Search results for: third party risk
Third-Party Risk Still a Shaggy Mess
We have an intriguing survey on third-party risk management to study today, one that suggests many companies are still struggling with siloed approaches and manual processes to manage their vendors — which, consequently, leaves lots of companies managing only a small fraction of the vendors they have. The survey comes from Prevalent, a vendor of…
Read MoreAdvice on Third-Party Risk Management
Last week I had the good fortune to moderate a webinar on third-party risk management. We had outstanding guests who raised excellent points, and as usual, I ended up taking plenty of notes so that I could pass them along here. Let’s begin with an appreciation of just how tricky a problem third-party risk management…
Read MoreMore Help on Third-Party Risk
Banks have fresh guidance this week on how to tackle third-party risk management, and the material offers plenty of good advice on the subject for businesses in any sector. The guidance comes from the Office of the Comptroller of the Currency, the Federal Deposit Insurance Corp., and the Federal Reserve, which have been working for…
Read MoreThe Cracks in Third-Party Risk Management
Another day, another report looking at challenges of third-party risk management. This time the report is from software firm Prevalent, and it’s worth some attention for the conflicting perceptions about third-party risk that it calls out. Foremost, the report is interesting because it defines third-party risk as a cybersecurity and supply chain issue, rather than…
Read MoreSome Good Guidance on Third-Party Risk
One of the nation’s top banking regulators just dropped some fresh guidance about third-party risk management, well worth any compliance professional’s time if you’re looking for advice on regulatory compliance or just good insight on third-party risk generally. The Office of the Comptroller of the Currency, regulator for the country’s community banks, published the guidance…
Read MoreSurvey: Third-Party Data Risk Still a Mess
Another year, another report confirming what most compliance and IT security officers already know: third-party vendors are an enormous security and privacy risk, and oversight of those parties is a mess. That’s the message of a report released Thursday by Opus and the Ponemon Institute, which surveyed more than 1,000 IT and data security professionals…
Read MoreUpdate on Third-Party Risk Programs
Navex Global gave a sneak peek this week of its latest report on third-party risk. The headline: too many compliance departments still rely on paper-based systems to track third parties, and therefore too many probably underestimate the risks their third parties truly pose. The 2018 Navex Global Third-Party Risk Management Benchmark Report, which surveyed 1,200…
Read MoreNew Report on Third-Party Risk
Navex Global released its newest survey of third-party risk management on Thursday, a report full of statistics that’s well worth reading if you’re a compliance officer trying to benchmark your own program against what other companies do. More than anything else, the numbers in the report tell me that companies’ approach to third-party risk is…
Read MoreThird-Party Risks in Decentralized Organizations
Not long ago I came across a study of third-party risk management that Deloitte published earlier this summer. I wish I had found it sooner, because it’s crammed with useful insights. So let’s get into it. The report’s big reveal is right in its title, Third-Party Governance & Risk Management: Addressing Challenges of Decentralization. Deloitte…
Read MoreSustainability Risk Is Supply-Chain Risk
Last week we reported on a study that captured the challenges of third-party risk management these days. Today we can take a deep dive into one specific slice of that challenge courtesy of Microsoft, and its quest to reduce carbon emissions in its supply chain. The news is as follows. Last week Microsoft released its…
Read More