The Challenge: Third and fourth party risk management, as well as risks posed by new, transformative technologies (IoT, Fintech, etc.), are increasingly on the agenda at the Board and C-Suite levels.
Third party risk now extends beyond regulated industries to all outsourcers and verticals:
- Third party risk is rapidly escalating as a major business concern in Executive Perspectives on Risks for 2017.
- Trustwave's Global Security report linked 63% of global data breaches investigated to a third party component.
- Third party involvement is shown in the 2015 Cost of Data Breach Study: US to increase cost per record from
- The 2016 Data Breach Investigations Report shows new sectors have joined the financial sector in high frequency of cyberattacks, notably Gaming, Information Technology and IT services, Public Entities, Professional Services and Healthcare.
Outsourcing and emerging technology open up strategic, financial, quality and business resiliency risks; each with the potential to affect the outsourcer's compliance posture, services integrity and, ultimately, the organization's reputation and market position. In addition, the proliferation of unstandardized questionnaires and processes further complicates advancement of vigorous third party controls and risk management. Success within this evolving third party landscape means establishing and consistently employing best practices in the field.
Our resources are developed by members and powered by the experienced thought leaders at The
- Raising awareness about third party risk issues;
- Bringing best practices to light for our members and for the larger community;
- Providing resources with the efficiencies that only standardization of third party risk tools and processes can achieve; and
- Providing training and skills certification that holistically address the key elements of a solid third party risk management program.
The Shared Assessments Program's 2017 Strategic Risk Management Initiative: This initiative addresses the needs of the business community through:
- Third Party Risk Management Framework: Shared Assessments was the first to articulate a framework that embodies a 'trust, but verify' approach. We are taking this to a new level in our end-to-end process framework unique to the third and fourth party risk management landscape, which will be available to all and relevant to both beginner and advanced practitioners.
- Research and Publications: Expansion of member committees to capture and disseminate best practices and expand the learnings of the marketplace.
- Awareness Groups: Building off the tried and true Best Practices and Regulatory Compliance Awareness Groups, 2017 sees the creation of vertical strategy groups that examine unique, industry-specific third party risk needs.
- Certification and Leadership Group Training: Expansion of the Certified Third Party Risk Professional (CTPRP) program, with online training and testing availability. A new Certified Third Party Risk Assessor (CTPRA) training is being developed that will explore the deeper level of understanding of risk controls required for an assessor.
- Up-to-Date Third Party Risk Management Program Tools: Our member-led development committees ensure these tools are current and aligned with regulations, industry standards and guidelines:
- The Vendor Risk Management Maturity Model (VRMMM) is now provided FREE, allowing organizations to evaluate their program against a comprehensive set of best practices.
- The Standardized Information Gathering (SIG) questionnaire provides the most comprehensive and only standardized third party risk questionnaire in the industry. As outsourcer needs and third party relationships differ, Shared Assessments is creating enhanced, automated SIG scoping capabilities to fit specific risk needs.
- The Standardized Control Assessment (SCA) procedures (formerly the Agreed Upon Procedures – AUP) is being renamed to better reflect the Tool's purpose and role as a validation methodology. Standards are being developed to guide assessors in the use of the SCA to ensure assessors using the SCA meet appropriate qualifications and quality assurance checks.
- Increased International Third Party Risk Involvement: Shared Assessments is responding to the increased request for guidance from businesses that operate globally, including those headquartered in the US that operate in
UKand APAC ( Asia-Pacific) markets. This response includes convening roundtables, summit participation and publications and inclusion of more international players to increase the knowledge base in this area.
The Shared Assessments Program is managed by The
To view the original version on PR Newswire, visit:http://www.prnewswire.com/news-releases/risk-management-reaches-a-critical-inflection-point-300423000.html