- Third-party incidents are disrupting the business and damaging reputation
- Businesses underestimate the need for a sound TPRM program, resulting in insufficient budgets
- Technology is not yet fulfilling its promise
- The challenge of limited resource is here to stay
- Most businesses struggle to maintain a fit-for-purpose TPRM operating model
The good news is that most financial services firms have significant data to anchor objective assessments when managing individual suppliers. Also, those objective assessments may be overlaid with the seasoned judgment of line and risk professionals.
The Supplier Risk Management Challenge
The challenge is managing a portfolio of suppliers and effectively integrating the objective assessment information with the professional judgment, all the while, creating a prioritized and adaptable supplier portfolio. The supplier portfolio should be prioritized in a way that helps the financial services firm get the “biggest bank for their buck.” Risk management budgets are often limited, and supplier changes come quickly. Ultimately, having a supplier decision audit trail that tells the accurate story of “how and why the firm managed its suppliers” is incredibly important for regulators.
To that end, it is important to maintain a straight-forward supplier risk framework, that integrates core risk management principles, including inherent risk, control effectiveness, and how they impact residual risk. The framework should include:
- Identification of key risks
- Identification of firm assessment entities (“AEs”) that may utilize the suppliers
- Use of both quantitative inherent risk ratings and qualitative adjustments for those AEs.
- Use of both quantitative control effectiveness ratings and qualitative adjustments for the suppliers.
- A technology to facilitate the integration of quantitative information with qualitative adjustments
- Use of the latest data transportation capabilities, such as APIs
- Ability to prioritize resulting residual risk in a way that provides an assessment game plan to invest limited risk management budgets in both proactive risk management and risk remediation.
This framework is also described in the following:
Definitive Business Solutions, Inc. provides innovative and proven business solutions to federal and state agencies and the financial services, higher education, and corporate headquarter industries.
We specialize in managing and delivering complex projects and programs, facilitating technology and business investment decisions, and managing enterprise risks.
Our flagship, cloud-based decision management platform and portal manages a portfolio of business and risk management needs throughout the program lifecycle. Our technology is grounded in the following pillars:
- Our Definitive 6™ methodology, which is grounded in decision science
- The Analytic Hierarchy Process, which is the leading technique for multi-criteria decision making
- Easy access for stakeholder engagement. Decision participants can use laptops, smartphones, or tablets to share their judgments – eliminating the need for them to be in the same room, at the same time
- Standardizes the financial business case, which provides a 5-year time-phased cost vs. benefit analysis
- Employs a prescriptive analytics capability to mathematically optimize the allocation of time and resources
Please see our whitepaper Effectively Using Decision Support Solutions to learn how our decision process could help your organization.
For more information, please contact Definitive Business Solutions, Inc.:
- John Sammarco, President | JSammarco@DefinitiveInc.com
- Jeff Hulett, Executive Vice President | JHulett@DefinitiveInc.com