Third Party Risk Management - Meeting the Expectations of the Board

With the strategic importance of engaging third parties in today's business landscape, coupled with the level of risk that they can bring to the enterprise, it should not be surprising that third party risk management is attracting greater focus from the C-suite and the Board of Directors.

According to the Institute of Collaborative Working, up to 80% of direct and indirect operating costs of a business can come from third parties, while up to 100% of revenue can come from alliance partners, franchisees and sales agents.

Download e-Book

With third parties now becoming part of the DNA of the extended enterprise, regulators globally have made it quite clear that while organizations can outsource a task, they cannot outsource the responsibility.  Increased regulatory scrutiny, however, is just a symptom of the underlying issue – the way organizations do business is evolving dramatically and rapidly. And with this, the way they manage risk and govern the extended enterprise needs to evolve quickly too.

This evolution is challenging - third party risk management is a relatively new discipline and companies are at radically different stages of maturity depending on their industry, size and culture. From a discipline that has evolved largely from siloed and ad-hoc processes, there’s a growing recognition that a more joined-up, standardized and enterprise-wide view of risk is required.

Aravo’s new eBook Meeting the Expectations of the Board: Accelerating vendor and third party program maturity to enhance governance and oversight is a useful tool for boards AND for third party risk professionals seeking to educate their boards about why TPRM is so critical for the organization, and why investment in it is important.

Download e-Book


The eBook provides a very useful benchmarking maturity model, and covers:

  • Why are boards prioritizing third party risk management?
  • Why is third party risk such a unique challenge for boards and their organizations?
  • What does a good governance framework look like?
  • What are third party governance best practices?
    • Comprehensive governance structure
    • Clearly defined roles and responsibilities
    • Regular third party review meetings
    • Cohesion across three lines of defense
    • Third party risk appetite and thresholds well defined and understood
    • Segmentation reviewed annually
    • Issue escalation rarely needed
    • Issues resolved quickly/effectively
    • Integrated enterprise TPRM IT solutions in place
    • Third party relationship review maximized
    • Industry best practices embraced
    • Utilities and standardization
    • Enterprise view of risk, performance and compliance
  • What can the board do to help embed third party risk governance?

 Download e-Book

Related Content:

White Paper - CyberSecurity Regulatory Radar: Five Top Trends in Cybersecurity Regulation

White Paper - The Business Case For Better Third Party Risk Management

Executive Overview - The New GDPR: Taking A Strategic Approach To An Internationally-Focused Data Protection Rule

OCC Update Briefing 2017-7 - The OCC's Supplemental Examinations Procedures for Third Party Relationships Raising the Bar for Banks' Third Party Risk Management

Blog - Third Party Risk: Why Global 2000 Companies Should Be Focused on Third Party Compliance

Expert Series Podcast - Session 1 - GDPR & Why Organizations Need To Be Thinking About Third Party Risk

Request A Demo of Aravo Third Party Risk Management Solutions

Topics: third party risk management, board of directors, governance, board accountability, third party governance, benchmarking