An interesting and predictable market dynamics occurs when an industry segment and profession become a top corporate priority: training and certification businesses as well as industry associations establish certification programs with ongoing CE requirements to establish professional consistency. The TPRM community is an excellent example of this phenomena.
CRISC, CGEIT, CISA, CTPRP, CRVPM, CISSP, COP, CCSA, and CRCM certifications represent a sampling of designations with a presence in the TPRM profession. Each has a unique focus or area of emphasis with varying degrees of required experience, annual CE levels and out of pocket investment. The challenge for TPRM leaders is identifying which of these certifications is most relevant as we build our organizations.
I believe the short answer is – all of them!
When you consider the breadth of areas focused on by the OCC, CFPB, FRB and other regulators, TPRM expertise is required across the full third party life cycle encompassing core vendor management and procurement disciplines, sourcing strategy, IT operations, cyber security, audit and assessments, business continuity accountability, contract audit and other risk requirements, governance, controls and more. Diversity of TPRM team member certifications will produce diversity in perspective, covering more of the TPRM lifecycle to better support regulatory request and overall program effectiveness.
TPRM leaders need to orchestrate a team with multiple skills and background to ultimately meet the challenge of operational risk management in this age of digital transformation.