Third-Party Risk Still a Shaggy Mess

third-party risk

We have an intriguing survey on third-party risk management to study today, one that suggests many companies are still struggling with siloed approaches and manual processes to manage their vendors — which, consequently, leaves lots of companies managing only a small fraction of the vendors they have. The survey comes from Prevalent, a vendor of…

Read More

Advice on Third-Party Risk Management

third-party risk

Last week I had the good fortune to moderate a webinar on third-party risk management. We had outstanding guests who raised excellent points, and as usual, I ended up taking plenty of notes so that I could pass them along here.  Let’s begin with an appreciation of just how tricky a problem third-party risk management…

Read More

More Help on Third-Party Risk

third-party risk

Banks have fresh guidance this week on how to tackle third-party risk management, and the material offers plenty of good advice on the subject for businesses in any sector.  The guidance comes from the Office of the Comptroller of the Currency, the Federal Deposit Insurance Corp., and the Federal Reserve, which have been working for…

Read More

The Cracks in Third-Party Risk Management

Another day, another report looking at challenges of third-party risk management. This time the report is from software firm Prevalent, and it’s worth some attention for the conflicting perceptions about third-party risk that it calls out. Foremost, the report is interesting because it defines third-party risk as a cybersecurity and supply chain issue, rather than…

Read More

Some Good Guidance on Third-Party Risk

third-party risk

One of the nation’s top banking regulators just dropped some fresh guidance about third-party risk management, well worth any compliance professional’s time if you’re looking for advice on regulatory compliance or just good insight on third-party risk generally. The Office of the Comptroller of the Currency, regulator for the country’s community banks, published the guidance…

Read More

Survey: Third-Party Data Risk Still a Mess

third-party risk

Another year, another report confirming what most compliance and IT security officers already know: third-party vendors are an enormous security and privacy risk, and oversight of those parties is a mess. That’s the message of a report released Thursday by Opus and the Ponemon Institute, which surveyed more than 1,000 IT and data security professionals…

Read More

Update on Third-Party Risk Programs

third-party risk

Navex Global gave a sneak peek this week of its latest report on third-party risk. The headline: too many compliance departments still rely on paper-based systems to track third parties, and therefore too many probably underestimate the risks their third parties truly pose. The 2018 Navex Global Third-Party Risk Management Benchmark Report, which surveyed 1,200…

Read More

New Report on Third-Party Risk

Navex Global released its newest survey of third-party risk management on Thursday, a report full of statistics that’s well worth reading if you’re a compliance officer trying to benchmark your own program against what other companies do. More than anything else, the numbers in the report tell me that companies’ approach to third-party risk is…

Read More

Third-Party Risks in Decentralized Organizations

third-party risk

Not long ago I came across a study of third-party risk management that Deloitte published earlier this summer. I wish I had found it sooner, because it’s crammed with useful insights. So let’s get into it. The report’s big reveal is right in its title, Third-Party Governance & Risk Management: Addressing Challenges of Decentralization. Deloitte…

Read More

Sustainability Risk Is Supply-Chain Risk

climate

Last week we reported on a study that captured the challenges of third-party risk management these days. Today we can take a deep dive into one specific slice of that challenge courtesy of Microsoft, and its quest to reduce carbon emissions in its supply chain. The news is as follows. Last week Microsoft released its…

Read More