Papers and Studies

As organizations increasingly rely on third-party vendors, having a well-defined approach to vendor terminations becomes essential for maintaining operational continuity and mitigating risks. This paper outlines how organizations can implement pre-determined, vendor-specific plans that facilitate smooth transitions and protect business continuity. By proactively managing termination risks, companies can minimize disruptions and safeguard critical operations. Key […]

This paper delves into how operational resilience and business continuity planning are key to building a robust, risk-resilient supply chain. It shows how organizations can enhance their Third-Party Risk Management (TPRM) by using measurable metrics to assess supplier performance, identify risks, and close gaps. By aligning vendors with resilience goals, companies can fortify their supply […]

The SIG Questionnaire is used to evaluate the risk controls of an organization’s vendors and service providers. When scoping your Vendor Risk Questionnaires, which SIG should you use? The SIG offers three tiering structures – the SIG Lite, the SIG Core, and the SIG Detail Questionnaire. This paper defines each of the tiers and their […]

This guide introduces and defines 21 of the most critical and current risk domains within four key areas. The guide describes why organizations need to acknowledge each risk domain and offers concrete suggestions of how organizations can account for risks presented by each domain.

As complex supply chains become commonplace, understanding their intricacies and interconnectedness is essential. This paper offers valuable insights into the evolving regulatory environment and highlights the importance of proactive risk management strategies. Learn how to identify and mitigate risks across your entire supply chain—not just with third-party vendors—ensuring your organization remains resilient amid disruptions. Discover […]

Rapid advancements in AI are revolutionizing industries, bringing remarkable opportunities and notable concerns regarding social and governance implications. This comprehensive paper explores the latest and best practices in TPRM governance, focusing on how AI can enhance the efficiency and effectiveness of managing third-party risks in the supply chain. This invaluable resource provides practitioners and executives […]

Many organizations struggle to identify the scope of their third-party and Nth-party engagements, as well as the associated risks from these extended networks. By implementing continuous monitoring, businesses can uncover hidden Nth-party providers that are otherwise undetectable. This paper explores the essential steps to establish a robust TPRM continuous monitoring program, detailing what to monitor […]

The purpose of this paper is to highlight best practices in governance of Third Party Risk Management (TPRM). Governance in this context refers to a formalized program framework that supports an organization’s strategic business objectives. Strong program governance helps foster efficient use of resources, greater transparency, and an environment of trust. This briefing focuses on […]

The Standardized Information Gathering (SIG) Questionnaire acts as a bridge between vendors and outsourcers, offering value to both parties in managing third-party risk. Outsourcers use the SIG to assess their existing and prospective service providers, while vendors use the SIG to respond to these same customers. In this way, the SIG Questionnaire creates a common […]

This is the executive summary for the paper: Third Party Onsite Assessment Best Practices: Practitioner Guide. Onsite assessment is an escalation of due diligence processes conducted to gain greater in-depth validation—where warranted—at any point in the risk management process across the third party relationship lifecycle. This deep dive provides the foundation for planning and executing […]

Onsite assessment is an escalation of due diligence processes conducted to gain greater in-depth validation—where warranted—at any point in the risk management process across the third party relationship lifecycle. This deep dive provides the foundation for planning and executing assessments in a consistent, documented, logical, and transparent manner to carry out an efficient onsite engagement. […]

Reputation is the currency by which organizations work and survive. Organizations that build and maintain positive reputations gain competitive advantage and credibility. Our newest briefing paper offers practical guidance for managing reputation risk by providing a TRPM Reputation Risk Framework which includes practices for Governance, Due Diligence, and Incident Management and Reporting. The principles offered […]