In preparation to design a targeted survey for Technology Third Party Risk Management (TPRM) emerging trends and best practices, I have had the opportunity to interview a dozen Enterprise Risk and Operational Risk leaders at major global banks and financial institutions. Based on the insights gained in these conversations, the following areas were continually voiced as areas of top priority for effective Technology TPRM execution. We will dig into each of these areas with the upcoming research effort.
- · Effective TPRM of technology partners is at the forefront of enterprise and operational risk leader’s agendas
- · Technology TPRM is more than Vulnerability Assessments and Threat Management
- · Algorithm-centric risk practices are inadequate to assess Technology TPRM
- · Comprehensive First Line of Defense (FLOD) execution is necessary for Second Line of Defense (SLOD) to effectively achieve goals and objectives
- · SLOD leaders must be able to effectively communicate and collaborate across IT leaders, procurement, audit and compliance. Knowledge of the services, intended processes and contract terms are key.