Third Party Risk Management
In today’s business scenario, companies are increasingly focusing on their core competencies and outsourcing other activities to the appropriate third parties; this aspect of outsourcing however, functions as a double-edged sword; giving many advantages and throwing up security concerns at the same time. Thus, it is essential for companies to have a robust and efficient third-party management practice in place, which serves to mitigate the impact posed by third party risks. In order to further the students’ understanding of the topic, a guest lecture was heled on 31st October by Subramanian N., Executive Director, KPMG.
The session started off by bringing students up to speed with some key statistics regarding the percentage of data breaches caused by third parties (53%) and the percentage of organizations that have experienced a third-party breach (80%). This was followed by a detailed breakdown of how business relationships are valuable to firms and the corresponding definitions of vendors and third parties.
The speaker further shed light on the fact that even if a cyberattack occurs due to vendor, the customers will still blame the organization that enlisted the services of the vendor. This necessitates the need for a comprehensive third-party risk management (TPRM) program in the organization, this program must incorporate three dimensions of TPRM which are as follows: Third Party Coverage, Risk Domain Coverage and Regulatory Coverage. The session further focused on the various challenges that a firm is bound to face in the third-party ecosystem such as lack of visibility and absence of onsite assessments to name a few.
The speaker covered key focus areas of a Third-Party assessment so as to provide a complete understanding of how to go about implementing a TPRM Program. The speaker provided examples of third-party risk assessments from various industries and provided students a learning path for launching their careers in this domain. The session concluded with a question and answer session, with the speaker providing detailed answers to all the students queries.