Third Party Risk Management (Global)

Course Expectations

• Watch 13 videos
• Answer 10 quiz questions
• Access 14 downloadable materials
• Time: 3 hours of video content
• Approximately 4 hours for the whole course

About

This course is aimed at risk practitioners and business managers who are responsible for building and managing third party risk management (TPRM) frameworks and processes in their organisation. This course details the key processes you will need to develop and how to adapt them to your organization. It also acknowledges that TPRM is not as simple as introducing a set of processes. We explore governance and roles and responsibilities, and how TPRM should be integrated into broader risk management capabilities of the organisation. We cover how you can monitor and measure third party risks as well as performance of your TPRM program. You will develop the skills and tools needed to implement a comprehensive and effective TPRM framework. 1. Defining Third Party Risk Management

• Who are third parties?
• What is third party risk?
• What is third party risk management?
• Objectives of third-party risk management

2. Drivers of Third Party Risk Management

• The extended enterprise and external drivers
• Regulations driving TPRM
• Standards and frameworks

3. What Are We Managing? Third Party Risks

• Identifying objectives impacted by third parties
• Third parties as risk events
• Third parties as causes of risks
• Developing a taxonomy of third party risks
• Using risk bow tie analysis to understand and map risks
• A closer look at compliance, cyber, concentration and contagion risk

4. A TPRM Framework and Process

• The risk and reward pyramid
• How third parties influence the operating model
• Overview of TPRM lifecycle – Onboarding, Ongoing Monitoring and Offboarding

5. Onboarding and Tiering

• Third party selection criteria and process
• Initial screening and tiering
• Initial Due Diligence
• Decision and approval process
• Onboarding including contractual arrangements

6. Ongoing Monitoring and Risk Management

• Key steps in onboarding monitoring
• Due diligence updates
• Ongoing compliance
• Ongoing SLA / contract monitoring
• Ongoing management including third party training
• Risk metrics and monitoring, external and internal data, and alerts
• Escalation and treatment

7. Offboarding

• Key steps in offboarding
• Consequences of poor offboarding
• Ensuring effective closeout of terminated engagements

8. Reporting for TPRM

• The purpose of reporting
• Main types of reports
• Considering multiple audiences for reporting
• Levels of reporting, aggregation and filtering
• Reporting on risk versus reporting on TPRM process performance

9. Practical Steps to Implement Your TPRM Program

• Defining the scope of your TPRM program
• Developing a roadmap
• Developing a TPRM policy
• Creating a third party inventory
• Systems and workflows
• Communication

10. Integrating TPRM and ERM

• Applying the ISO 31000 risk management process to TPRM
• Where TPRM fits in an ERM framework

11. Overcoming Challenges in Your TPRM Program

• Overcoming lack of buy-in
• Overcoming limited resources
• Overcoming third party noncompliance
• Overcoming inconsistent tiering or risk assessments

12. Who Manages TPRM?

• Three Lines Model
• Roles across TPRM
• Ensuring clear ownership, responsibilities and accountabilities for the complete process

13. When is TPRM Carried Out?

• The TPRM lifecycle
• Taking a dynamic risk-based approach
• Using systems and workflows to improve cadence