Workshop Abstract:
The structures and realities of business today have changed. Traditional brick-and-mortar business is outdated: physical buildings and conventional employees no longer define the organization. The modern organization is an interconnected web of relationships, interactions, and transactions that span traditional business boundaries. Layers of relationships go beyond traditional employees to include suppliers, vendors, outsourcers, service providers, contractors, subcontractors, consultants, temporary workers, agents, brokers, dealers, intermediaries, partners, and more. Complexity grows as these interconnected relationships, processes, transactions, and systems nest themselves in intricacies, such as deep supply chains and subcontracting relationships. Roaming the hallways of an organization means crossing paths with contractors, consultants, temporary workers, and more. Business today relies and thrives on third-party relationships; this is the extended enterprise.
In this context, organizations struggle to govern their third-party relationships and too often manage risk and compliance within those relationships in silos that fail to see the big picture of risk exposure and the impact on the relationship’s objectives. Risk and compliance challenges do not stop at organizational boundaries. This is particularly true in this new era of ESG in the extended enterprise. An organization can face reputational and economic disaster by establishing or maintaining the wrong business relationships or allowing good business relationships to sour because of weak risk governance. Third-party problems are the organization’s problems and directly impact the brand and reputation, increasing exposure to risk and compliance matters. When questions of delivery, business practice, ethics, privacy, safety, quality, human rights, resiliency, corruption, security, and the environment arise, the organization is held accountable, and it must ensure that third-party partners behave appropriately.
Dissociated data, systems, processes, and a myopic risk vision leaves the organization with fragments of the truth that fail to see the big picture of third-party performance, risk, and compliance across the enterprise and how it supports its strategy and objectives. The organization needs to have holistic visibility and situational awareness of third-party risk across the enterprise. The complexity of business, intricacy, and interconnectedness of third-party risk data requires that the organization implement a third-party risk management strategy.
This workshop aims to provide a blueprint for attendees on effective third-party risk management in a dynamic business, regulatory, ESG, and risk environment. Attendees will learn third-party risk management strategies and processes that can be applied across the organization at either an enterprise or a department level. Learning is done through lectures, collaboration with peers, and workshop tasks.
Objectives of workshop:
Attendees will take back to their organization approaches to address:
- Effectively managing due diligence and third-party risk.
- Understand the challenges and pitfalls of managing third-party risk
- Achieve success capitalizing on third-party relationships while maintaining compliance
- Facilitate ongoing monitoring of third-party partners.
- Define a third party management lifecycle for managing and monitoring third party relationships
- Establish third party management ownership and accountability
- Provide third party management process consistency
- Communicate effectively with third parties on matters of risk and compliance
- Track critical workflow and tasks internally and with third party relationships
- Deliver effective third party governance and assurance to the board of directors, regulators, and stakeholders
- Monitor metrics to establish effectiveness or third party management
- Identify and resolve issues with third parties
- Map third party relationships to objectives, risks, controls, issues, and other GRC areas
Benefits to attendees:
- Understand a top-down as well as a bottom-up approach to third party management
- Implement third party management in the context of business strategy, process, and operations
- Explore third party management architecture models and how they apply to your organization
- Discover various third party assessment and monitoring techniques and how they apply to your business
- Develop an third party information architecture that aligns with business operations and processes
- Effectively communicate and gather attestation on third parties across your organizations
Who should attend?
- Procurement Professionals
- Supply Chain Professionals
- Ethics & Compliance Professionals
- Risk Management Professionals
- IT Security Professionals
- Legal Professionals
- Environmental, Health & Safety Professionals
- Corporate Social Responsibility & Accountability Professionals
- Individuals with third party management, ownership, or oversight responsibilities
Proposed Agenda:
Part 1: Third Party Management by Design
Why Third Party Management Matters
- Third Parties in Disarray: how organizations mismanage third parties
- Third Party Exposure: how mismanaged third parties expose the organization to risk
- Current drivers & trends pressuring organizations in third party management
- Different ways organizations approach third party management
- What Effective Third Party Management Achieves: third party management’s role in governance, risk management, and compliance
Part 2: Third Party Governance
Blueprint for Effective Third Party Management
- Third Party Governance Committee: bringing together the range of third party management roles and responsibilities in the organization
- Third Party Management Charter: defining a structure to govern third party relationships
- How to Develop a Third Party Management Strategic Plan
Part 3: Third Party Management Lifecycle
Managing Third Parties from Onboard to Offboarding
- Third party identification & onboarding
- Ongoing context monitoring
- Third party communications & attestations
- Third party monitoring & assessment
- Third party forms & approvals
- Third party metrics & reporting
- Third party re-evaluation and offboarding
Part 4: Third Party Management Architecture
Enabling Information & Technology Management of Third Party Relationships
- Third Party Management Information Architecture: Blueprint for Managing Third Party Content and Related Data
- Types of third party management information and how it integrates into third party processes
- Components and requirements for a third party information architecture
- Third Party Management Technology Architecture: Blueprint for Enabling Third Party Management Processes with Technology
- Kinds of third party management technologies and what best serves the organization
- Capabilities and requirements of third party management platforms
- Third Party Management Business Case: Articulating the Value of Effective Third Party Management
- Defining a business case and value of third party management platforms
FAQ
The workshop focused on helping organizations design effective third-party risk management frameworks. It explored how modern businesses could strengthen governance, compliance, and resilience in an era defined by complex supplier networks, outsourcing, and ESG expectations.
The workshop was part of the GRC 20/20 program in partnership with CoreStream GRC. It was designed by leading governance and risk experts to guide organizations in creating consistent, enterprise-wide third-party management practices that support corporate strategy and compliance.
The key objectives were to help participants:
– Improve due diligence and oversight of third parties.
– Identify and mitigate third-party risks early.
– Align third-party relationships with ESG and ethical standards.
– Facilitate consistent communication, workflows, and reporting.
– Deliver effective third-party assurance to boards, regulators, and stakeholders.
