Search Results

It’s time for executives to rethink the role procurement professionals hold in organizations, and this shift is critical to reducing organizational risk, boosting resilience, and increasing return on investment (ROI). While the traditional approach to procurement centered on margin impact and managing suppliers from an operational perspective, there is an evolution taking place requiring forward-thinking organizations to focus on the long-term strategy and impacts that the role is playing in today's world. This increased recognition of the vital position of procurement is seen across all industries, and according to Deloitte Insights, “CPOs are successfully navigating… complexities while delivering across a greater breadth of KPIs. Although they are still heavily focused on costs, they have expanded their value propositions to influence demand, drive innovation, and work closely with strategic suppliers and partners to foster commercial compliance, increase speed to market, accelerate M&A integration/divestiture programs, and drive continuous improvement.” Deloitte Insights There are high-stakes risks that necessitate procurement’s shift to a more holistic strategy. However, without the buy-in and support of executives, these initiatives can lose momentum and support. Why a Risk-Based Approach to Procurement? No longer can procurement departments solely serve cost-savings functions. They must also be aware of risks introduced by key suppliers and be provided with the appropriate tools and technology to proactively manage them before major losses or breaches occur. Heightened risk areas that are leading this necessary shift in procurement’s functions include: Isolated or siloed procurement functions: Traditional procurement departments were de-centralized from the larger organization and focused on transactional, short-term initiatives. Organizations that still exemplify these silos face challenges when it comes to managing risks from all angles. Driving collaboration and strategic initiatives between departments from the top down is a best practice for eliminating these silos, while still managing a daily workload of financial responsibilities. Elevated third-party risks: Third-party risks are rising, and can take the forms of cyber-attacks, supply chain delays, components shortages, sustainability challenges, and more. While the incidences of these events rise, organizations are increasingly being held accountable, and procurement plays a critical role in managing vendor relationships. A multitude of unorganized, decentralized data points: Procurement professionals deal with a huge amount of data related to personnel, financial, operational, regulatory, contractual, and more. When this type of information is stored on different platforms, inconsistent, incomplete, or managed by different teams, procurement cannot gain proper insight into potential external risks facing the organization. Transforming Chaos into Clarity As the role of procurement has evolved, procurement professionals are moving from transactional managers to strategic relationship managers, focusing on developing and managing a wide variety of data points across all aspects of their supplier relationships. In order to understand the riskiness of suppliers and third parties, procurement professionals need to wade through all of this information with efficiency and ensure alignment with both company strategies and global regulatory mandates. To do this, third-party risk management software needs to be available that provides centralization of data, full visibility, and documentation for audit trails. Procurement needs to play a key role in managing and utilizing this software in order to monitor vendor relationships and performance. In addition, it is imperative that procurement maintains healthy, collaborative internal relationships to ensure that organizational teams like IT, compliance, finance, sustainability, and others are well informed, with real-time visibility to potential risks, and are able to sustain positive working relationships with suppliers. Areas Where Executives Can Assist Procurement Without the buy-in and support from executives and key stakeholders, procurement teams will not be able to make holistic risk management improvements. While not everything will be implemented immediately, there are general aspects of agility that should be on procurement and executives’ agendas, including: Empowerment and a culture shift: Perhaps the most important area to undertake is to embrace the power that procurement holds within an organization. During years since the pandemic, CPOs and their teams protected their organizations, and executives should continue to take notice of these critical functions. Procurement should be empowered to include themselves in company strategy and products that matter, build teams to better combat emerging risks, and find ways to drive positive change. Thinking holistically: To take TPRM beyond a single function and into holistic areas for acceleration, CPOs should be empowered to focus on their collaboration and influence across job functions, not just as a spend relationship. Being involved in the entire third-party/supplier relationship management process ensures agility. This allows prioritization of suppliers who may pose a higher risk to an organization, rather than relying on a one-size-fits-all procurement strategy that may allow risks to fall through the cracks. Company strategy: By shifting a primary focus to long-term initiatives and goals, procurement professionals can gain a greater foothold in wider organizational strategy. This includes determining risk management