Papers and Studies

This briefing paper provides insight into gaining greater supply chain sovereignty by identifying critical dependencies across both inbound and outbound supply chains. Adopting this proactive stance provides many opportunities for organizations, including being ready to respond to the regulatory changes reverberating across industries. The related blog “Nth Party Suppliers – Gaining a Toehold on Down […]

This paper provides a quick overview and concrete action steps that will help organizations achieve superior outcomes over time. Traditional approaches that rely solely on point-in-time assessments can no longer keep up with rapidly changing or emerging risks. Determine how to make your program work comprehensively and with dexterity within the organization’s mission, goals and […]

This briefing paper provides a foundation for a more robust TPRM style – one that applies complex adaptive systems to the field of risk management to help practitioners understand step-function, cascading improvements in risk management processes they can apply to their own programs. The related complex chain human resources blog “The Upstream Impact of Downstream […]

This Building Best Practices resource: Examines how to improve due diligence assessment productivity. Identifies a strong strategy that leverages control verification reports. Documents a means of examining existing artifacts to more efficiently scope any remaining due diligence. A practitioner tool is provided to house a consolidated record of the reports, facilitate gap analysis, document closing […]

TPRM practices are ideally suited to enhancing M&A outcomes. By applying TPRM best practices, a wider range of risks deeper in the supply chain can be examined than is typically achieved in M&A due diligence. The guide outlines specific best practices to help lower risks; discusses acquirer and target viewpoints; provides how-to guidance; and includes […]

This “Gaining Ground” briefing paper is phase one of the two-phase cooperative project led by the Shared Assessments’ Continuous Monitoring working group. This group has galvanized practitioners from 57 member organizations, as well as non-member CM solution providers in the Taxonomy Subgroup, to establish a common set of terms and standards for identifying, alerting and […]

In practice, governing boards are the last line of defense in ensuring critical risk management processes are effective. However, recent high profile incidents highlight the need for a greater role for boards in mitigating risks. These events serve as a stark example of why boards must become proactive in their risk management oversight role.

The Shared Assessments Program is pleased to present a briefing paper based on the significance of information security and privacy controls on law firms as third party service providers and collaborative opportunities for resolution. This paper focuses on the issues law firms are facing as they adapt to providing a secure IT environment that meets […]

This paper documents how to apply an emerging best practice to improve third party risk management program governance. Embedding the continuous feedback “OODA Loop” – observe-orient-decide-act – into third party risk management programs can be expected to improve an organization’s risk posture by providing a proactive approach to risk management. This paper provides guidance that […]

The dynamic nature of the risk environment means that third party risk professionals are being asked to protectagainst growing threats with a finite number of resources. In response to the need to be smarter about how weapproach third party risk management (TPRM), this paper provides guidance, practical tools and insight intohow to leverage an action-oriented […]

This paper documents best practices for streamlining third party contract development, approval, exceptions and addendums processes. Organizations increasingly rely on contract clauses and policies to mitigate third party risk. However, fewer than half in a recent study reported they are able to monitor compliance with contract provisions. This paper examines the need for actionable contracts and […]

This Executive Summary provides and overview of third party contract best practices for setting realistic expectations for both parties regarding due diligence, contract negotiations, onboarding, oversight (including control assessments), reporting requirements and terminations. The Summary contains the key components for optimizing contract processes across the vendor lifecycle. This is the companion to the more in-depth […]