SlideShare ist ein Scribd-Unternehmen logo

FSI_Third Party Risk Management_Deloitte PoV

Frederic Girardeau-Montaut
Frederic Girardeau-Montaut
1 von 11
Downloaden Sie, um offline zu lesen
Managing Third-Party Relationships in the Financial Services Industry Leveraging leading practices and technology to achieve excellence in OCC compliance
Copyright © 2014 Deloitte Development LLC. All rights reserved2 Deloitte’s Point of View on Third-Party Risk Management What is required to effectively manage risk? Governance and controls Achieving a rating of “Strong/Excellent” Why should Financial Institutions be concerned with third- party risk?  U.S. financial institution regulators have made clear their expectations that firms must deploy third-party risk management programs that will achieve a rating of “strong” Regulatory expectation Enforcement actions  The number of enforcement actions since 2011 has remained steady while total penalties have soared from $54MM (2011) to $3.6BB (2013) How can Financial Institutions leverage the Deloitte Third- Party Risk Management (TPRM) Framework to achieve excellence in risk management and OCC compliance?  Formalized third-party risk management program  Risk & regulatory mapping to the third-party landscape  Risk-based classification and oversight  Management reporting  Adopt end-to-end approach to supplier lifecycle management, including evaluation and selection, contracting and on-boarding, managing and monitoring, terminating and off-boarding Building risk management excellence requires a holistic and proactive approach, people, processes and technology SAP InfoNet can augment existing supplier lifecycle management technology  Incorporate an insights tool that is embedded in to your sourcing, supplier invitation, pre-qualification, selection and management process  Ongoing monitoring of global or targeted vendor risk facilitated by noise filtering technology that delivers relevant information in real time.  Third and fourth-party risk assessment, due diligence, contract provisions, oversight and monitoring, business continuity and contingency plans, other risk considerations  Governance and oversight structure, policies and procedures, audit practices, measuring, monitoring, alerting and reporting capabilities 1 2 3
Copyright © 2014 Deloitte Development LLC. All rights reserved3 The Federal Guidance On Third-Party Risk Develop a risk assessment framework to analyze the business activities and implications of outsourcing the proposed activities as well as the service provider risk, and determine cost implications for establishing the outsourcing arrangement Risk Assessments Due Diligence and Selection of Service Providers Perform the necessary due diligence for a prospective service provider prior to engaging the service provider with regard to business background, reputation, strategy, financial performance, condition & operations, and internal controls Contract Provisions and Considerations Develop well defined contracts and service agreements with elements including scope, cost and compensation, right to audit, confidentiality, ownership and license, insurance, etc. Incentive Compensation Review Implement effective processes to review and approve incentive compensation for service providers as inappropriately structured incentives may result in reputational damage, increased litigation, or other risks to the financial institution Oversight and Monitoring of Service Providers Implement processes to effectively monitor contractual requirements and establish acceptable performance metrics especially for higher risk service providers that exhibit performance, financial, compliance, or control concerns Business Continuity and Contingency Plans Prepare contingency plans for DRP, BCP, roles and responsibilities for maintaining and testing the service provider's business continuity plans, and maintain an effective and well tested exit strategy Additional Risk Considerations Develop additional risk considerations for suspicious activity report (SAR) reporting functions, foreign-based service providers, internal audit and other related risk management activities Both the OCC Bulletin 2013-29 and the Federal Reserve System guidance on managing outsourcing require Financial Institutions to establish effective risk management capabilities commensurate with the level of risk presented by the outsourcing arrangements. 1
Copyright © 2014 Deloitte Development LLC. All rights reserved4 Effectively Managing Third-Party Risk Requires Focus on 4 Areas Governance & Risk Culture Description  Boards of directors and senior management should set the “tone at the top”  Establish the risk appetite and implement the appropriate operating structure and risk framework to manage the firm Key Activities Description  Internal controls (financial and operational) should help prevent and detect inappropriate or unapproved risk taking. and determine conformance with risk appetite  Establish and document ownership of various report and monitoring activities to the appropriate forums / functions / individuals in the governance and operating model Key Activities  Comprehensive documentation of management policies, procedures and guidelines Description  Implement robust policies and procedures that address the complexity of their business and their risk appetite  Create sound risk mitigation strategies and controls Key Activities Description Key Activities Management Process & Internal ControlsRisk Metric, Tools Reporting  Build a robust IT infrastructure and overall risk management framework  Establish an appropriate set of Key Risk Indicators (KRIs) and Key Performance Indicators (KPIs) that will be measured and reported  Identify appropriate reporting requirements and key escalation points Policies and Standards  Strong ongoing Business Unit collaboration and global alignment  Clearly defined and communicated data ownership and associated responsibilities  Firms should have the ability to identify, measure, monitor and report all risks 2
