Increasing collaboration and visibility between internal teams and vendors and utilizing technology to mitigate risks
Olga Baldwin, VP, Vendor Management, Axiom Bank
Below is an insight into what can be expected from Olga’s session at Vendor & Third Party Risk USA 2023.
The views and opinions expressed in this article are those of he thought leader as an individual, and are not attributed to CeFPro or any particular organization.
What are some of the risks that can occur when collaborating between internal teams and vendors?
Collaboration is always good for a team and an organization generally. Sometimes challenging the team or stakeholders to work together might meet resistance as people feel threatened when their area of expertise is challenged. Teambuilding and relationship building is essential in third party risk management.
Collaboration might backfire in some circumstances. An assessor should allow a subject matter expert (SME) to form their own opinion about third party controls to ensure their opinion doesn’t impact independent review. This enables the stakeholders to provide a robust assessment of the third party controls. However once SME has issued a review, the assessor could challenge it and obtain necessary clarifications. In a healthy team this type of collaboration is welcomed and creates higher quality reviews where each opinion is valuable as we are all humans, we might miss something and learn every day. Appreciated team members in general perform better.
Collaboration should bring additional value to a team. It is important to build close connections with relationship managers that are responsible for management at third parties. However, it is not always a best practice for third party risk management teams to reach out directly to the third party. For instance, months were spent on establishing an efficient working relationship with certain third parties. The relationship manger learned effective ways to correspond, how to request the documents, what the representatives like or dislike in outreach and are able to strengthen the relationship this way. A third party risk management team might come with a standardized request for documents that looks aggressive or unclear for the third party and month or years of relationship and trust building might be destroyed. It is always advisable to ensure that the relationship manager is aware of all requests sent to the third party. If it is a system generated request, the relationship manager would be able to let the third party know and offer assistance if necessary. In some situations, relationship managers would be able to tailor the message to mitigate the risk of a negative impact to the overall relationship.
Collaboration with third parties is critical, especially when the third-party risk assessment process is lengthy or not going smoothly. Being upfront about your organizations third party risk assessment process is essential and will manage external stakeholders’ expectations, enabling third parties to prepare documents correctly for review. Having a third-party risk management system with a portal for data collection would create transparency as the third parties would be able to see what is still outstanding. There is an expectation that third parties are transparent about their controls and any issues related to them. Incomplete documentation or information creates issues and increases third party risk assessment processes, destroys trust, and negatively impacts the entire organization in a long term.
How can we stay on top of these risks and manage them to prevent consequence?
In today’s world, effective communication and collaboration are the keys to success. Primarily, it is important to train the internal team to communicate effectively. Work closely with other internal teams that are participating in engaging a third party, such as legal and procurement. Ensure all relationship managers are trained not only on the third party risk management process, but also on the reasons to conduct it, as well as the consequences of bad third-party risk management practices, data privacy issues, etc. In addition, all stakeholders should be able to access their third party data, current status, review progress as well as be aware of all third-party risk management policies and program steps pertaining to their role.
Keep the conversation going continuously. If there are any changes related to the third party communicate them to the relationship manager to clarify with the third party. Each relationship manager should meet with the third-party representative regularly to ensure that all issues and concerns could be addressed in timely manner and problems are resolved early in the process.
How can we operationalize an internal team effectively?
Building a reliable and trustworthy relationship increases team value and ensures confidence of the stakeholders. It is also enhancing team’s confidence that enables strong performance, brings out innovative ideas, and growth of each team member.
Challenging the team to work together to remove silos allows for increased productivity, transferal of best practices across the organization and even comes with cost benefits as it would help to avoid duplication of work.
Training the team is a key to ensure that everybody is up to speed with the current processes. Each team member should feel free to express their opinion and know that it is valuable. As the program grows it is harder for the TPRM Head to manage all relationships. The assessors should feel empowered, and, if trained right would be enabled to identify problems and issues, escalate them, ultimately leading to an efficient resolution or more effective risk management. A great leader should build a trust relationship with the team where each assessor is comfortable to voice their opinion and know that they are valued and appreciated.
When buy in is gained from stakeholders, how can we ensure alignment is retained between TPRM and procurement teams?
Alignment of TPRM with procurement is critical. Once procurement and TPRM teams understand the value each team brings to the table and realize they complement each other they will be able to deliver more efficient results.
It is important to maintain clear objectives for both teams; continuous knowledge sharing will help to maintain healthy relationship between both teams. Alignment can be enhanced by utilization of the same system, processes, procedures, or fully integrated systems that have data sharing capability, allowing each team to view and utilize the data relevant to their program analysis. Common workflow would also enable synergies between teams as they will see how each of them fits in the process. It is essential to train teams and continue using best practices. Leveraging experts’ reviews and opinions can help both teams to achieve broader success. As in any relationship, communication is a key – regular meetings to discuss common goals, issues, business needs, possible solutions and continuous improvement would help to maintain an alignment between TPRM and procurement teams.