What is the first thing you will do when the pandemic is over? We keep saying that the world will be different, that the economy will never be the same, and that risk managers will finally take pandemic risks more seriously. But let’s explore what Risk Managers can do today to plan for a business environment with a better post-pandemic Third Party Risk Management (TPRM).
There are many things that need to happen to plan for a better pandemic response. Here are a few things you can do today without any budget and ROI analysis. As of today, I can foresee several things that will need to happen, and most of them don’t require you to do anything with your vendors or third parties.
First. Review your Risk Appetite as it relates to the third-party risks and ensure it is still accurate based on the current environment. While at it, review all the risks that have been accepted and confirm that risk acceptance is still appropriate for every instance of acceptance.
Second. Make sure you are ready to provide a pandemic response and/or report to your clients. This exercise alone will make you aware of what you need to do in your organization to ensure that your clients are protected from third-party risk perspective.
Third. If you haven’t already, make sure that your list of offshore service providers is up to date. Ensure that contract provisions are updated to facilitate secure work from home environment without breaking any contractual agreements with your clients.
Fourth. Begin your annual (I hope it is annual) TPRM/vendor risk management policy update early. And make sure that pandemic planning is spelled out in the policy (or make sure that your business continuity policy addresses pandemic planning for your vendors). This will help push your organization toward more formal pandemic planning procedures.
It is important to know how to start better pandemic planning, and I believe starting from within the organization is the best way. Get your ducks in a row internally by understanding what is important and what is necessary to ask your third parties before sending them another questionnaire to complete.
If you have any thoughts about this topic, I will be happy to hear you out. Contact me at filipets888@gmail.com.
Comments