priorities, and working with risk, legal, executive, and other teams to better manage supplier onboarding, relationships, and risks. By being in tune with company strategy and thinking of procurement activities from a risk-based approach, procurement teams step out of the shadows and into more collaborative roles. Digital transformation: A key step to take is to build scalable practices rather than one-off pilot programs. By prioritizing data cleanup and investment in TPRM tools that can build centralization and efficiency, CPOs can work with executives to see positive impacts across the organization that support overall risk management. If there are challenges with incorporating digital procurement technology into an organization, gaining executive sponsorship is a critical way to garner support and investment in the tools that will assist in procurement and supplier data. Emphasizing both short and long-term goals and wins, and how these technologies will drive organizational resiliency and agility can be critical when approaching executives. Environmental, Social, Governance (ESG) urgency: The magnitude of environmental, social, governance (ESG) regulations and compliance is reshaping how organizations manage suppliers, affecting not only procurement, but legal, compliance, risk functions, executives, and more. With concerns such as climate change, eliminating human trafficking and modern slavery from supply chains, identifying and eliminating corruption, etc. procurement must work with executives to take a driving role in ensuring that third-party vendor relationships are compliant and ethical. Shifting Company Culture for Procurement Success Maintaining healthy supplier relationships is not just about onboarding, it also must include managing risk, quality, and performance of suppliers, assuring compliance where needed, while still owning the transactional responsibilities that are at the foundation of this role. The procurement team is the bridge between the enterprise and the extended enterprise: the organization and its suppliers. No one knows suppliers as intimately as procurement. They, like no other function, can make predictive connections between their suppliers and the risks they may pose to the enterprise. In addition to mitigating risk, procurement has the unique opportunity to drive innovation for the enterprise by partnering with suppliers to identify new products, materials, capabilities, and offerings. In order to manage these responsibilities, drive efficiency, and take a risk-based approach to procurement, executives within a company need to recognize procurement’s strategic value to the organization. They must step up to establish an organization-wide culture that empowers procurement to be a driver in managing the full lifecycle of their organization’s supplier and third-party relationships. Aravo provides centralized, automated TPRM solutions to help procurement and other risk teams proactively manage risks and build resilience throughout their organizations. To learn more, speak with one of Aravo’s experts today. Author Info: Hannah Tichansky is the Senior Content Marketing Manager at Aravo Solutions, the market’s smartest third-party risk and resilience solutions, powered by intelligent automation. At Aravo, she manages all content and thought leadership produced for products and campaigns and contributes as an author for articles and blog posts. Hannah holds over 13 years of writing and marketing experience, with 7 years of specialization in the risk management, supply chain, and ESG industries. Hannah holds an MA from Monmouth University and a Certificate in Product Marketing from Cornell University.

Artificial intelligence (AI) is everywhere, and it’s transforming the way we live and work. It’s rapidly revolutionizing industries with its potential to solve complex problems, enhance decision-making, and improve efficiency. As such, the integration of AI into many products and services offered by third-party vendors to organizations is also becoming more widespread, many times without the organization’s awareness. Understanding the Risks of Third-Party AI AI is an impressive technology, but it also comes with significant risks, especially when it’s integrated into vendor products or services. Let’s examine two of the most common risks of third-party AI usage: Data security and privacy – AI systems need a significant amount of data to function efficiently. Therefore, it’s essential to protect the data from theft and misuse. AI systems may access different types of data such as: Customer/consumer information and personal identifiable information (PII): This includes addresses, driver's licenses, passports, family members, financial or health information, social media or web use data, shopping behaviors, and more. Sensitive company data: This includes employee records, financial information, customer data, legal and compliance information, supply chain inventory, logistics, forecasting, and all types of intellectual property. Compliance and legal – It’s vital to understand there are significant legal and compliance concerns related to the use of data and other assets when they’re accessed and processed with AI. The use of AI in data processing may be subject to numerous laws and regulations, including: Health Insurance Portability and Accountability Act (HIPAA) Children's Online Privacy Protection Act (COPPA) Gramm-Leach-Bliley Act (GLBA) Electronic Communications Privacy Act (ECPA) California Consumer Privacy Act (CCPA) Numerous state privacy laws Additionally, there’s a risk of violating permissible use requirements preventing out of context, unrelated, or unfair