Transforming third-party risk management programmes

Procurement ultimately owns the life cycle process by which third parties move through the various stages.

This question and answer article reviews the risks associated with working with Third Parties and the recommended Third-party risk management (TPRM) framework companies can use to ensure that the risk to its business is not adversely affected by external parties.  The framework helps organizations understand which of the risks in the organization’s universe are managed by third parties, assess whether the third parties are capable of managing those risks in line with the organization’s policies and then establishing oversight of third parties after signing a contract. TPRM is relevant to all industries and all regions; however, it does not necessarily look the same from one business to the next. To establish and optimize a sustainable TPRM program, organizations may need to break down organizational barriers, spur cultural change, capture and clean data, reassess and renegotiate legacy contracts and implement new technology.