Blog

What do I need to ask when buying a Third Party Risk Management (TPRM) solution?

Top view of successful businessman standing near the entrance of labyrinth.jpeg

Third party risk management is a complex discipline, that combined with the scale, complexity, and change dynamics of any Global 2000 organization, can often lead to false starts with technology implementations.

It’s important to get enterprise software purchase decisions right – they are the fulcrum of successful third party risk programs for the business, they impact on the adoption and performance of many internal users across the enterprise, and they can have an impact on the careers of those selecting them.

DOWNLOAD THE BUYER'S GUIDE

But it’s not easy. As we discussed in our White paper: Third Party Risk Management in the Dynamic of Scale, Complexity, and Change, many organizations first try and default to their legacy ERP or Generic GRC technology platforms to manage their third party risk programs. Yet, ultimately most fail. The scale, complexity and change requirements of the Global 2000 enterprise cripples them. The result: lost money, time and opportunity. And, naturally, a loss of trust in technology and what vendors can solve for.

This makes it all the more important to understand what capabilities you should be looking for and what questions you should be asking when you are assessing TPRM providers. RFI and RFPs can often become a catch all, with hundreds of questions, but missing the crux of the requirement: is the solution scalable, agile and adaptable.

This often happens because the strategic vision of why the organization needs to purchase a third party risk management solution is lost amongst the lists of tactical questions from various internal stakeholders.

A new white paper from Aravo solutions outlines some of the key questions that organizations should be asking – within the context of an overarching vision of what a good third party risk management platform should be delivering, and why.

Aravo White Paper - Buyer's Guide to Third Party Risk Management  | TPRM

DOWNLOAD THE BUYER'S GUIDE

The white paper looks at the strategic underpinnings of a best practice approach to third party risk management, including:

  • The TPRM life-cycle
  • TPRM-related compliance programs
  • Core TPRM functionality
  • Important “30,000 feet high” questions

The white paper then provides a deep-dive into the seven key areas for review in any RFP or RFI for a third party risk management solution, including:

  • Configuration: How easy is it to change elements of the solution as your organization grows and evolves? What do you need to do to reconfigure workflows? What kinds of templates does the solution provide out-of-the-box? How often are new templates introduced? Can the solution provide conditional workflows to adapt to third party responses?
  • Integration: What will you have to do to integrate the third party risk management solution with content feeds from external providers? Or with your own internal systems?
  • Usability: How attractive and easy to use is the solution? Will the look-and-feel of the solution help or hinder adoption within your own organization and by third parties? Can the solution easily display in multiple languages and currencies?
  • Third party engagement: Does the solution provide a third party portal? How easy is it to create new forms and assessments to collect information from third parties? How quickly can third parties update their catalog information?
  • Management: How flexible and robust are the solution’s risk scoring capabilities? Are there strong role-based approvals processes and alerts capabilities? How proactive is the escalation/incident management functionality? Does the solution support regular relationship reviews? Does it make managing projects simple? And how easy is it to pull information for audits out of the solution?
  • Analysis: Transparency and oversight is an essential part of any third party risk management program. The white paper lists more than 20 key reports a good third party risk management solution should be able to produce quickly and easily. Organizations should also explore the way dashboards look, feel, and interact with stakeholders.
  • Technical: The IT department is always a critical stakeholder in any purchase of new software. This list of questions explores specific issues IT teams may wish to explore for third party risk management software.

Solutions that are adaptable – whether that means integrating new information sources or creating new workflows – are resilient because they are able to change with new requirements as they present themselves. Solutions that go one step further – that actually help organizations manage change better – help make the organizations they are a part of more resilient.

The white paper – with more than 120 questions and points of evaluation – will help organizations keep a strong focus on both their strategy for third party risk management as well as their tactical requirements when exploring the purchase of a new solution. 

DOWNLOAD THE BUYER'S GUIDE

For more information about the Aravo solution for Third Party Risk Management, please contact us.

 

Related Content:

Executive Download - Buyers Guide to Third Party Risk Management

Executive Overview - The New GDPR: Taking A Strategic Approach To An Internationally-Focused Data Protection Rule

OCC Update Briefing 2017-7 - The OCC's Supplemental Examinations Procedures for Third Party Relationships - Raising the Bar for Banks' Third Party Risk Management

Infographic - EU GDPR & Third Party Risk - 5 Steps You Can Take Today

Blog - Third Party Risk: Why Global 2000 Companies Should Be Focused on Third Party Compliance

Blog Post - OCC BULLETIN 2017-7: The OCC's Supplemental Examinations Procedures for Third Party Relationships

Analyst Podcast - Session 1 - How to Develop a Third Party Management Strategy

Request A Demo of Aravo Third Party Risk Management Solutions

 

Topics: third party risk management, tprm, aravo, risk and compliance, risk mitigation, Anti-Bribery and Anti-Corruption, FCPA, OCC, GDPR, Conflict Minerals, ABAC, sustainable procurement, Data Security & Privacy, Registration & Qualification, General Data Protection Regulation, regulatory risk