Posts Tagged ‘third-party risks’
Update on Third-Party Risk Programs
Navex Global gave a sneak peek this week of its latest report on third-party risk. The headline: too many compliance departments still rely on paper-based systems to track third parties, and therefore too many probably underestimate the risks their third parties truly pose. The 2018 Navex Global Third-Party Risk Management Benchmark Report, which surveyed 1,200…
Read MoreBad Control Environments Ruin Everything
The compliance and audit worlds like to rely on lingo such as “control environment” and “control activities” all the time. The scandal of Corporate America’s payments to Michael Cohen, personal lawyer and fixer to President Trump, reminds us what those words really mean, and why a bad control environment can sour all the control activities you…
Read MoreFeds Eye Cybersecurity Risks of Tech Providers
Financial regulators just named cybersecurity as one of their top concerns going into 2018, with a heap of worry specifically about third-party contractors supporting the financial system. So for compliance officers looking for yet another reason to move third-party risk management up the priority scale, now you have one. The alarm was raised last week…
Read MoreNew Report on Third-Party Risk
Navex Global released its newest survey of third-party risk management on Thursday, a report full of statistics that’s well worth reading if you’re a compliance officer trying to benchmark your own program against what other companies do. More than anything else, the numbers in the report tell me that companies’ approach to third-party risk is…
Read MoreSome Other Posts Worth Reading
Occasionally I write guest posts about compliance and governance topics elsewhere on the Web. Three of those posts have recently gone live, one about third-party risk management and two others about the proper love and care of SOX compliance programs. If you just can’t get enough of me, here is a run-down of where to…
Read MoreAutomation of Third-Party Due Diligence: Before Starting
So there we were, me and a fellow compliance enthusiast, talking about automation of third-party risk management. This is the sort of conversation you have when you’re me. Automating portions of your third-party risk management is a great idea. After all, large corporations are awash in third parties these days. According to the 2016 Kroll…
Read MoreMore Risks With Decentralized Business: IT Projects, Culture
Last week we had a post about managing third-party risks at decentralized organizations. Today I want to revisit that subject and look at two specific issues that arise from a business structure like that—IT projects, and fostering a strong culture. Let’s begin by repeating the theme of last week’s article: decentralized organizations challenge the notion…
Read MoreThird-Party Risks in Decentralized Organizations
Not long ago I came across a study of third-party risk management that Deloitte published earlier this summer. I wish I had found it sooner, because it’s crammed with useful insights. So let’s get into it. The report’s big reveal is right in its title, Third-Party Governance & Risk Management: Addressing Challenges of Decentralization. Deloitte…
Read More