience, Angela Davis Dogan remains committed to continually expanding her risk management skills and knowledge. An early adopter of both the CTPRP and CTPRA designations, Dogan is currently earning a Ph.D. in information technology (IT) with a concentration in cybersecurity and assurance. Her advocacy work — which currently includes the development of an educational nonprofit designed to equip rising female professionals with risk management skills, certifications and internship opportunities — demonstrates her commitment to educating others. She discusses how Shared Assessments helped kickstart her TPRM career while remaining a valuable educational and networking resource today.
You’ve been working in the TPRM profession for more than 15 years. How did you get started?
Angela Davis Dogan: I was hired by an organization to build their vendor risk management program from the ground up. I had no budget and no resources. I really was a department of one. I started learning how to conduct risk assessments through trial and error on my own. Fortunately, my CIO introduced me to the SIG, and I don’t know how I would have built a program without it. Without that initial exposure to Shared Assessments, I would have spent far more time in research mode before I could start building the program. I also learned a lot from fellow Shared Assessment members.
Tell us about your current role.
Angela Davis Dogan: I help organizations build and maintain third party risk management and enterprise risk management programs. I like to build programs from scratch and move on, but client companies often want help executing the program. In those cases, I’ll get them started with conducting third party risk assessments and training assessors. That said, more of my work involves developing third party risk management and enterprise risk management strategies and advising at the executive and board level.
You’ve earned, and still maintain, both the CTPRP and the CTPRA certifications. How do these designations help you in your current activities?
Angela Davis Dogan: While I operate at a more strategic level right now, I value both designations. The CTPRA’s rigor is incredibly valuable regardless of whether you are an assessor or an executive. The CTPRP’s value resides in its comprehensive scope. Having both designations gives me a unique perspective — one that I think more practitioners should have. While a chief risk officer would be more likely to earn her CTPRP because it’s applicable at her level, I think a good leader would also want to earn her CTPRA to give her a detailed understanding of the risk assessor’s world. If I were leading a risk organization, that’s what I would do.
What do you gain from maintaining your CTPRP and CTPRA designations?
Angela Davis Dogan: Staying connected is a constant benefit. Once you obtain either certification, you’re connected to peers. You can ask them: Am I doing it right? Is this what other companies in financial services, manufacturing, telecommunications or any other industry are doing? That’s one of the top benefits of Shared Assessments. I look at a challenge from a new perspective every time I sit in on a development committee call, a regulatory compliance call or a best practices call. I always get an ah-ha. I remain in a constant state of learning because I’m part of the Shared Assessments family.
As a seasoned TPRM practitioner, have you observed any ways that the profession is changing as it adapts to disruptions caused by Covid-19 and the challenges it poses to business?
Angela Davis Dogan: In light of what is going on, I’m seeing less of that check-the-box compliance mindset. I see a higher frequency of thoughtful risk analysis. I see more companies embracing a thorough, holistic approach to third party risk management.
Connect with Angela here.