A well-executed approach to third party risk management (TPRM) can drive competitive advantage and cultural change. However, one of the most difficult aspects of reaching that level of TPRM nirvana is that risk management program cannot survive and thrive on its own—it takes enterprise-wide effort and support to get it right. A good way to frame a discussion around your TPRM program is to think of it in terms of Maslow’s hierarchy of needs.
Fulfilling the needs of your program at each stage will increase your chances for success and “fully-evolved” organizations will reach Stage 5.
Stage 1: Executive Support
TPRM program implementation is usually an enterprise-wide endeavor; therefore, it is crucial to obtain leadership commitment and executive support in order to ensure strategic alignment and resources. It’s important to reinforce the need to change by promoting both the benefits and necessity of the TPRM program in the world of competing organizational priorities. This will help it rise to the top of leadership agenda.
Stage 2: Stakeholder Buy-in and Policy Development
After you’ve secured funding and submitted a requisition to hire a project manager to run your TPRM program implementation, the hard work is really just beginning. Securing stakeholder buy-in will require a tremendous amount of attention and will ultimately affect how successful your program will be. Ensuring that all your stakeholders bought into the proposed process to manage third-party risk and are able to provide sign off on a common policy is another important milestone.
Stage 3: Cultural Shift and Program/Policy Implementation
At this this stage, a lot of the heavy lifting begins and your change management skills will be put to the test. It’s very important to reinforce previously achieved milestones as well as benefits of the changes. Many times, even when a new policy has been agreed upon does not mean it will be adhered to. You can have managers promoting new processes until they’re blue in the face. However, unless you find the few people who truly set the tone within organization—not the leadership, but often times mid-level employees—and convince colleagues that this is the direction the organization needs to follow, your implementation can suffer and even fail at the hands of internal politics.
Stage 4: Minimizing Risk Exposure and Tracking Compliance
While people and culture should always be areas of focus for your organization, there has to be a balance between giving employees and vendors freedom and exposing the firm to risk. At this stage, your priority needs to shift to hands-on risk management activities for your organization, especially around assessing vendors. Your program should be starting to yield insights into how many vendors you are managing, the risks you are concerned about, how your vendors are performing against these risks and compliance with your TPRM program requirements.
Stage 5: TPRM Program as Enabler and Competitive Advantage
Lastly, you should aim to work yourself to the top of the TPRM program development pyramid. This is where your program becomes the organization’s enabler, allowing it to do business in a more safe and secure way. Moreover, an established TPRM program will be a definite differentiator for every deal your organization is seeking to close.
If you’re like many organizations that are working to improve your performance against the Capability Maturity Model Integration (CMMI) model, you may be experiencing roadblocks that slow your progress. Most likely, you’re continually striving to increase your maturity by a tenth of a point each year, chasing the exalted CMMI Level 5. But you can get there faster and in a smarter way. Viewing your TPRM program through the lens of Maslow’s hierarchy of needs can help accelerate your progress. It enables your management team and your organization to take a more proactive approach to maturity.
If you have any ideas or thoughts about this topic, I will be happy to hear you out. Contact me at filipets888@gmail.com
* Original version posted on rsam.com
Comments