Categories
Compliance Tip of the Day

Compliance Tip of the Day – Leveraging AI for 3rd Party Risk Management

Welcome to “Compliance Tip of the Day,” the podcast where we bring you daily insights and practical advice on navigating the ever-evolving landscape of compliance and regulatory requirements. Whether you’re a seasoned compliance professional or just starting your journey, we aim to provide bite-sized, actionable tips to help you stay on top of your compliance game. Join us as we explore the latest industry trends, share best practices, and demystify complex compliance issues to keep your organization on the right side of the law. Tune in daily for your dose of compliance wisdom, and let’s make compliance a little less daunting, one tip at a time.

Today, we consider how AI can greatly increase the speed and efficiency of your 3rd party risk management program.

For more information on the Ethico Toolkit for Middle Managers, available at no charge, click here.

Check out the entire 3-book series, The Compliance Kids, on Amazon.com.

Categories
Innovation in Compliance

You Can’t Outsource Risk with Sandeep Bhide


 
Sandeep Bhide is the Vice President of Product Management at ProcessUnity, a company that is making good governance, risk, and compliance (GRC) practices and tools available to organizations via third-party risk and cybersecurity program management tools. Tom Fox welcomes him to this week’s show to talk about their Third-Party Risk: A Turbulent Outlook Survey report and how ProcessUnity helps their clients.
 

 
The Purpose of ProcessUnity
Tom asks Sandeep to explain the basis of ProcessUnity and the key products and services they are offering. Sandeep says that the company offers cloud-based solutions that provide help for organizations of all sizes, that allows them to automate their risk and compliance programs. He adds that it is an easily customizable program that reduces manual administrative tasks and allows customers to focus on “the more strategic risk mitigation activities”. ProcessUnity has the ability to review the company’s GRC program and deliver great results quickly. 
 
Third-Party Risk: A Turbulent Outlook Survey Report 
Tom wants to know what was the intent behind this report and how it came to fruition. Sandeep states that the objective of the study was to determine how well organizations understood and managed risk associated with their third-party partners. 301 IT and cybersecurity decision-makers and influencers participated in the survey, and they were asked about their concerns and challenges when managing certain risks, and how it has impacted the security incidents related to their third-party partners. Sandeep shares the overall findings of the survey found that: 

  • Third-party relationships continue to expand exponentially; 
  • Companies continue to seek outsourced services and software in order to perform optimally and to replace talent and supply sources due to the pandemic;
  • The majority of respondents have experienced an IT security incident over the last two years because of a third-party relationship. 

 
The Gathering Storm
Tom asks Sandeep to explain the concept of “the gathering storm” and the technological solution ProcessUnity provides to help navigate it. Sandeep explains that the term refers to a supply chain attack executed by “close third-party relationships that have either physical or network access to equipment and premises and those that provide software vital to a business’ operation.” Sandeep then warns that companies should vet these third parties since their role is so important. Most companies would rather focus on their core businesses, however; they feel it doesn’t make economic sense for them to do everything themselves and third parties provide the types of talent they need to properly conduct their business. Sandeep comments that “companies can outsource the work which is an imperative for them, but they can’t outsource the risk”. To manage your third parties, you must have multiple in-house and out-house methods to vet them, including questionnaires or assessments. You have to get to know your partners because they have the most risk attached to them.
 
Resources 
Sandeep Bhide | LinkedIn | ProcessUnity
 

Categories
31 Days to More Effective Compliance Programs

Wrap up of 3rd Party Management and Preview of Boards of Directors


In this final episode for the month of July on 31 Days to a More Effective Compliance Program, I review the past month’s offerings and preview the month of August where I take up the topic of Boards of Directors and Compliance.

Categories
FCPA Compliance Report

Tony Charles on Managing a 3rd Party Process

In this Episode, I visit with Tony Charles, Chief Client Officer at Steele Compliance Solutions, Inc. In this podcast we discuss the firm’s recent article 3rd Party Due Diligence: Creating a Credible and Defensible Program. We use it as an entrée into the topic of 3rd party due diligence.

Some of the highlights include:
·      What was the genesis behind the article 3rd Party Due Diligence: Creating a Credible and Defensible Program?
·      Where should a company begin due diligence?
·      What are the levels of due diligence?
·      What is investigative tiering?
·      What is an investigative framework?
·      What are the critical components of automated due diligence program?
For a copy of the article 3rd Party Due Diligence: Creating a Credible and Defensible Program, click here.