Role of the Audit Committee: How to Oversee 3rd Party Risk
Third party risk is growing. And so is dependence of 3rd parties.
What are the hurdles to managing 3rd party risks? PwC’s Governance
Insights Center provides insights: Lack of inventory of 3rd party relationships and lack of understanding
of what 3rd parties are doing.
What are common third-party risks? Cyber and data security,
bribery/FCPA, compliance, ethical/social/environmental issues,
brand/reputation, and operational vulnerability.
What should boards be doing? Companies are developing robust
third-party risk management programs (TPRM) with 10 key elements:
- Ongoing
monitoring of third parties
- Alignment
to ERM program
- Clear accountability via a governance
model
- Use of automation and other tech to
expand scope and scale of TPRM
- AC and board reporting of 3rd party risk
landscape, on a regular cadence
- In-depth assessment of third parties
supporting critical functions
- Accurate inventory of all third-party
relationships
- Pre and post contract processes and
controls
- Mapping of applicable regulations to
third parties
- Third-party functions formally defined,
governed, controlled, measured & reported
No hay comentarios:
Publicar un comentario