Third Party Risk Management

This course is aimed at risk practitioners and business managers who are responsible for building and managing third party risk management (TPRM) frameworks and processes in their organization.

This course details the key processes you will need to develop and how to adapt them to your organization. It also acknowledges that TPRM is not as simple as introducing a set of processes. We explore governance and roles and responsibilities, and how TPRM should be integrated into broader risk management capabilities of the organization. We cover how you can monitor and measure third party risks as well as performance of your TPRM program.

You will develop the skills and tools needed to implement a comprehensive and effective TPRM framework.

 

 

Register Now

Agenda

Course Experts

CRL Credits

 Course Access:
90-day course access from date of purchase

Time:
Self-study, self-paced

Instructor:
David Tattam, Chief Research and Content Office


 Length/Duration:
 4 hours

 


About This Course
 

Course Description

In this course, you'll learn:

1. Defining Third Party Risk Management

·        Who are third parties?

·        What is third party risk?

·        What is third party risk management?

·        Objectives of third-party risk management

2. Drivers of Third-Party Risk Management

·        The extended enterprise and external drivers

·        Regulations driving TPRM

·        Standards and frameworks

3. What Are We Managing? Third Party Risks

·        Identifying objectives impacted by third parties

·        Third parties as risk events

·        Third parties as causes of risks

·        Developing a taxonomy of third-party risks

·        Using risk bow tie analysis to understand and map risks

·        A closer look at compliance, cyber, concentration and contagion risk

4. A TPRM Framework and Process

·        The risk and reward pyramid

·        How third parties influence the operating model

·        Overview of TPRM lifecycle – Onboarding, Ongoing Monitoring and Offboarding

5. Onboarding and Tiering

·        Third party selection criteria and process

·        Initial screening and tiering

·        Initial Due Diligence

·        Decision and approval process

·        Onboarding including contractual arrangements

6. Ongoing Monitoring and Risk Management

·        Key steps in onboarding monitoring

·        Due diligence updates

·        Ongoing compliance

·        Ongoing SLA / contract monitoring

·        Ongoing management including third party training

·        Risk metrics and monitoring, external and internal data, and alerts

·        Escalation and treatment

7. Offboarding

·        Key steps in offboarding

·        Consequences of poor offboarding

·        Ensuring effective closeout of terminated engagements

8. Reporting for TPRM

·        The purpose of reporting

·        Main types of reports

·        Considering multiple audiences for reporting

·        Levels of reporting, aggregation and filtering

·        Reporting on risk versus reporting on TPRM process performance

9. Practical Steps to Implement Your TPRM Program

·        Defining the scope of your TPRM program

·        Developing a roadmap

·        Developing a TPRM policy

·        Creating a third-party inventory

·        Systems and workflows

·        Communication

10. Integrating TPRM and ERM

·        Applying the ISO 31000 risk management process to TPRM

·        Where TPRM fits in an ERM framework

11. Overcoming Challenges in Your TPRM Program

·        Overcoming lack of buy-in

·        Overcoming limited resources

·        Overcoming third party noncompliance

·        Overcoming inconsistent tiering or risk assessments

12. Who Manages TPRM?

·        Three Lines Model

·        Roles across TPRM

·        Ensuring clear ownership, responsibilities and accountabilities for the complete process

13. When is TPRM Carried Out?

·        The TPRM lifecycle

·        Taking a dynamic risk-based approach

·        Using systems and workflows to improve cadence

Course Expectations

·        Watch 13 videos

·        Answer 10 quiz questions

·        Access 14 downloadable materials

Timings

·        Time: 3 hours of video content

·        Approximately 4 hours for the whole course

 


About Our Expert

 
  David Tattam
David Tattam is the Chief Research & Content Officer and co-founder of the Protecht Group. David's vision is to redefine the way the world thinks about risk and to develop risk management to its rightful place as being a key driver of value creation in each of Protecht's customers. David is the driving force in taking Protecht's risk thinking to the frontiers of what is possible in risk management and to support the uplift of people risk capability through training and content.

Continued Risk Learning Credits:  4

PRMIA Continued Risk Learning (CRL) programs provide you with the opportunity to formally recognize your professional development, documenting your evolution as a risk professional. Employers can see that you are not static, making you a highly valued, dynamic, and desirable employee. The CRL program is open to all Contributing, Sustaining, and Risk Leader members, providing a convenient and easily accessible way to submit, manage, track and document your activities online through the PRMIA CRL Center. To request CRL credits, please email [email protected].

Registration
 Membership Type Price
   
 Members $ 479.00
 Non Members $ 599.00

Access

Immediate access to the course is granted for 90 days after your purchase. Please complete the course within that time period.

If this is your first time accessing the PRMIA website you will need to create a short user profile to register. Save on registration by becoming a member.

 

Register Now

 

Support

For technical issues regarding course access, contact [email protected]

PRMIA Digital Product Return Policy.

Questions?

Contact Us

Looking to further your career?

Become a Member

Sign Up for Mailing List