Shared Assessments unveils new Third Party Risk Management Framework

The Shared Assessments Program, the member-driven leader in third party risk assurance, announced a new Third Party Risk Management (TPRM) Framework designed to help organizations of all sizes effectively build, improve and execute best practices in today’s fast changing third party risk environment.

The first two modules, the Framework Introduction and a module focused on Risk Management Basics, are available to members on the Shared Assessments website.

As the practice of Third Party Risk Management has evolved, it has become increasingly evident that a fully developed TPRM framework could provide valuable assistance to organizations working to improve outsourcing oversight processes.

Shared Assessments has addressed the need for more detailed guidance by creating the Program’s TPRM Framework, which was developed with the collective intelligence of the Shared Assessments’ membership, a global community of experienced third party risk management practitioners in a broad array of industries.

Framework content is designed to be useful for board members, C-level executives and both beginning and advanced practitioners.

“There has been a significant increase in third party-related vulnerabilities in recent years, which has in turn resulted in increased demand for Shared Assessments Program resources, so the development of the TPRM Framework is needed now more than ever,” said Shared Assessments Chairman and CEO Catherine A. Allen.

“Increasing third party risks, together with new and changing regulatory mandates, require a new approach for providing the knowledge and practical skills necessary to help organizations more effectively manage third party risk. The new TPRM Framework represents a critical and effective step forward to help organizations move toward best risk management practices.”

TPRM has emerged as an important practice area within organizational risk management programs where annual benchmarking research indicates only 40 percent of all organizations have fully mature TPRM programs (The Santa Fe Group, Shared Assessments Program and Protiviti, Inc., 2019). The TPRM Framework encompasses all aspects of operational risk, including information security.

Gary Roboff, Senior Advisor at The Santa Fe Group, and the lead on the development of the Framework, noted, “The TPRM Framework is designed to provide guidance for organizations seeking to develop, optimize and manage Third Party Risk best practices.

The Framework also provides guidance about how to implement meaningful incremental improvements in TPRM practice maturity in organizations where resources may be constrained. Resource allocation is a significant obstacle for almost every organization in the current environment.”

Third Party Risk Management basics module

For practitioners, TPRM Risk Basics introduces the importance of a robust program governance and tactics to drive a strong organization-wide risk culture to earn senior management approvals for resources. Additionally, TPRM Risk Basics features a short primer that examines concepts including:

• Inherent and residual risk
• Risk appetite statements and frameworks
• Risk tolerance metrics and other foundational elements
• Program prerequisites and process factors to be considered when building an organization’s TPRM program, including factors relevant to making a decision about whether or not to outsource a specific business function or activity