Governance Model (TPRM)

Governance Model (TPRM)

Nov 8, 2018

Three structures are common in third party risk management, which fall across a continuum of Centralized, Federated, Decentralized, and may be hybridized: Centrally-managed third party risk management programs typically rely on functions provided by a single dedicated risk management group that provides a one-stop shop and a consistent methodology and execution strategy across the enterprise. In a decentralized third party risk management program, standards and processes and the personnel performing program functions develop in a diffused fashion and may develop independently. A federated third party risk management structure incorporates: a common vendor data base (a single source of third party related organizational truth); and one cross-organization standard for risk identification, risk management (including escalation) and risk reporting. At the same time, federated structures assign specific responsibilities (which may vary from one organization to another) to the individual business units (first line of defense) that actually own outsourcing risks.

Sub Topics