by Nikolay Filipets
The paradigm of People, Process and Technology became a standard in nowadays organizational development. Let’s explore how it applies to Third-Party Risk Management world and why this specific sequence of People > Process > Technology is crucial to follow for a successful Third-Party Risk Management (TPRM) process or program implementation.
The People.
While all three pieces of this concept are important, people always come first because human capital is the centerpiece of any organization. This applies to TPRM program implementation as well. Top/down (clear direction from the sr. leadership) and bottom/up (complete understanding and peer-to-peer agreement) approaches must be utilized to bring clarity to the front-line personnel and clearly establish business need and/or problem that needs to be addressed.
This approach will help your organization to understand collectively that third-party risks are real, and a solution is needed, whether it is a process or a technology.
The Process.
Let me just say this: No one cares about how good your new TPRM process is unless you involve all stakeholders to design it. If you didn’t do your homework and invest time to “sell” the business need to your organization, your stakeholders will be reluctant to implement the new technology. People resist change not because they’re against it, but because they don’t understand change value and how this change will benefit them.
The approach of putting process design second will greatly increase buy-in from stakeholders and ease adoption of process and technology in the future.
The Technology.
Based on the scale and scope of your TPRM program, sometimes, it is perfectly fine to run TPRM program based on Excel spreadsheets, Email capabilities and SharePoint. Investing into a TPRM workflow technology is not always the answer to your third-party risk management headaches. I never recommend investing into a new risk management technology:
If People (leadership and front-line stakeholders) do not have a common understanding of a business problem being addressed, and
If Process to address this business problem was designed without stakeholder participation.
Your internal stakeholders are the best resources to contribute and help design a TPRM process that would fit your organizational needs and confirm if new process will work in practice. At that point you can re-evaluate if a formal technology is required to run your TPRM program.
People > Process > Technology paradigm is a very straightforward and common-sense approach that can help you come back to basics and utilize a people-centered approach to ensure effective risk management program from day one.
If you have any ideas or thoughts about this topic I will be happy to hear you out; contact me at filipets888@gmail.com
ความคิดเห็น