• Search in Protiviti.com

Third-Party Risk Management

Every organization is different and for that reason, a one size fits all approach should not be applied to your third-party risk management program.

Protiviti delivers third-party risk management (TPRM) solutions that are embedded into day-to-day business functions while aligning to industry and regulatory expectations. We identify cost savings, create efficiencies in processes, and mitigate today’s most critical risks.

Successful TPRM drives value by helping to focus business leaders understanding where the usage of third parties will help increase profitability while ensuring your organization’s ecosystem is built to withstand new and unexpected challenges.

If you're in a regulated environment, we help you drive compliance. If you're in a non-regulated environment, we will help increase profitability.

Slash costs, improve processes, and mitigate the most critical risks of today

Survey

December 22, 2023

2024 Top Risks in the Financial Services Industry

Protiviti and NC State University’s ERM Initiative have been conducting our Top Risks Survey for the past 12 years. This journey began just as financial markets around the world were starting their long, slow recovery from the global financial crisis, and has since covered the worst global pandemic in 100 years as well as near record-low interest rates followed...
Learn More

Our Third-Party Risk Management Services

Pro Legal Briefcase

TPRM Strategy and Program Assessment, Design and Implementation/Transformation

We provide better information that helps drive business decisions and generates revenue enhancing activities from assessing the current state, designing and building end-to-end programs, enhancing individual life cycle components and implementing impactful changes.

 
Pro Building office

Improvement of Individual Risk Domains: Operational Resilience (Business Continuity), IT Security, Privacy, PCI, and Compliance

We help leaders streamline data gathering and assessment activities to produce actionable information for each risk domain, support the creation of meaningful and real-time monitoring mechanisms and inform contracting processes through the creation of governance mechanisms that drive stronger Key Risk Indicators, Key Performance Indicators and Service Level Agreements.

 
Pro Document Stack

Third-Party Audits (IT Security/ Shared Assessments, Operations, Compliance)

Protiviti’s assessment services drive decision making and inform risk stakeholders in a manner that is consistent with how your organization manages its risks. We deliver meaningful output to our clients that informs whether a third party meets your expectations across the many risk domains.

 
Pro Briefcase

Technology Enablement

Implement robust TPRM programs across a variety of industries and geographies. TPRM requires technology enablement to make life cycle processes connect seamlessly and provide stakeholders with the information required to make better decisions. Protiviti helps you navigate through these implementations to help streamline programs and processes to keep costs down.

 
Pro Document Consent

Targeted Issue Remediation and Incident Response

Identify and resolve TPRM issues in a manner that supports your business and reduces the future risk of the same or similar issues repeating at a third party. Issues will arise with third parties no matter how strong your program may be.

 
Integrated one-stop solution for financial, information technology, compliance and operational due diligence

An integrated approach to driving value

Procurement and Third-Party Risk Management should be integrated across the life cycle to enhance your visibility, efficiency, risk management and cost management. The four sections of the TPRM life cycle each have an important part to play in helping you determine the right partners to drive your business growth and customer success. Protiviti offers an integrated one-stop solution for financial, information technology, compliance and operational due diligence. Transactions that have been through a comprehensive due diligence process are the most successful, and you are able to realize their expected value.

  • Planning: Successful TPRM starts with strong linkages to business strategies and the value creation process.
  • Due Diligence & Third-Party Selection: Risk Assessment, Due Diligence & Third-Party Selection should be coordinated, risk focused and intended to drive business value decisioning.
  • Contract Management: Contract Management should be informed from the results of due diligence and end in contracts that align to business needs and provide appropriate risk mitigation requirements.
  • Monitoring and Management: Strong contracts drive accountability for oversight activities which helps establish expectations for all parties on what will be required to have a successful relationship.
Integrated one-stop solution for financial, information technology, compliance and operational due diligence

NEWSLETTER

The Top Risks 10 Years Out: Global Risks Are Persistent

Capturing insights from over 1,100 C-level executives and directors across multiple industries with broad geographic representation, our global survey of C-level executives and directors survey offers insights for the top risks over the next 10 years...

