Establishing a Third-Party Risk Management Program

Third-party risk management (TPRM) is the process of analyzing and controlling risks associated with outsourcing to TP or service providers. This includes access to your organization’s intellectual property, data, operations, finances, customer information or other sensitive information.

In today’s complex economy, utilization of TP providers is a norm rather than an exception. The engagement of TP providers, as well as subservice or “fourth-party” providers, presents risks that organizations should take action to manage. Risks posed by an organization’s TP providers should be considered by the organization when establishing their TPRM program. Inability to establish a solid TPRM program could leave your organization at undue risk.

Organizations are now facing risks such as the threat of high-profile business failure, illegal third-party actions being attributed to the organization, or regulatory enforcement for actions taken by third-parties. It is critical organizations have a robust, mature TPRM program that encompasses all aspects of risk and all stages of the lifecycle that a TP can transition through from initial due diligence to business continuity.

Within this course, we will discuss the concepts around establishing a solid TPRM process for any organization. Future courses will then examine the process of auditing your TP relationships.