Tom Fox welcomes VP of Third-Party Risk at Prevalent, Brenda Ferraro, to this week’s Innovation In Compliance show. They discuss Prevalent’s 2020 Third-Party Risk Management study, its key findings, and implications for compliance professionals.
A Holistic Approach
Brenda describes Prevalent’s mission as “…delivering a unified third-party risk management platform that’s going to enable businesses to better reveal and interpret and alleviate risk by simplification and speeding risk mitigation awareness …” Prevalent does this through “economic approaches with standardization, how to use networks, how to leverage completed content gathering and making sure that we’re doing the big bang for the buck,” Brenda says. She emphasizes the importance of a holistic and economic approach.
Key Findings and Recommendations
Tom and Brenda discuss why Prevalent commissioned The 2020 Third-Party Risk Management study and its key findings and recommendations. Brenda says that the objective of the study was to provide “a state of the union” on third party risk as well as actionable recommendations to the industry. She lists some of the key findings, including:
- a lack of process which lessens third party program effectiveness;
- third party risk management is a team sport;
- many companies lack confidence in their risk management programs and the results they’re getting;
That companies need a comprehensive risk management process is the study’s predominant recommendation. Brenda critiques the compliance industry’s affinity for questionnaires, which just expose vulnerabilities but do nothing to mitigate them. She remarks, “…if you don’t have a way to track and monitor your performance indicators and your risk indicators, then what you’re doing is, you’re spending a lot of time with questionnaire fatigue, gathering content administratively, identifying risks, and then it stops there. So we’ve got to get to the point where we’re looking at inherent risk and residual risks qualitatively and quantitatively so that we can end up doing what’s best for the company moving forward.” She argues that industries need to work together to identify and address vulnerabilities across sectors. Working together and sharing information will help everyone elevate their risk posture and reduce vulnerabilities.