Shared Assessments White Paper Promotes Efficient Third Party Risk Management
SANTA FE, NM, September 1, 2020 –The Shared Assessments Program today released a new white paper, Using the SCA in Complement with Other Assessments: Streamlining Due Diligence. The Shared Assessments Best Practices group examined how to improve auditing and other assessment productivity. The group developed a tool that allows practitioners to scope and document due diligence required to achieve the desired level of assurance more efficiently.
“This briefing paper is an important addition to our Building Best Practices practitioner resources, which are designed to help organizations make practical changes that will advance their efforts for continuous quality improvement in risk management processes. The discussion in this paper provides a compelling argument for using complementary reports to streamline due diligence,” notes Bob Jones, Senior Advisor to The Santa Fe Group, Shared Assessments Program.
The discussion in this paper fosters the complementary use of different assessment tools. The Shared Assessments Standardized Control Assessment (SCA) Procedure Tools are used to illustrate the process of using assessments in complement. Shared Assessments considers SOC® reports and other assessment tools and frameworks to be complementary to the SCA, rather than competitive products.
The group developed a practitioner tool that can be tailored to any setting. The tool is designed to house a consolidated record of the reports, facilitate gap analysis, document closing of deltas, and summarize results. The tool provides a set of illustrative reporting tables and results summary that can be incorporated into management reporting. The template includes an additional tab to document Key Controls reviewed on sub-service entities. Some familiarity with the tools used as examples throughout this paper may be helpful for readers, but is not required to understand the basic concepts being shared in this piece.
Call to Action
“Standardization is essential to success in examining vendors on an equal footing. Organizations need to do a better job of systematically using their TPRM tools to evaluate third parties and document issues. The principles and key best practices identified in this paper serve as a roadmap for practitioners. The approach will allow them to track vendor due diligence and better streamline their gap analyses and subsequent due diligence,” states Sridhar Gundrothu, Senior Manager, Compliance as a Service (CaaS) team, Genpact; and Shared Assessments Best Practices Group Project Member Lead.
The white paper and companion practitioner tools can be downloaded at: https://sharedassessments.org/papers
About the Shared Assessments Program
As the only organization that has uniquely positioned and developed standardized resources to bring efficiencies to the market for more than a decade, the Shared Assessments Program has become the trusted source in third party risk assurance. Shared Assessments offers opportunities for members to address global risk management challenges through committees, awareness groups, interest groups and special projects.