Third Party Risk Management
Mid-sized and larger organizations are increasingly relying on third parties to manage key business processes (Strategic Outsourcing, Business Process Outsourcing, Logistics, Legal Services, Procurement, Benefits, PMO’s, HR etc) without adequate governance. Current Governance, Risk & Compliance and consulting offerings may not directly address the risks associated with third-party reliance. This is where third-party risk management will give you a leg up on your competition and effectively limit your business’ exposure to third-parties’ poor decisions.
The Poirier Group’s (TPG) offerings in Third Party Risk Management are scaled and modular, enabling immediate risk mitigation and rapid deployment of effective governance.
We are known as management consultants, but our core competency is operational. We hire the very best people who have real-life experience in everything from operational risk, cybersecurity, technology implementation, change management, financial analysis, and much more. We leverage these skills to extract unique insights and get results faster.
TPG addresses the business risk of relying on others by creating sustainable and effective Third-Party Risk Frameworks to govern outsourcing, offshore and third-party relationships. We then identify gaps in managing third-party relationships and create a roadmap for your organizational success.
- A Third Party Risk Framework of business processes, policies and controls helps the buyer of third-party services reduce enterprise risk and drive greater effectiveness, lower the costs of services provided, increase innovation, responsiveness, transparency and commitment to its success from each vendor.
- A Third-Party Risk Framework of business processes, policies and controls compels a vendor to evolve from simply managing service levels and contract compliance to managing a relationship that adds significant value to both parties’ businesses.
- A vendor with solid governance (or a vendor that supports an organized, process-mature buyer) can be more effective, and demonstrate innovation, responsiveness and commitment to the buyer's success.
- “Our partners don’t seem to share our business goals, culture, or values”
- “I don’t have the metrics to prove our third party’s performance or contract compliance”
- “Our partner may be meeting its service level commitments but is failing to honor the spirit of the agreement”
- “We’re not sure how well our partner is complying with ever-changing regulatory requirements”
- “We have challenges coping with a multi-vendor environment; we’re not in control”
- “We sometimes change direction weekly, not annually. Our vendors don’t understand and can’t adapt”
- “We’re not realizing the financial benefits of third party reliance we’d banked on”
- “I’m still held accountable for critical business processes which are now within the vendor’s control”
- “We aren’t prepared for the new risks involved in Cloud, Automation and Analytics”
Having the right processes, policies and plans in place will have measurable impacts on your success. Third party Risk Management needs to be kept in mind at every stage, from procurement through steady-state delivery.
Doing it right means Client will enjoy
- Enhanced service level performance from vendors
- Less “managing by crisis” and more normalized operations
- Greater operational effectiveness
- Improved financial performance and regulatory compliance
- More responsiveness, transparency and commitment to Seaspan’s success from each vendor
- Better relationship alignment with vendors & service providers
- Harmonized service delivery by “one team”
Mandatory Breach Notification (MBN) Readiness Assessment
As of November 1, 2018, new regulations are in force for mandatory reporting of privacy breaches under Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA). These regulations better harmonize Canadian breach reporting with the recent European Union General Data Protection Regulation (GDPR).
Failure to comply fully with these new requirements could result in substantial penalties, negative impact on your brand and the risk of class action suits by those affected. Third parties that manage personal information on your behalf may not be ready to provide the information you need for compliance.
TPG will rapidly evaluate your organization’s key breach reporting practices and size up potential gaps in complying with the new Mandatory Breach Notification regulations
Our view: Its about processes, people and adaptation
- Processes: Meeting MBN requirements demands re-designed, replicable processes and playbooks, integrating seamlessly with underlying cyber and breach technologies.
- People: MBN involves a matrix of dozens of stakeholders, both inside and outside your organization; so clearly delineated roles & responsibilities are key.
- Adaptation: At an enterprise level, complex organizations need to be adaptive and responsive to changes in the business environment, including regulatory change
At TPG, we take Third Party Risk Management very seriously. We will rapidly evaluate your organization’s key breach reporting practices and size up potential gaps in complying with the new Mandatory Breach Notification (MBN) regulations. Our assessment will:
- Identify the key processes, playbooks and plans needed to drive MBN
- Validate that these processes and playbooks have been documented, key performance indicators and metrics have been defined, and processes have been tested and are functional
- Validate that each MBN process has clearly identified internal and external stakeholders, that stakeholders are aware of their participation and that roles & responsibilities have been defined
- Highlight material MBN gaps and recommend improvements to process design and execution