use of data. While these are two significant risks associated with AI, they’re not the only ones. Ethical risks, including bias and fairness, require attention, as do algorithm transparency, financial risk, and intellectual property risks. As AI technology becomes more widespread, the risks associated with it are also expanding. Identifying AI Risk in Your Third-Party Vendor Portfolio You likely have third parties who are currently using AI in their products and services. If you haven't done so already, it’s important to identify these third-party vendors and assess the specific AI risks they pose to your organization and customers. It's crucial to update your third-party risk management (TPRM) framework and tools to include AI risks. However, many TPRM programs haven’t incorporated AI risks, and it’s important to address this issue now. A practical, two-prong approach can ensure you’re identifying existing third-party AI risks and building the infrastructure to properly assess and mitigate them: Getting started – Develop a short questionnaire to help identify the products and services utilizing AI. Here are three suggested questions that can provide a wealth of information: Has AI technology been used in the research, development, or production of any of your products or services? It's worth noting that different types of AI carry different levels of risk. For instance, a vendor might use image recognition for research purposes, generative AI to create a system that interacts with customers directly, such as a chatbot, or machine learning to identify fraud across a series of transactions. Are there any plans to incorporate AI in your products, services, or operations? It's crucial to consider that your third-party vendor's adoption of AI can significantly impact your organization, even if they aren't currently using it today. Do you have any policies on employee use of AI? Inquire whether your third-party vendor has any limitations or prohibitions regarding the workers' usage of AI for work-related assignments. With the increasing popularity of generative AI systems such as ChatGPT, it’s essential to understand how your vendor is supervising the utilization of such technologies among their employees, especially if the AI-based service uses the data input to train its model.   Begin with your critical and high-risk vendors and work your way down the list. This simple approach can help you determine where additional due diligence and risk reviews are needed. Updating your TPRM framework – It's not enough to identify third-party vendors with AI; you’ll also need proper tools and processes to ensure they have adequate AI risk management practices and controls, and that risks are well-managed and monitored throughout the contract. This means incorporating AI risk across your entire TPRM framework. Here are key areas to review and update: Incorporate AI-related questions in the inherent risk assessment Update vendor questionnaires to include AI-related questions Identify the types of due diligence documentation you’ll request as evidence of AI controls Review and update standard contract language to address AI risks Consider how AI will be factored into third-party performance monitoring and management Consider how AI will be factored into third-party risk monitoring Update governance documentation Evaluate stakeholder education and collaboration Note: Don’t overlook this important consideration! It’s crucial to update your TPRM processes and tools with a sense of urgency. However, it should be noted that AI isn’t yet as well understood as other established risk domains. Even experienced TPRM professionals may face unique challenges when dealing with AI, which could lead to delays, rework or, in the worst case, ineffective risk identification, assessment, and management. To help prevent these AI challenges and issues, your organization should find and work with a qualified AI subject matter expert who can guide you through the process of updating the TPRM framework. This expert can help determine the right questions to ask on a vendor risk questionnaire, identify the appropriate due diligence documents, and provide ongoing support for vendor risk reviews. If you don't have access to this expertise within your organization, you may need to engage external resources or consultants. By taking this simple approach, your organization can begin to identify vendor AI usage within your organization and start taking steps to mitigate the risks. This will leave your organization in a safer, more prepared position.

With our 2024 in-person conference just around the corner, Third Party Risk Association (TPRA) would like to share the wide array of benefits which come from attending an industry-specific conference. In the ever-evolving landscape of professional development and networking, conferences stand out as vibrant hubs for knowledge exchange, innovation, and collaboration. Throughout this five-part blog series, we will delve into the multifaceted advantages that conferences offer. Each installment will explore a different facet of how conferences empower individuals and organizations alike. Today’s blog focuses on the Impact of Conferences on Industry Insight & Innovation.  