This course is aimed at risk practitioners and business managers who are responsible for building and managing third party risk management (TPRM) frameworks and processes in their organisation.
This course details the key processes you will need to develop and how to adapt them to your organisation. It also acknowledges that TPRM is not as simple as introducing a set of processes. We explore governance and roles and responsibilities, and how TPRM should be integrated into broader risk management capabilities of the organisation. We cover how you can monitor and measure third party risks as well as performance of your TPRM program.
Our trainers David Tattam (Chief Research & Content Officer) and Michael Howell (Senior Manager, Research & Content) focus on allowing you to develop the skills and tools needed to implement a comprehensive and effective TPRM framework.
Course description
In this course, you'll learn:
- Defining third party risk management
- Who are third parties?
- What is third party risk?
- What is third party risk management?
- Objectives of third-party risk management
- The drivers of TPRM
- The extended enterprise and external drivers
- Regulations driving TPRM
- Standards and frameworks
- Third party risks
- Identifying objectives impacted by third parties
- Third parties as risk events
- Third parties as causes of risks
- Developing a taxonomy of third party risks
- Using risk bow tie analysis to understand and map risks
- A closer look at compliance, cyber, concentration and contagion risk
- Third party risk management framework
- The risk and reward pyramid
- How third parties influence the operating model
- Overview of TPRM lifecycle – onboarding, ongoing monitoring and offboarding
- Onboarding
- Third party selection criteria and process
- Initial screening and tiering
- Initial due diligence
- Decision and approval process
- Onboarding including contractual arrangements
- Ongoing monitoring
- Key steps in onboarding monitoring
- Due diligence updates
- Ongoing compliance
- Ongoing SLA/contract monitoring
- Ongoing management including third party training
- Risk metrics and monitoring, external and internal data, and alerts
- Escalation and treatment
- Offboarding
- Key steps in offboarding
- Consequences of poor offboarding
- Ensuring effective closeout of terminated engagements
- Reporting on TPRM
- The purpose of reporting
- Main types of reports
- Considering multiple audiences for reporting
- Levels of reporting, aggregation and filtering
- Reporting on risk versus reporting on TPRM process performance
- Practical steps to implement your TPRM program
- Defining the scope of your TPRM program
- Developing a roadmap
- Developing a TPRM policy
- Creating a third party inventory
- Systems and workflows
- Communication
- Integrating ERM & TPRM
- Applying the ISO 31000 risk management process to TPRM
- Where TPRM fits in an ERM framework
- Overcoming challenges in implementing your TPRM program
- Overcoming lack of buy-in
- Overcoming limited resources
- Overcoming third party noncompliance
- Overcoming inconsistent tiering or risk assessments
- Who manages TPRM?
- Three lines model
- Roles across TPRM
- Ensuring clear ownership, responsibilities and accountabilities for the complete process
- When is TPRM managed?
- The TPRM lifecycle
- Taking a dynamic risk-based approach
- Using systems and workflows to improve cadence
Course expectations
- Watch 13 videos
- Answer 10 quiz questions
- Access 14 downloadable materials
Timings
- 3 hours of video content
- Approximately 4 hours for the whole course
Cost
-
US$600 payable by credit card on registration
Next steps
You can purchase and access this course on-demand via Protecht Academy by credit card.
Please contact Protecht directly if you would like to discuss packages to implement this training across your organisation. Bulk discounts are available and packages can be invoiced in your local currency.
Our trainers
David Tattam
Chief Research and Content Officer
David Tattam is the Chief Research & Content Officer and co-founder of the Protecht Group. David's vision is to redefine the way the world thinks about risk and to develop risk management to its rightful place as being a key driver of value creation in each of Protecht's customers.
David is the driving force in taking Protecht's risk thinking to the frontiers of what is possible in risk management and to support the uplift of people risk capability through training and content.
Michael Howell
Senior Manager, Research & Content
Michael Howell is Protecht's Research and Content Lead. He is passionate about the field of risk management and related disciplines, with a focus on helping organisations succeed using a ‘decisions eyes wide open’ approach.
Michael is a Certified Practicing Risk Manager whose curiosity drives his approach to challenge the status quo and look for innovative solutions.
David Tattam
Chief Research and Content Officer
David Tattam is the Chief Research & Content Officer and co-founder of the Protecht Group. David's vision is to redefine the way the world thinks about risk and to develop risk management to its rightful place as being a key driver of value creation in each of Protecht's customers.
David is the driving force in taking Protecht's risk thinking to the frontiers of what is possible in risk management and to support the uplift of people risk capability through training and content.
Prior to Protecht, David was the Chief Risk Officer and Head of Operations for the Australian operations of two global banks. He started his career as a Chartered Accountant and Auditor with Grant Thornton and PwC. He is also the author of A Short Guide to Operational Risk.
David is an Associate of the Institute of Chartered Accountants in Australia and New Zealand and a Senior Fellow of the Financial Services Institute of Australia. He is passionate about risk and risk management and in reaping the value that risk and good risk management can create for any business willing to embrace it.
Michael Howell
Senior Manager, Research & Content
Michael Howell is the Protecht Group’s Research and Content Lead. He is passionate about the field of risk management and related disciplines, with a focus on helping organisations succeed using a ‘decisions eyes wide open’ approach.
Michael is a Certified Practicing Risk Manager whose curiosity drives his approach to challenge the status quo and look for innovative solutions. Michael harnesses that curiosity in pursuit of risk knowledge, conducting research and developing content to support and advance risk methodology and product design at Protecht.
Michael’s industry experience includes managing risk functions, assurance programs, policy management, corporate insurance, and compliance.