© 2019 RSM US LLP. All rights reserved.
Third-party Risk Management
A holistic approach can help mitigate third-party and vendor risk
As organizations gain efficiencies by shifting noncore functions to more experienced providers, they also open themselves up to new sources of third-party risk and vendor risk. What happens to employees’ Social Security numbers and bank account information when those details are shared through the cloud with a third-party payroll processor? Are you limiting with whom and how securely you are sharing customer credit card numbers with third parties? What happens when you share data with and rely on third-party distributors who handle shipments from China?
These and other scenarios only touch upon the many instances where data that once may have been under your full control is now shared with other members of your business ecosystem, and susceptible to vulnerabilities in their organizations.
A holistic approach
At RSM, we take a holistic approach to assessing risks, collaborating with stakeholders throughout your organization to develop a customized approach tailored to your unique third-party strategy and business goals.
Our experienced technology risk advisors work with you, providing advice that will help you optimize your third-party risk management program. Your organization also receives the benefit of legal, financial and cybersecurity specialists who provide guidance throughout the overall third-party risk-management process. Our solutions include:
Vendor management program design. We help you develop processes, policies and procedures for all stages of the vendor life cycle.
Vendor selection and risk assessment. When you identify prospective new vendors, we can assist with due diligence, risk rating and selection.
Contract management. Here we can review various contracts to ensure that you are protecting your organization, including data-security commitments to safeguard consumer information as well as business continuity and disaster recovery agreements to ensure that vendors can fulfill their obligations to you.
Vendor monitoring routines. In addition, we can monitor vendor risk and performance, and review service-level agreements (SLAs), and system and organization control (SOC) reports.
Common third-party risks
Our comprehensive approach to managing third-party risk and vendor risk helps you address major sources of risk, including:
The types of risk introduced by third parties simply cannot be fully assessed without a complete understanding of the resulting arrangement. We can help you assess these risks and complete a comprehensive strategy to better manage these risks and third-party processes.
The RSM advantage
While third parties can increase productivity and provide financial benefits, you retain responsibility for their inherent risks.
We have assisted clients who need help:
- Formalizing or improving processes and controls around third-party and vendor risk management
- Prioritizing vendors or other third parties for initial risk assessment, data security assessment and ongoing monitoring
- Conducting internal audits to improve or provide assurance over controls pertaining to third-party systems, vendor management and third-party data security
RSM’s experienced advisors can protect you from violating laws and damaging your reputation by helping you understand your third-party relationship risks and implementing effective controls to increase performance and compliance. We take a holistic approach and design flexible solutions that account for evolving regulatory demands, and increase visibility into your relationships.
RSM’s qualified team of technology risk consultants is uniquely equipped to provide third-party and vendor technology risk consulting services. We provide value-added, high-quality, meaningful recommendations needed to develop and execute an effective third-party risk management strategy. Through decades of successful technology risk consulting experiences, our advisors understand your business and technology requirements, while taking a holistic perspective to address your immediate and future state concerns regarding the effective use of technology across your business. Our people, depth of resources, differentiated third-party risk management methodology and experience in your industry combine to provide comprehensive and effective solutions for your technology risk consulting needs.
We welcome the opportunity to learn about your specific needs and demonstrate our ability to serve them. Please contact us today so that we might begin a conversation.