NEWSLETTER

The Top Risks for 2024: Risk Priorities Are Shifting

Conducted in partnership with the NC State ERM Initiative, our global survey of C-level executives and directors highlights the influence of economic headwinds, talent issues, emerging technologies, cyber threats and geopolitical events on the 2024...

BLOG

Building Technology Resilience: Aspects and Actions

This is the second in a two- part series exploring the benefits of technology resilience , its aspects and the steps involved to implement a technology resilience program. This post describes aspects of a successful technology resilience program and...

SURVEY

Navigating a Technology Risk-Filled Horizon

Protiviti partnered with The Institute of Internal Auditors to conduct its 11th annual Global Technology Audit Risks Survey in the second and third quarters of 2023.The objective of this survey is to explore the top technology risks organizations...

FLASH REPORT

U.S. Banking Regulators Finalize (Finally) Revised Third-Party Risk Management Guidance

On Tuesday, June 6, 2023, the Office of the Comptroller of the Currency (OCC), the Board of Governors of the Federal Reserve System, and the Federal Deposit Insurance Corporation (collectively, the agencies) issued the “Interagency Guidance on Third...

BLOG

How Tech Firms Can Prepare for New EU Operational Resilience Rules on ICT Risks

The big picture: A two-step indicator-based approach proposed by EU supervisory authorities will be used to assess ICT services providers to determine whether they should be designated as critical and subjected to oversight under the Digital...

Case Studies

Protiviti partnered with a G-SIFI to design and implement a third-party risk management (TPRM) programme in alignment with global regulatory standards with an additional goal of aligning programme development with available technologies within the client’s environment. The company’s current TPRM programme relied heavily on manual processes, data collection, and reporting which limited reporting on the overall programme – status, risks, and performance. Protiviti completed a pilot of the inherent risk questionnaire across ~300 engagements to confirm scoring logic and approach and aligned the TPRM programme to the revised issue management standard and procedures. In the end, enhanced risk assessment methodologies that align with regulatory expectations across the client’s global locations were implemented and due diligence methodologies and templates that provide more consistent results across subject matter areas were provided by Protiviti.

A major U.S.-based manufacturer of technology products realisd its success was outpacing its capabilities in two key areas: sales, inventory and operations planning (SIOP) and warehouse management. The company’s foremost goal in SIOP was to increase top-line revenue by being more responsive to growth in demand. Protiviti conducted a comprehensive assessment of the organisation’s capabilities, analysed process metrics and researched emerging functionalities that could significantly upgrade SIOP capabilities. The result was a detailed list of recommendations that included: redesigned workflow and stakeholder engagement, better definition of the roles and responsibilities of key personnel, improved data flow among departments, substantially increased automation, and new metrics to improve visibility and accountability. Protiviti worked closely with IT and warehouse personnel to document business requirements for the D365 warehouse management system. The collaboration led the firm to redesign and update processes to account for both current and future workflows.

A large global financial institution requested a transformation of its third-party risk management programme and wanted to identify opportunities for enhancement. Protiviti designed and implemented an automated TPRM programme, including an operating model, policies, frameworks, procedures, and enabling technology. The Protiviti team improved and streamlined processes throughout the third-party management function that provided deeper insight into performance, risk and compliance for the bank.

Leadership

Brian Kostek
Brian is a Managing Director with Protiviti and is part of the Regulatory Risk team with more than 16 years of experience in consulting financial services organizations. Brian focuses on solving clients' challenges in designing and implementing third party risk, ...
Learn More
Chris Monk
Chris is one of the leaders of the Global Supply Chain & Operations practice and the leader of Protiviti’s Sourcing and Procurement offering. With over twenty years’ experience, Chris has a proven track record of analyzing, improving, and transforming organizations ...
Learn More
Loading...