Depending on Others: Third Party Risk Management
In response to an internal audit finding we put together a Third Party Risk Management Program for a global financial firm. It outlined the activities that were crucial to their business operations, and identified which of those services were provided by external organizations. The involvement of external organizations obviously increased the operational risk to the company.
Once we had put together an inventory of all the Third Parties, we were able to look at whether their risk profiles aligned with specific threats to the client’s business and we could take action if necessary.