Susceptibility is defined as ‘the state or fact of being likely or liable to be influenced or harmed by a particular thing’.
In the case of a software audit, Susceptibility is the likely severity, disruption and extent of financial exposure a firm may experience in the event a software publisher issues an audit notice. Negotiating the reduction or elimination of software audit findings, while valuable, is NOT Software Asset Management.
Effective SAM requires careful orchestration, monitoring and entitlement management. SAM encompasses successful alignment of policy, procedures, controls, procurement, IT and PMO processes with rapid infraction identification. Properly executed, SAM not only minimizes audit exposure, it delivers efficiency of software investment.
Like regulators such as the OCC, CFPB and others examining compliance, software publishers produce significant Third Party Risk exposure requiring proactive and dynamic management. The TPRM Forum is pleased to share the introduction of the Audit Susceptibility Index ™ assessment designed to help SAM operations identify the actions and tactics to mature their operations and establish enhanced productivity and efficiency.
For additional information on how we can support your SAM needs, please use the CONTACT page.
The Third Party Risk Management community is dominated by content focused on GRC and TPRM technology tools. White papers, research reports, web-ex presentation fill our in-box daily. Each claiming unmatched ability to solve our challenges.
What is missing from this ongoing barrage is guidance and best practices on how TPRM leaders can successfully leverage to support the other key elements of TPRM operations. Best Practices such as:
· How TPRM leaders can effectively build organizations and operations integrated with business operations, procurement, VMO and legal.
· How the tool can enable quick, accurate and dynamic monitoring combined with the other activities such as RCSA’s and contract triggers to provide a single risk view.
· How do we establish rapid, ‘fast-track’ risk processes to meet business expectation
· How to integrate existing tools to maximize investment
TPRM leaders understand the importance of the TPRM platform, but it is an enabler, not the complete required solution. Let’s build on this foundation and expand the discussion to encompass a comprehensive TPRM solution!
In a recent survey conducted by the Technology TPRM Forum, Third Party Risk leaders indicated a growing focus on establishing strong partnerships with internal vendor management teams. This was identified as the top action with the intended benefit being able to more effectively support business demand.
While the value of an aligned VMO-FLOD is clear, reality of establishing the needed collaboration remains elusive.
- Vendor Management teams must become more aware of risk as a necessary dimension to incorporate in their operations and not view FLOD representatives as an extension of internal audit.
- FLOD team members must bring value, enabling the VMO to meet business demands with risks assessment and monitoring integrated into operational process.
- VMO must see value – FLOD must establish credibility.
Essentially an environment of trust and an appreciation for one others perspective is required to pull the team together. Without this foundation, no level of effort will yield the necessary results. FLOD will take on more of an oversight function, impacting SLOD effectiveness and ultimately lessening the contribution of audit.
The Technology TPRM Forum intends to conduct a follow-up survey among TPRM and VMO leaders to identify specific best practices being leveraged today to form a strong, productive VMO/TPRM bond.
Technology TPRM Forum is pleased to share the results of the survey covering the impact Digital Transformation is having on TPRM operations. We hope you enjoy the survey findings and it brings value to your TPRM efforts.