1 / 17

Third-party Assurance — Case Studies

Third-party Assurance — Case Studies. Global Financial Institution. Challenge. 2,000 vendors and internal assets Assurance activities in silos Manual a ssessment tools. Automated, efficient, multi-tier process Aligned, focused evaluation tools

jaxon
Download Presentation

Third-party Assurance — Case Studies

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Third-party Assurance — Case Studies

  2. Global Financial Institution Challenge • 2,000 vendors and internal assets • Assurance activities in silos • Manual assessment tools • Automated, efficient, multi-tier process • Aligned, focused evaluation tools • Assessment coordination and schedule management • Issue and remediation tracking Solution • High program rating from external regulator • Management control of assurance process • Easy visibility of vendor risk rankings • Reduction in vendor assessment time and effort • Reusable assessment tools and patterns • Third-party satisfaction with streamlined process Results

  3. Global Technology Services Company Challenge • Financial risk exposure due to contract non-performance • Objective evaluation of third-party contract risk • Develop standardized risk taxonomy and rating levels • Catalog of rated risks • Contract risk evaluation built into review process • Management of contract review documentation • Management reporting of gaps and regulatory non-compliance Solution • Reduced incidence of errors in previously manual process • Process-based exception triggers and alerts • Enhanced control of contract review documentation • Real-time access to contract performance and compliance status • Common risk repository for use throughout the organization Results

  4. Third-party Assurance — Tools

  5. Common Risk Framework • Consistent taxonomy • Risk categories • Risk responsibility

  6. Vendor Impact Visibility • Systems • Business process • Facilities • Regulations • Standards …

  7. A Common Business Language • Consistency of reference • De-facto authoritative sources • Easy global access • Alignment with other enterprise systems Screenshot: Application Hierarchy

  8. Multiple Assessment Types • Questionnaire • Analyst findings • Controls testing Screenshot: Findings Report

  9. Vendor Rankings • Assessment results • Risk ratings • Risk categories Screenshot: Vendor Risk Report by Rating with Categories

  10. Issues and Remediation • In-context creation • Responsibility assignment • Collaboration dialog • Resolution tracking • Local and global reporting

  11. Third-party Assurance — Process

  12. Focus on High-Risk • Multi-step process — effective and efficient • Funnel to the risky few • Screen out low-risk entities • Benefits • Confident control of high-risk relationships • Elimination of redundant, unnecessary work • Additional subjective evaluation • Detailed scoring • Controls testing • Remediation

  13. Full Relationship Lifecycle • New third-party relationships • Ongoing third-party relationships Resolve Issues Assess Monitor

  14. Triggers for Action • Process-based • Exception-based • Alerts • Metric changes • Business change • Acquisitions

  15. Program Alignment • Coherent third party interaction • Coordinated scheduling • Non-redundant evaluation tools • Shared evaluation results • Integrated risk picture • Coordination with internal asset reviews

  16. Collaboration • Third-party access • Self-assessments • Issues • Remediation • Documentation • Regulatory access Screenshot: Vendor Specific Issues Report

  17. Staged Deployment • Incremental • Incorporate departments one at a time • Go global gradually • Benefits • Immediate return • On-the-ground learning • Evolving optimization

More Related