Categories
Innovation in Compliance

Contracts as a Third-Party Risk Management Tool with Brad Hibbert


 
Tom Fox welcomes Brad Hibbert on this episode of the Innovation in Compliance Podcast. Brad is the Chief Strategy Officer of Prevalent, Inc. He joins Tom to talk about how Prevalent helps companies manage third-party risk, the importance of risk management, and what the future for risk management in the compliance world may look like. 
 

 
Managing Third-Party Risk
Tom asks Brad to explain how Prevalent helps companies manage third-party risks. “We have a SaaS platform that helps organizations identify those risks, report against those risks, and then provide remediation capabilities to reduce those risks at every stage of the vendor lifecycle,” Brad tells Tom. Risk management is no longer about just doing reactive reporting on an annual basis. Risk has to be proactively monitored, identified, and reduced on a day-to-day basis, and especially when companies are having day-to-day conversations with their third parties during contract execution. Prevalent enables its risk management platform by having different team members interact with the third parties to collaborate and reduce the risks at every stage of the vendor life cycle. 
 
A Must Have
Third-party risk management is a must-have right now, and will continue to be in the future. “What organizations are realizing is they have to move beyond the compliance check box and actually reduce the risk associated with these third parties,” Brad remarks. Compliance is one of the drivers of this, but another main factor is the pandemic. COVID has changed the way companies and businesses operate, and has also exposed their weaknesses. With the shift to the hybrid work environment, and the increase of work from home, companies have had rapidly onboard third-party risks due to the use of online platforms. The risk of cyber-attacks and information being leaked is high, so being able to manage and protect companies from that is paramount. 
 
The Contract Essentials SaaS Solution
Tom asks Brad to explain the contract essentials SaaS solution. The SaaS solution allows the company to onboard or add existing contracts. Prevalent’s platform has very strong workflow and collaboration capabilities that focus on vendor risk, which is also good for profiling current contracts to see where the risk lies. Companies can use the SaaS solution to upload their contracts, or any related documentation surrounding it to a secured file, and it allows them to collaborate with third parties outside of the corporate network.
 
The Future of Third-Party Risk Management
Brad predicts a convergence of third-party risk management and the broader third party. “We’re going to continue to focus on building solutions that are easy to use that enable data sharing between the different groups that promote efficiency, collaboration, and then risk reduction,” he says. Organizations can no longer simply rely on assessments, instead must have continuous insights play major roles at all levels of the vendor life cycle. Monitoring the financial risk, the business risk, and the cyber risk proactively to create appropriate measures is something that will continue as well. 
 
Resources
Brad Hibbert | LinkedIn | Twitter
Prevalent, Inc.
 

Categories
Compliance Into the Weeds

Log4j-the Merger of Cyber, 3rd Party and Operational Risk

 

Compliance into the Weeds is the only weekly podcast which takes a deep dive into a compliance related topic, literally going into the weeds to more fully explore a subject. This week, Matt and Tom take up the Log4j imbroglio. Some of the issues we consider:

·      Why is this matter of such importance to compliance and audit?

·      Is your IT security out-sourced? If so how do you perform 3rd party due diligence on these companies?

·       What is the intersection of 3rd party, cyber and operational risk?

·      How can you implement at 3rd party risk management program in cyber?

·      Have you audited a 3rd party in the cyber realm?

Resources
Matt in Radical Compliance

Categories
The Compliance Handbook

3rd Party Risk Management Program with Vanessa Rossi


In 2021 amid the pandemic, the risks haven’t changed, and the enforcements are still mostly related to third parties. In this new episode, compliance consultant Vanessa Rossi explains the importance of third-party risk management for companies and how they should look at program enhancement.
Key points discussed in this episode:
✔️ Socializing across the entire employee base is essential to education and training. What is the law? Why are we doing this? Is it a risk for us? And why do we have to train on this more than once? It takes teaching, messaging, and repeating to ensure that everybody on the team is on board.
✔️ Know that an effective program is the one that you’re constantly upgrading. Even in a mature company with a mature third-party risk program already in place, practitioners must continually engage in risk assessing, monitoring, and incorporating concepts going forward because there is always room for improvement.
✔️ There are a lot of tech solutions out there that you should always be considering. If your program is not evolving, it’s not changing, with the company facing numerous risks every day.
✔️ Collaboration and compliance cross so many different departments. In addition to working with the business sponsor of the third party and with the legal team, there’s Internal Audit and more departments to collaborate with. Socializing and collaboration are soft skills that you need.
✔️Don’t take your eye off the Third Party Management Bill. You’ve got to continue with your due diligence procedures. The beginning of the pandemic put a wet blanket on everything, but you need to continue with your third-party management elements. It is difficult, but you shouldn’t stop doing it because, if anything, engaging with third parties got riskier in specific sectors and certain types of third parties.
About Thomas Fox:
Thomas Fox, the Compliance Evangelist®, is one of the leading writers, thinkers, and commentators on anti-bribery and anti-corruption compliance. In this latest edition of The Compliance Handbook, he continues to arm seasoned compliance professionals and those new to the realm with the practical, actionable guidance and tools needed to design, create, implement and continually enhance a best practices compliance program.
The “Nuts and Bolts” for Creating a Comprehensive Compliance Plan 
This chapter of this unique work lays out a succinct yet thorough one-month approach to operationalizing a company’s compliance regimen. Beginning with a section on what 2020 brought to the compliance landscape, each chapter methodically outlines best practices for everything from establishing policies, procedures, and internal controls, to assessing risk, training, handling investigations, and more. Each day ends with three key takeaways you can implement at little or no cost.
Understanding Compliance Responsibility Across the Organization
The Compliance Handbook also takes a close look at all professionals’ roles with compliance responsibility, from Compliance Officers and Boards of Directors to Human Resources, to Internal Audit and Internal Controls and Communications and Training professionals.
In-Depth Treatment of Hot Topics and Trends
The Handbook provides an in-depth look at the latest thinking and trends for the full range of critical compliance topics, including:
• Compliance and business ventures
• Third-party risk management
• The Board’s Role in Compliance
• Continuous improvement
• Compliance innovation
• And much more
Order your copy OR copies of The Compliance Handbook: A Guide to Operationalizing Your Compliance Program. Save 25% off.
http://www.lexisnexis.com/fox25