It highlights how these events provide a platform for professionals to engage with peers and leaders in the exchanging of research, trends, and innovative ideas. Attendees benefit from interactive sessions, panel discussions, and networking events, gaining insights that fuel forward-thinking strategies. This blog will explore how attendees can maximize these opportunities for staying updated, engaging with industry leaders, and contributing to their respective fields' growth. Embracing Technology, Trends, & Research Conferences are a conduit for collaboration on emerging risks, solving for TPRM challenges, and working together on new and innovative approaches to mitigate third party risk. These interactions not only deepen individual knowledge, but also contribute to industry growth and development by promoting innovation and shaping future techniques. Attending the Third Party Risk Madness conference will help you stay updated on the latest advancements in technology and industry trends. With 56 total sessions spread over 4 days, including three keynote speakers, 12 roundtables, and four demo sessions, you can gain insights from knowledgeable industry professionals. Participate in sessions on technology and emerging risks, engage with industry leaders during networking events and roundtable sessions, and follow up with speakers and attendees post-conference for further discussions and insights. View the full agenda > Following a conference, thank speakers and attendees for their insights, follow-up through email or social media, share thoughts on their presentations, ask about resources available, and offer to connect via coffee meetups, virtual discussions, or collaborative projects to strengthen relationships and foster knowledge sharing.  This ensures that conversation don’t stop with the conference.  That you, as a practitioner, can further develop ideas discussed at the event, and work to implement new TPRM strategies. Conference materials can be a great resource for deepening your understanding of the topics covered.  They allow you to not re-create the wheel and implement strategies and processes that have worked for others.  They can also validate mature processes your organization has in place; thereby, adding credibility to your program. Do some research before and learn about the latest research and trends that the conference may be addressing. Before attending a conference, conduct thorough research to understand the latest research findings and emerging trends. Explore publications, industry reports, and articles to understand the current landscape and find key topics, challenges, and innovations to discuss.  Bring those thoughts, ideas, and questions to the conference and actively participate in conversations during presentations and roundtables.  Also come with pain points and questions from your own program to benchmark off fellow peers in similar situations. Professional Development Conferences offer professional development opportunities to enhance attendees' skills, knowledge, and capabilities. Workshops and training sessions cover emerging technologies, best practices, and industry-specific regulations. Networking opportunities promote mentorship, knowledge sharing, and learning, allowing attendees to broaden their perspectives and gain insight from experienced professionals. Take notes during sessions to capture key insights, ideas, and strategies shared by speakers and panelists. This will help you gather key insights, ideas, and strategies that you do not want to forget. Use these notes to transform concepts into plans, driving change within your organization, and start discussions about innovative TPRM approaches.  Often times, an idea from a conference can influence your perspective on processes and activities within your organization. Use networking breaks and social events to set up connections with industry peers, potential mentors, and collaborators. As we discussed in our last blog, networking is the best way to connect with fellow attendees and collaborate with industry peers. Make sure to take advantage of opportunities such as networking events and lunchtime meetups to foster conversations that could lead to future partnerships. Conclusion Attending conferences like our very own Third Party Risk Madness provides opportunities for professional growth and networking. Attendees can stay updated on technological advancements and engage in discussions with industry leaders. Post-conference follow-ups allow for collaborations. Conference materials promote understanding, particularly in Third Party Risk Management, pushing for deeper exploration. Networking breaks allow connections with professionals, mentors, and potential collaborators, paving the way for future partnerships. Prior to attending the conference, research emerging trends to ensures active participation and meaningful contributions. Join us at Third Party Risk Madness – where basketball, business, and TPRM unite for an epic showdown of innovation and success. Dribble your way to victory in Phoenix, Arizona, on April 9-12, 2024! Secure your court-side seat and take advantage of exclusive offers here. Hurry, space is limited, and you won't want to be left on the bench for this thrilling event.

Virtual Tool Fair Hosted by the Third Party Risk Association TPRM Tools of the Trade Show July 17, 2024 from 9 AM - 4 PM CT GET TICKETS HERE Show headliners Interested in becoming our newest act? Apply to participate in this event here! Hear all about it! Step right up, ladies and gentlemen, to the greatest show in Third Party Risk Management: "TPRM Tools of the Trade Show"! Join us for a spectacular virtual extravaganza like no other, hosted by the Third Party Risk Association (TPRA) on July 17, 2024 , from 9 AM to 4 PM CT . Under the big top of the digital arena, witness astounding 25-minute demo sessions for TPRM tools, such as risk ratings/intelligence tools, TPRM platforms, and TPRM services. Marvel at the incredible feats of innovation and ingenuity as top TPRM Service Providers showcase their unique talents! This event is FREE to all, so