Designing a TPRM program
For this company, compliance was an important issue to manage across its 25 global offices and network of subsidiaries, as well as throughout its vendor ecosystem and supply chain.
To that end, our joint team began by determining a set of predefined assessment triggers, parameters, and questionnaires for each of the three focus areas in the vendor risk management lifecycle. We then rationalized interdependencies across compliance and finance teams to increase efficiency and eliminate redundancies in TPRM tasks.
With those foundational elements in place, we then benchmarked onboarding processes against leading practices to identify operational gaps. As part of this process, we developed comprehensive and robust risk-based onboarding, TPDD, and risk assessment and segmentation frameworks that combined predefined parameters with a variety of supplemental assessments including ABAC questionnaire reviews, an Office of Foreign Assets Control (OFAC) sanctions check, ongoing third-party monitoring, and remediation-action tracking.
In so doing, we were able to streamline and standardize the vendor assessment process, scoring methodology, and reporting templates. We also enabled real-time visibility of the supplier base through dynamic dashboards and comprehensive audit trails to focus the risk and compliance teams' attention on the highest-priority actions.
Finally, we worked with program leaders to introduce the new methodology and educate their teams about these new ways of working. This also included change management aspects of cascading transparent policies, procedures, roles, and responsibilities.