TPRM FLOD Centralized-Decentralized Debate

arrows box business chalk
Photo by Pixabay on Pexels.com

Global SRN is currently leading a significant market research program on the ‘Impact of Intelligent Automation and Data Analytics on TPRM Operations’.  As the leader of this program, I am in the fortunate position to consolidate the input from our 30 TPRM leaders who comprise the Advisor Team and the now 15 Community Partners. Last week I shared the insight pertaining to the skill challenge impacting TPRM operations. I want to share a second observation concerning FLOD structure.

We have received a tremendous amount of comment on the subject of TPRM FLOD structure. What should be a straight forward 3-tier structure, continues to be an area of confusion and exposure across a surprising number of those providing survey input.

Questions are typically in 2 primary areas:

If your FLOD is ‘centralized’:

  •  How do you make certain your associates are integrated and viewed as a contributor by the line of business team?
  • Are they ‘risk-skilled’ – ‘expert in the assigned LOB’ – Both?

If your FLOD is ‘decentralized’:

  • Do the associates report to the SLOD organization or LOB?
  • Is FLOD activities executed by a full-time associate or are task assigned to existing LOB staff such as vendor management?
  • How do you ensure the FLOD activities are viewed as core versus optional?

Both approaches CAN produce the desired and required results IF LOB leaders and risk leaders work together to carefully identify roles, responsibilities, task and activities. While it is no small undertaking, this extra effort always produces positive results.

 

TPRM Dilemma – Skill Gap Widening

black hanging bridge surrounded by green forest trees
Photo by Kaique Rocha on Pexels.com

In my role with Global SRN, I am leading a major market research program to identify the impact Intelligent Automation and Business Analytics is having on current TPRM operations. We are very pleased to share that in all we have 30 TPRM Executives from large global financial organizations, 13 TPRM community partners and 3 academic partners helping develop, distribute and interpret the research results.

As I speak with leaders in each of these areas of the TPRM community, a consistent theme has emerged: TPRM organizations are struggling to secure the skills necessary to support todays operations and are highly concerned about the ability to identify and attract the skills necessary to transform their operations to meet business and regulatory demands. The core issue being how to evolve a community of operational risk professionals from a ‘rule-based’ orientation to a ‘judgment-based’ capability.

With the adoption of Business Analytics and Intelligent Automation, TPRM leaders will require First Line of Defense teams that understand the dynamics of their assigned Line of Business combined with analytical skills to quickly identify patterns and irregularities to take proactive measures. With the population of FLOD associates today primarily having operational risk backgrounds, there is likely a significant re-alignment on the horizon.

Global SRN TPRM Program Launch

Logo

The team at Global SRN (www.globalsrn.org) is pleased to announce the formal kick-off of the research program ‘Impact of Intelligent Automation & Data Analytics on TPRM Operations’.  A true community effort, Global SRN has formed an Advisory Panel of leading TPRM executives along with Academic Partners such as Carnegie Mellon and Community Partners such as KPMG, EY, Grant Thornton, Rapid Ratings, Aravo, WorkFusion and other TPRM participants to develop a comprehensive insight to this emerging issue. If you’re interested in joining the team, please let me know!  

Is Intelligent Automation the Key to Unlock TPRM Value?

strong lock locked padlock
Photo by Pixabay on Pexels.com

There are multiple operational ‘Maturity’ assessments promoted throughout the Third Party Risk Management community. Each offers a unique perspective and definite orientation on which operational capability and maturity is measured. What most of these assessments seem to have in common, is a mature TPRM organization (Level 4 & Level 5) introduces analytics to their operation.

Currently, the data captured in TPRM & GRC platforms is basic, essential data points. Much of which has been developed to meet or satisfy regulatory requirements. What happens when we take a fresh look at the information TPRM can collect and maintain with an eye toward business value?

Collaboration between IA platform providers, GRC & TPRM platform providers, data feed and dynamic reporting partners and implementation partners offers significant potential to help TPRM and GRC leaders unlock value. Global SRN (www.globalsrn.org) has initiated a research program with Academic and Market partners to facilitate this interaction. If this is an area of interest, please leave a comment in TPRM Forum’s Contact page and we will respond.

Intelligent Automation Impact on TPRM Operations

Logo

The Global Sourcing Research Network (www.globalsrn.org) announces the formation of the TPRM Sub-committee to support members increasing focus and engagement with vendor risk. The initial focus of the TPRM sub-committee is the introduction of a market research effort to identify emerging use case of Intelligent Automation in Third Party Risk Management operations.

As a market survey, Global SRN will engage Academic and Community partners to participate in design, execution and analysis of the results. The goal being to identify current and emerging IA use cases and document best practices to benefit TPRM operations. Potential Academic Partners include Carnegie Mellon University, NC State and others. Community Partners will feature leading Intelligent Automation firms, Governance, Compliance & Risk (GRC) platform, managed service and consortiums as well as advisory firms.

If you are interested to learn more about the Global SRN TPRM sub-committee, please visit Global SRN or TPRM Forum.

 

Software Asset Management – Audit Susceptibility

CoverSusceptibility is defined as ‘the state or fact of being likely or liable to be influenced or harmed by a particular thing’.

In the case of a software audit, Susceptibility is the likely severity, disruption and extent of financial exposure a firm may experience in the event a software publisher issues an audit notice. Negotiating the reduction or elimination of software audit findings, while valuable, is NOT Software Asset Management.

Effective SAM requires careful orchestration, monitoring and entitlement management. SAM encompasses successful alignment of policy, procedures, controls, procurement, IT and PMO processes with rapid infraction identification. Properly executed, SAM not only minimizes audit exposure, it delivers efficiency of software investment.

Like regulators such as the OCC, CFPB and others examining compliance, software publishers produce significant Third Party Risk exposure requiring proactive and dynamic management. The TPRM Forum is pleased to share the introduction of the Audit Susceptibility Index assessment designed to help SAM operations identify the actions and tactics to mature their operations and establish enhanced productivity and efficiency.

For additional information on how we can support your SAM needs, please use the CONTACT page.

When did TPRM become a Tool-Centric Discussion?

TPRM DecomposedThe Third Party Risk Management community is dominated by content focused on GRC and TPRM technology tools. White papers, research reports, web-ex presentation fill our in-box daily. Each claiming unmatched ability to solve our challenges.

What is missing from this ongoing barrage is guidance and best practices on how TPRM leaders can successfully leverage to support the other key elements of TPRM operations. Best Practices such as:

·         How TPRM leaders can effectively build organizations and operations integrated with business operations, procurement, VMO and legal.

·         How the tool can enable quick, accurate and dynamic monitoring combined with the other activities such as RCSA’s and contract triggers to provide a single risk view.

·         How do we establish rapid, ‘fast-track’ risk processes to meet business expectation

·         How to integrate existing tools to maximize investment

TPRM leaders understand the importance of the TPRM platform, but it is an enabler, not the complete required solution. Let’s build on this foundation and expand the discussion to encompass a comprehensive TPRM solution!