grab your tickets now ! Get ready to be dazzled as we bring you the most thrilling acts of TPRM services and solutions! ​ Join in the excitement as our ringmasters guide you through interactive discussions and captivating sessions , where you'll have the chance to mingle with fellow TPRM practitioners and industry experts. It's a community fair of knowledge and networking , where every interaction is a chance to learn, grow, and elevate your TPRM game. ​ Whether you're a seasoned ringmaster or a daring newcomer to the world of TPRM, "TPRM Tools of the Trade Show" promises an unforgettable experience under the virtual big top. So grab your popcorn, take your seat in the front row, and prepare to be amazed by the spectacle of third-party risk management like never before! ​ Register now to tame the tprm circus! Register Now Agenda Please note the Trade Show will run from 9 AM - 4 PM central time . Third Party Risk Association Start Time: 8:55 AM End Time: 9:00 AM Welcome & Kick-Off After a quick introduction & welcome, we'll kick off this virtual event! Learn More Session 1 Start Time: 9:00 AM End Time: 9:25 AM GRC Tool ​ Learn More Session 2 Start Time: 9:30 AM End Time: 9:55 AM GRC Tool ​ Learn More Session 3 Start Time: 10:00 AM End Time: 10:25 AM GRC Tool ​ Learn More Session 4 Start Time: 10:30 AM End Time: 10:55 AM TPRM Platform ​ Learn More Session 5 Start Time: 11:00 AM End Time: 11:25 AM TPRM Platform ​ Learn More Session 6 Start Time: 11:30 AM End Time: 11:55 AM TPRM Platform ​ Learn More Lunch Break Start Time: 12:00 PM End Time: 12:55 PM Lunch ​ Learn More Session 7 Start Time: 1:00 PM End Time: 1:55 PM Risk Rating/Intelligence Tool ​ Learn More Session 8 Start Time: 2:00 PM End Time: 2:25 PM Risk Rating/Intelligence Tool ​ Learn More Session 9 Start Time: 2:30 PM End Time: 2:55 PM Risk Rating/Intelligence Tool ​ Learn More Session 10 Start Time: 3:00 PM End Time: 3:25 PM TPRM Services ​ Learn More Session 12 Start Time: 3:30 PM End Time: 3:55 PM TPRM Services ​ Learn More Session 11 Start Time: 3:30 PM End Time: 3:55 PM TPRM Services ​ Learn More Closing Start Time: 3:55 PM End Time: 4:00 PM Closing ​ Learn More

< Main Page Previous Welcome & Kick-Off 8:55 AM to 9:00 AM Next The Third Party Risk Association was created out of a necessity to build a community of like-minded third party risk professionals to allow for the sharing of best practices, exchanging of ideas, and influencing of an industry. This organization is a 501(c)(6) not-for-profit. ​ Activities in support of this purpose include, but are not limited to: Read More Julie Gaiaschi CEO & Co-Founder of the Third Party Risk Association (TPRA) Julie Gaiaschi, CISA, CISM, is the CEO & Co-Founder of the Third Party Risk Association (TPRA). She has over 15 years of technology and information security risk experience, with the last 10 years specializing in third party risk identification and mitigation techniques. In her role as CEO, she provides strategic direction for the non-profit, whose mission it is to further the third party risk profession through knowledge sharing and networking. She also has a passion for helping others enhance their own third party risk management programs. In 2021, Julie was awarded "CEO of the Year" by Women in Governance, Risk, and Compliance. Prior to co-founding the TPRA, Julie consulted on third party risk for a large bank. She also developed and led a large health payer organization’s Third Party Security program. There, she established and executed the third party ri… Show More Heather Kadavy Senior Membership Success Coordinator of the Third Party Risk Association (TPRA) Heather Kadavy joined the Third Party Risk Association (TPRA) in 2023 as the Senior Membership Success Coordinator. In recent year(s) Heather has been providing freelance TPRM consulting work to various organizations after retiring from a Nebraska financial institution after nearly 35 years where she oversaw and managed critical programs of the organization including Third Party Risk Management, Information Security, Physical Security, Safety, Business Recovery, Financial Crimes, Model Risk Management, and Enterprise Risk Management. In her TPRM role she had oversight of over a thousand third party relationships, systems, due diligence reviews and contract management activities. She developed, facilitated, and implemented training programs for thousands of employees over the years. As well as has served in board of director or leadership team roles to facilitate local, regional and state-wide peer-partnerships meetings between financial institutions, law enforcement, and other industry, external aud… Show More Meghan Schrader Senior Marketing & Communications Coordinator of the Third Party Risk Association (TPRA) Meghan graduated Summa Cum Laude from Trine University in 2022 with a Bachelor of Arts in English and Communications. She was the 2022 Jannen School of Arts and Sciences Distinguished Student of the Year, the Trine University 2022 Robert B. Stewart Award Winner, and was awarded the Gold Key for outstanding academic performance. At Trine, she was the Director of Creative Design for the HAC Media Team and Editor-in-chief of the Writers' Block Literary Journal. She began working as an intern at TPRA in July of 2021 before officially joining the team in June of 2022. In her role as Marketing Coordinator, Meghan provides organization-wide marketing strategy in support of TPRA's mission to further the third party risk profession through knowledge sharing and networking. Meghan currently lives in Fort Wayne, Indiana with her boyfriend and their dog. She has a… Show More

< Main Page Previous GRC Tool 9:00 AM to 9:25 AM Next