Skip to content
Protecht Academy

Third party risk management.

Explore the key processes for building and managing building third party risk management capabilities, and how you can integrate third party risk management into your broader enterprise risk management program.

Purchase course online

This course is aimed at risk practitioners and business managers who are responsible for building and managing third party risk management (TPRM) frameworks and processes in their organization.

This course details the key processes you will need to develop and how to adapt them to your organization. It also acknowledges that TPRM is not as simple as introducing a set of processes. We explore governance and roles and responsibilities, and how TPRM should be integrated into broader risk management capabilities of the organization. We cover how you can monitor and measure third party risks as well as performance of your TPRM program.

Our trainers David Tattam (Chief Research & Content Officer) and Michael Howell (Senior Manager, Research & Content) focus on allowing you to develop the skills and tools needed to implement a comprehensive and effective TPRM framework.

 

Course description

In this course, you'll learn:

  1. Defining third party risk management
    • Who are third parties?
    • What is third party risk?
    • What is third party risk management?
    • Objectives of third-party risk management


  2. The drivers of TPRM
    • The extended enterprise and external drivers
    • Regulations driving TPRM
    • Standards and frameworks


  3. Third party risks
    • Identifying objectives impacted by third parties
    • Third parties as risk events
    • Third parties as causes of risks
    • Developing a taxonomy of third party risks
    • Using risk bow tie analysis to understand and map risks
    • A closer look at compliance, cyber, concentration and contagion risk


  4. Third party risk management framework
    • The risk and reward pyramid
    • How third parties influence the operating model
    • Overview of TPRM lifecycle – onboarding, ongoing monitoring and offboarding


  5. Onboarding
    • Third party selection criteria and process
    • Initial screening and tiering
    • Initial due diligence
    • Decision and approval process
    • Onboarding including contractual arrangements


  6. Ongoing monitoring
    • Key steps in onboarding monitoring
    • Due diligence updates
    • Ongoing compliance
    • Ongoing SLA/contract monitoring
    • Ongoing management including third party training
    • Risk metrics and monitoring, external and internal data, and alerts
    • Escalation and treatment


  7. Offboarding
    • Key steps in offboarding
    • Consequences of poor offboarding
    • Ensuring effective closeout of terminated engagements


  8. Reporting on TPRM
    • The purpose of reporting
    • Main types of reports
    • Considering multiple audiences for reporting
    • Levels of reporting, aggregation and filtering
    • Reporting on risk versus reporting on TPRM process performance


  9. Practical steps to implement your TPRM program
    • Defining the scope of your TPRM program
    • Developing a roadmap
    • Developing a TPRM policy
    • Creating a third party inventory
    • Systems and workflows
    • Communication


  10. Integrating ERM & TPRM
    • Applying the ISO 31000 risk management process to TPRM
    • Where TPRM fits in an ERM framework


  11. Overcoming challenges in implementing your TPRM program
    • Overcoming lack of buy-in
    • Overcoming limited resources
    • Overcoming third party noncompliance
    • Overcoming inconsistent tiering or risk assessments


  12. Who manages TPRM?
    • Three lines model
    • Roles across TPRM
    • Ensuring clear ownership, responsibilities and accountabilities for the complete process


  13. When is TPRM managed?
    • The TPRM lifecycle
    • Taking a dynamic risk-based approach
    • Using systems and workflows to improve cadence

 

Course expectations

  • Watch 13 videos
  • Answer 10 quiz questions
  • Access 14 downloadable materials

 

Timings

  • 3 hours of video content
  • Approximately 4 hours for the whole course

 

Cost

  • US$600 payable by credit card on registration

 

Next steps

You can purchase and access this course on-demand via Protecht Academy by credit card.

Please contact Protecht directly if you would like to discuss packages to implement this training across your organisation. Bulk discounts are available and packages can be invoiced in your local currency.

Purchase course online Contact us

Our trainers

David Tattam

Chief Research and Content Officer

David Tattam is the Chief Research & Content Officer and co-founder of the Protecht Group. David's vision is to redefine the way the world thinks about risk and to develop risk management to its rightful place as being a key driver of value creation in each of Protecht's customers.

David is the driving force in taking Protecht's risk thinking to the frontiers of what is possible in risk management and to support the uplift of people risk capability through training and content.

Read More

Michael Howell

Senior Manager, Research & Content

Michael Howell is Protecht's Research and Content Lead. He is passionate about the field of risk management and related disciplines, with a focus on helping organisations succeed using a ‘decisions eyes wide open’ approach.

Michael is a Certified Practicing Risk Manager whose curiosity drives his approach to challenge the status quo and look for innovative solutions.

 

Read More