Global SRN is currently leading a significant market research program on the ‘Impact of Intelligent Automation and Data Analytics on TPRM Operations’. As the leader of this program, I am in the fortunate position to consolidate the input from our 30 TPRM leaders who comprise the Advisor Team and the now 15 Community Partners. Last week I shared the insight pertaining to the skill challenge impacting TPRM operations. I want to share a second observation concerning FLOD structure.
We have received a tremendous amount of comment on the subject of TPRM FLOD structure. What should be a straight forward 3-tier structure, continues to be an area of confusion and exposure across a surprising number of those providing survey input.
Questions are typically in 2 primary areas:
If your FLOD is ‘centralized’:
How do you make certain your associates are integrated and viewed as a contributor by the line of business team?
Are they ‘risk-skilled’ – ‘expert in the assigned LOB’ – Both?
If your FLOD is ‘decentralized’:
Do the associates report to the SLOD organization or LOB?
Is FLOD activities executed by a full-time associate or are task assigned to existing LOB staff such as vendor management?
How do you ensure the FLOD activities are viewed as core versus optional?
Both approaches CAN produce the desired and required results IF LOB leaders and risk leaders work together to carefully identify roles, responsibilities, task and activities. While it is no small undertaking, this extra effort always produces positive results.
There are multiple operational ‘Maturity’ assessments promoted throughout the Third Party Risk Management community. Each offers a unique perspective and definite orientation on which operational capability and maturity is measured. What most of these assessments seem to have in common, is a mature TPRM organization (Level 4 & Level 5) introduces analytics to their operation.
Currently, the data captured in TPRM & GRC platforms is basic, essential data points. Much of which has been developed to meet or satisfy regulatory requirements. What happens when we take a fresh look at the information TPRM can collect and maintain with an eye toward business value?
Collaboration between IA platform providers, GRC & TPRM platform providers, data feed and dynamic reporting partners and implementation partners offers significant potential to help TPRM and GRC leaders unlock value. Global SRN (www.globalsrn.org) has initiated a research program with Academic and Market partners to facilitate this interaction. If this is an area of interest, please leave a comment in TPRM Forum’s Contact page and we will respond.
In 2017, TPRM Forum conducted a survey of 42 Technology Vendor Management executives. The goal of the research was to understand the issues impacting technology VMO organizations and the actions being taken to successfully meet the challenge. Agile Development & Cloud Governance were identified as the leading operational challenges.
Fast forward 14 months and Cloud Governance has emerged as the top operational challenge for Technology VMO and IT leaders. Cloud expenditures are consistently running 2 to 3 times greater than budgeted with little insight or control. Technology VMO leaders are best positioned to help CIO’s establish the necessary diligence to budget, forecast and deliver cloud efficiencies.
Technology VMO leaders must embrace Cloud Governance as a core discipline alongside contract, performance, financial and relationship management. Establishing a centralized cloud governance capability to monitor cloud ‘uptake’ enables the technology VMO to govern, analyze and recommend efficiencies. The transparency achieved enables VMO leaders provide IT leadership clearly document consumption patterns by business unit and cost center, forming a platform for potential ‘charge back’ capabilities and greater corporate cloud accountability.