Third Party Risk Management USA Agenda

Session details 

• Increased likelihood of staff turnovers in an uncertain economic environment
  • Incorporating within supply chain due diligence
• Continuation of supply chain risks as a result of Ukraine war
• Challenges sourcing raw materials through to energy availability
• Availability of critical materials and increased transportation costs
• Managing concentration risks in geographies on supply of raw materials
• Implications across industries financing and sourcing materials
• Managing variability in lead time with fluctuations in delays
• Understanding third party ability to deliver within supply chain
• Understanding down and upstream impacts of disruptions at any point

Session details 

• Defining business criticality
• Capturing suppliers providing critical service to customers
• Being a pioneer in industry whilst mitigating risk
• Identifying key features of ‘criticality’
• Evolving definitions in an emerging market
• Ensuring critical third parties are addressing emerging risks
• Oversight requirements for key suppliers
  • Ensuring vendors are protecting the organization from impact

Session details 

• • • Onboarding small and diverse suppliers quicker
    • Managing pressures on fast turnaround from the business
    • Enhancing competitiveness and inclusivity with small and diverse suppliers
    • Balancing cost to supplier with lengthy processes
    • Risk evaluating company instead of service
    • Implementing pre-assessment techniques
    • Impact to supply chain with delays in onboarding
      • Need for faster turnaround with continued supply chain challenges
    • Managing reputation risks working with organizations in Russia whilst onboarding new suppliers

Session details 

• • Industry specific access to equipment and firewalls
    • Healthcare case study with remote access to heart monitors
  • Procuring insight into fourth parties
  • Evidencing third parties have solid TPRM programs
  • Managing concentration risk across supply chains beyond 4^th parties
    • Financial services case study
  • Managing access to data with fourth parties and beyond
  • Concentration risk with fourth and fifth parties

Session details 

• Indicators to determine when action is required
  • Using poor performance as an indicator
• Identifying value in performance monitoring
• Tracking SLAs and identifying strong vendors
• Termination of non performing vendors
• Relying on relationships as a fix to disruptions
• Advancing supplier relationship management practices

Session details 

• Geographic concentration for services or products
  • Thailand flooding case study
• Supply chain risks as a result of concentration
• Managing demand with low supply
• Understanding vulnerabilities in offshore organizations
• Identifying signals from the noise
  • Filtering useable data from the vast amount of information available
• Leveraging data to understand true risks

Session details 

• Impact of the war in Ukraine on global supply chains across industries
  • Service and product chains
• Managing inflationary pressures and economic instability
• Continuity of the great resignation and impact to professional services
• Due diligence and ongoing monitoring techniques
  • Management of material suppliers
• Preparing for changes in availability and cost of key commodities
  • Spanning from energy costs to technology infrastructure
• Identifying disruptions early and preparing
• Counteracting a diminished workforce with reduced resources and funding
• Benchmarking renegotiation of contracts with inflation rises

Session details 

• Monitoring risks across locations
  • Climate events and political unrest
• Alignment with ESG challenges
  • Evaluating environmental status and social justice
• Downstream impact on industries of unrest in certain locations
• Health services in countries with operations or facilities
• Vendor concentration in geographies
• Offshoring risks with teams in areas of political instability
• Changing regulations across jurisdictions

Session details 

• • • Monitoring diversity and inclusion of suppliers onboarded
    • Tracking modern slavery risks: Legislation globally across sectors
    • Alignment of standard setting organizations
      • Increased standardization within and across sectors
    • Evaluating third party risk against ESG metrics
    • Monitoring negative news stories and quantifying impact
    • Exploring measurable ways to progress ESG agendas
    • Balancing sustainability with realistic business practices
    • Scope 1, 2 & 3 emissions requirements

Session details 

• • • Training, awareness and monitoring of uses of technology infrastructure
    • Risks of shifting resources with talent moving across industries
      • Managing high voluntary and involuntary turnover
    • Inclusion of social aspects of ESG:
      • Treatment of humans across suppliers: Compensation, diversity, employee retention programs etc.
    • Managing retention in offshore centres with high turnover rate
    • Recruitment and retention schemes for top talent providing services
      • Taking a risk-based approach to identify critical services and activities
    • Evaluation of future of work from home and hybrid opportunities

Session details 

• • • Session to come

Session details 

• • • Disaster recovery and incident response management
    • Implementation of multi factor authentication methods
      • Ensuring as a minimum standard for vendors with access to data
    • Analyzing third party controls and response plans
    • Increased cyber risks in a hybrid environment
    • Impact of moving services offshore on cyber threat landscape
    • Reviewing cyber insurance policies
    • Leveraging data to mitigate risk and financial implications
    • Cyber resilience: Recovery plans in event of a cyber breach

Session details 

• • • Monitoring vendors after risk assessments
    • Moving away from point in time assessments
    • Aggregators of data
    • Ensuring information security and privacy risks are protected
    • Developing an escalation plan
    • Prioritising and mapping controls
    • Financial reporting of private companies

Session details 

• Identifying high risk or critical vendors
  • Developing a tiered approach to assessments
• Future of onsite assessments in the wake of Covid-19
  • Are virtual assessments sufficient?
• Reviewing alternatives to onsite assessments
  • Limiting use of burdensome and repetitive questionnaires
• Determining what level of depth is appropriate
• Modeling assessments into manageable sizes
• Determining criticality of vendors

Session details 

• Aggregating and assessing data touchpoints in an automated way
• Moving away from manual processes and reactive security
• Partnering with internal teams for effective data management
  • Data mapping, intelligence, governance, privacy etc.
• Scarcity of resources and knowledge to drive initiatives
• Leveraging AI for predictive analytics
• Integrating multiple point solutions to automate processes
• Automation of controls and response

Session details 

• Navigating effectively to maintain a TPRM program
• Leadership insight on return and risk reward
• Demonstrating driving down risks to the business
• Defining a structure for best practice in demonstrating value
• Demonstrating the program is saving money through risk avoidance

Session details 

• Managing increased ransomware threats
• Developing cybersecurity hygiene programs
• Response techniques in the event of a ransomware attack
  • Benefits and drawbacks of paying ransom
  • Reputational impacts of breach and funding criminal activity

Session details 

• Investment for TPRM teams
• Examples of where predictive risk modeling has been applied in TPRM
• Staying ahead of risks on the horizon
• Taking mitigating measures ahead of time
• Reducing need for traditional manual due diligence
• Sourcing higher level insights for informed decision making
• Predicting where material outsourcers may incur problems
• Future of predictive analytics
  • Specific metrics to make better decisions

Session details 

• Cross industry best practices
• How to set up an effective TPRM program
• Developing robust controls to detect and prevent data sharing
• Mitigating risk of exploitation
• Managing APIs and interfaces between vendors
• Reviewing regulatory obligations across industries
• Where can best practice be leveraged? Educating wider business staff on complexity of risk
• Advise to teams on managing risk and what part they play
• Identifying what ‘good’ practice looks like