Managing Third Party Risks and its Governance

By Pooja Mourya

The Guest Lecture Committee of Symbiosis Centre for Information Technology, Information Technology, and Business Management course, under the mentorship of Assistant Professor Dr. Shaji Joseph, conducted a guest lecture inviting Manshi Sachde to share her insightful experience on ‘Managing Third Party Risks and its Governance.’

Manshi Sachde currently works as a director in the Deloitte Risk Advisory (Assurance) practice. She has 12+ years of experience in providing control assurance, audit support, IT security, and software asset management services as part of advisory and assurance engagements. She is a HITRUST Certified CSF Professional (CCSFP) and Certified Scrum Master, and she has also obtained a ‘Strategy is Innovation’ certificate from Tuck Business School as part of the management program at Deloitte.

The session explored critical facets of managing third-party risks and its governance. The lecture revolved around Extended Enterprise Risk, various operating models, vendor governance, and third-party risk management assurance—its standards and frameworks. Our distinguished speaker delved into the critical areas of risk management, control, and the evolving landscape of business operations. She emphasized that controls play a pivotal role in assessing the operational environment effectively. She highlighted that, in this dynamic business environment, continuous monitoring is not just a choice but a necessity. The imperative need for adaptation, encapsulated in the phrase “You cannot do today’s business with yesterday’s methods and still stay relevant,” resonated throughout the discussion. The focus is on ensuring compliance, conducting third-party assessments, maintaining a 24×7 Security Operations Center (SOC), and integrating virtual layers into security configurations. Furthermore, she shed light on two primary modes through which organizations engage third-party service providers: managed services, i.e., payroll systems, and people outsourcing, such as invoice creation. 

In summary, she thoroughly understood the complexities of risk management, control, and the changing dynamics of the corporate world. The lecture provided invaluable insights for navigating the challenges of a company environment that is becoming more technologically advanced and networked.