third party risk management 301 - sigsig.org/docs2/s23_third_party_risk_management_301... ·...
TRANSCRIPT
Adding Value, Being Valued
Third Party Risk
Management 301:
Prudential Insurance
Lisa WrightVice President
ONTALA Performance Solutions
Linda Tuck ChapmanCPO Emeritus & President
www.sig.org/eval
Third Party Risk Management
Adding Value, Being Valued
Prudential Insurance Lisa Wright
ONTALA Performance Solutions Linda Tuck Chapman
October 28, 2015
© 2015 ONTALA Performance Solutions Ltd..Confidential Information. Do not copy or distribute. 3
Contact Information
Lisa Wright
Vice President, Prudential Insurance Company of America
Lisa is an accomplished strategist and senior leader, with a strong track
record for designing and driving new programs and initiatives. Leveraging
her experience as an entrepreneur Lisa was responsible for building and
leading Prudential’s non-domestic IT and BPO programs, global service
centers, including an award winning center in Texas and Prudential’s
Enterprise Vendor Governance Office with direct responsibility for IT
vendor risk management.
Linda Tuck Chapman
CPO Emeritus & President ONTALA Performance Solutions Ltd.
Linda Tuck Chapman is a widely recognized expert in third party risk
management, outsourcing governance and sourcing optimization. Her
unique insight and expertise is built on her experience as a consultant
and former Chief Procurement Officer in three of North America's largest
banks. ONTALA delivers leading-edge third party risk management
advisory services in association with Crowe Horwath Global Risk
Consulting.
Lisa Wright
973.716.5535
Linda Tuck Chapman
416.452.4635
© 2015 Crowe Horwath LLP
© 2015 ONTALA Performance Solutions Ltd..Confidential Information. Do not copy or distribute. 4© 2015 Crowe Horwath LLP
Our team
Experienced professionals publishing timely information, leading
educational events, and delivering relevant market insight on
critical topics such as emerging risks, regulatory compliance, and
industry trends.
© 2015 ONTALA Performance Solutions Ltd..Confidential Information. Do not copy or distribute. 5
Agenda
1 Context
2 3PRM Frameworks
3 Adding value
4 Working with start-ups
4 Developing new products
© 2015 Crowe Horwath LLP
Context
© 2015 ONTALA Performance Solutions Ltd..Confidential Information. Do not copy or distribute. 7
Third party risk management program executives have done
a great job stepping up to regulatory requirements
Regulatory expectations are intense and still increasing
Risk control experts are falling behind on due diligence
assessments and monitoring responsibilities
Business partners are chafing under increasing workloads
Heavy workloads, getting heavier
© 2015 Crowe Horwath LLP
3PRM Frameworks
© 2015 ONTALA Performance Solutions Ltd..Confidential Information. Do not copy or distribute. 9 9
3PRM Operating Framework
StrategicSourcing
Business Strategy
Risk Acceptance
“Risk SME” Due Diligence
Business-led Sourcing
Controls Design
Residual Risk Rating
Residual Risk Assessment
Questionnaire
Validation & Approval
Preliminary Risk Assessment
Questionnaire
Periodic Re-assessment
Post-contract Management &
Monitoring
Contract Execution
Renew or Terminate
Negotiations & Contracting
Business-led Sourcing
Validation & Approval
3PRM Operating Framework
© 2015 Crowe Horwath LLP
© 2015 ONTALA Performance Solutions Ltd..Confidential Information. Do not copy or distribute. 1010
Third Party Risk Management
Delegated AuthorityOperational Risk
Management
Risk SME Due Diligence
Escalation and Remediation
Risk Controls
Effective Challenge
KRI’s and KPI’s
ENTERPRISE RISK MANAGEMENT (ERM)
BOARD OF DIRECTORS
3PRM GOVERNANCE COMMITTEE
Contract Terms and Conditions
Process-based Procedures
Management and Monitoring
“Book of Record” - workflow, evidence and QA reviews
Performance and Risk Reporting
Trend Analysis & Reporting
Governance & Oversight
Policies & Standards
Assessments & Controls
Enablement & Evidence
Insight & Action
3PRM Governance Framework
© 2015 Crowe Horwath LLP
© 2015 ONTALA Performance Solutions Ltd..Confidential Information. Do not copy or distribute. 11 11
RISK
MANAGEMENT
VALUE
MANAGEMENT
PERFORMANCE
MANAGEMENT
3rd Party Management
360o insight
The end game
© 2015 Crowe Horwath LLP
Adding Value
© 2015 ONTALA Performance Solutions Ltd..Confidential Information. Do not copy or distribute. 13© 2015 Crowe Horwath LLP
Intrinsic value of 3PRM programs
Identify
Assess
Manage
Control
Consistency
Completeness
Regulated risks
Operational risks
Reputation risk
Compliance
Inherent risks
Residual risks
Consistency
Process efficiencies
Specific controls
Better contracts
Incident response
Risk visibility
Risk tolerance
Risk culture
Working with Start-ups
© 2015 ONTALA Performance Solutions Ltd..Confidential Information. Do not copy or distribute. 15
Context for Action
Worked hard to reduce
the number of
relationships
Need for agility and
speed
Conflict with standards
processes and controls
How much risk are you
willing to accept?
Need to trade off risk
versus value?
Enabling Innovation with Existing 3rd Parties
How can you mitigate risk?
Proof of concept
Equity stake, VC investment
J/V
Skills and knowledge transfer
DD in parallel with development
Cyber insurance
Multi-source risk mitigation partner
Onsite access
Use your 3PRM program to assess their
relationships/contracts
Leverage your company’s 3rd party
relationships
Use your own IP: differentiating / non-
differentiating solutions
© 2015 Crowe Horwath LLP
Developing new products
© 2015 ONTALA Performance Solutions Ltd..Confidential Information. Do not copy or distribute. 17
Context for Action
Need for agility and
speed
Leading 3rd parties are
innovators too
Slowed down by with
standards processes
and controls?
Enabling Innovation with Start-ups
How can you mitigate risk?
Take on more risk – aligned with their
core competence not yours
Proof of concept
Contract with start-up not with your
company
Joint development
Limited period non-compete
© 2015 Crowe Horwath LLP
Contact Information
© 2015 ONTALA Performance Solutions Ltd..Confidential Information. Do not copy or distribute.
Lisa Wright (973) 716-5535
Vice President, Prudential Insurance Company [email protected]
Linda Tuck Chapman 416.452.4635
CPO Emeritus, and President, ONTALA [email protected] association with Crowe Horwath Global Risk Consulting
© 2015 Crowe Horwath LLP
Evaluation How-to:
Your feedback drives
SIG Event content
By signing and
submitting your
evaluation, you are
automatically entered
into a prize drawing
Why?
Option 1: App
1. Select Schedule2. Select Schedule by Day3. Select Day4. Select Session5. Scroll to Description 6. Click on the Evaluation link
Option 2: Browser
1. Go to www.sig.org/eval2. Select Session (#23)
How?
COMPLETE &SUBMIT EVAL
Download the App: bit.ly/SIGCAappTweet: #SIGfall15
Session #23
Third Party Risk Management 301:
Adding Value, Being Valued
www.sig.org/eval
Lisa WrightVice President, Prudential Insurance Company
(973) [email protected]
Linda Tuck ChapmanCPO Emeritus, and President, ONTALA in association with Crowe Horwath Global Risk Consulting