A recent Thomson Reuters survey report entitled Third Party Risk: Exposing the Gaps indicates that 62 percent of survey participants perform initial third party due diligence (usually only for defined higher risk tier parties), but only 36 percent are...
A recent Thomson Reuters survey report entitled Third Party Risk: Exposing the Gaps indicates that 62 percent of survey participants perform initial third party due diligence (usually only for defined higher risk tier parties), but only 36 percent are monitoring for changes to the risk profile once third parties are put in place.
When asked what prevents them from taking steps to detect ongoing risks, participants define several key challenges, with the most significant being lack of data and resource constraints. So, many choose to put controls in place and only update the risk assessment annually by using one external source of information, such as a database that tracks sanctions and watch lists. Others simply rely on annual self-certification renewals or audits for higher-risk parties.
But there isnt such a clear end point for due diligence when we are talking about vetting third parties who will continue to present risks even after they are brought on board. A limited annual review is not sufficient to satisfy todays best practices and may lead to liability when risks arent timely identified and managed. Changes in data, technology and automation have turned third party risk management on its head. Emerging threats such as cyber security, geopolitical challenges, and ever more opaque webs of related entities make the need for a holistic risk profile greater than ever before.
In this webinar, we will review the best practices your organization should have in place to ensure ongoing, integrated due diligence of your third party risks.
Information & Billing:
+1 (602) 234-9278
Principled Performance, OCEG, GRC360, ActiveLearning, EventDay and LeanGRC are registered trademarks of OCEG.
Protector Skillset, Protector Mindset, Protector Code, GRC Professional, GRCP, GRC Fundamentals, GRC Audit, GRCA, GRC Audit Fundamentals are trademarks of OCEG.