Copyright © 2014 Deloitte Development LLC. All rights reserved5 To Achieve a Rating of “Strong/Excellent”, You Need to Manage Risks Across the Third-Party Management Lifecycle Third-party risk is not a risk unto itself. It is a combination of other risks with various degrees of severity based on the nature of the relationship with the third-party:  An organization is exposed to a variety of risks when it utilizes third parties  The level of risk exposure varies based on how third parties are used, can impact regulatory compliance, and impact meeting financial performance and strategic objectives  Organizations must establish a systematic approach to manage these risks across the Third-Party Lifecycle Third-Party Management Lifecycle Evaluate and select Manage and monitor Terminate and off-board Contract and on-board Strategic Information Security Reputation Compliance Transactional / Operational Credit Contractual Geopolitical Financial Stability Business Continuity Third-Party Risks Third-party profile Product/service profile Level of integration with processes / operations Service model affecting third- party oversight Dependency on fourth parties Impact on customers, reputation, financial & strategic objectives How Risks Are Manifested 2
Copyright © 2014 Deloitte Development LLC. All rights reserved6 Building Risk Management Excellence Requires a Holistic and Proactive Approach , People, Processes and Technology 3  Keep compliance costs low  Build strong third-party risk management capabilities including leading practices, processes, governance and policies & procedures  Implement a sustainable risk management processes capable of addressing existing risk as well as adapting to emerging risks focused on the alignment of risk management activities with strategic and performance objectives  Deploy tools that will not only help gain full visibility over the third-party landscape but also help design optimum mitigation strategies  Leverage technology that is capable of delivering only the information that is relevant to the business or its functions and filtering out the “noise” of risk data Key Benefits of enabling Deloitte’s TPRM Framework
7©SAP CONFIDENTIAL 2013 7 Copyright © 2014 Deloitte Development LLC. All rights reserved. Technology Is a Key Enabler of the TPRM Framework – SAP InfoNet Enables Efficient Supplier Due Diligence and Ongoing Monitoring SAP InfoNet offers Supplier Risk Analysis, a dynamic cloud-based knowledge service that provides visibility and insights to suppliers or supply locations at risk, and highlight the relevance to your business. SAP InfoNet monitors a number of risk categories including reputational, operational, regulatory, compliance, financial, etc. for your suppliers, and be alerted to risk based on relevance, context and impact to your business. SAP InfoNet empowers users to take action with full knowledge of a supplier’s risk profile. Value  Proactively qualify, select and monitor your suppliers  Reduce supplier lifecycle management costs  Manage third-party regulatory and compliance adherence better  Protect your brand News and geo Alerts on Disruptive Events Risk insights relevant to you Risk impact analysis Risk profile at point of use Supply base dashboard Real-Time Risk Analysis 3
8 Copyright © 2014 Deloitte Development LLC. All rights reserved. What are the Key Steps to Deploy Deloitte’s TPRM Framework? Phase 5 Post Deployment 3. Deploy SAP InfoNet 4. Manage Supplier Risks 1. Evaluate Situation 2. Define Policies & Procedures Identify corporate strategic objectives Assess supplier strategic impact Establish risk management monitoring requirement Design supplier segmentation program based on operational risk, strategic and financial impact Collect data requirements Set up news Phase 1 Kick Off Phase 2 Supplier Landscape Evaluation Phase 4 Go Live Phase 3 Roll out Establish governance structure Define compliance requirements Identify supplier risks Conduct supplier operational impact analysis Compute supplier financial impact Design project plan Design data protocols Deploy data transformation strategy Set up apps Load client data Set up user credentials Design custom risk reports Publish risk reports and analytics reviews Administer user training Coordinate hand-offMonitor Go-Live session On-going technical support Optional managed services Deloitte SAP Both 3
9 Copyright © 2014 Deloitte Development LLC. All rights reserved. Our TPRM Framework is designed to accommodate two sustainment approaches: (1) hand-off to your internal organization or (2) post go-live services managed by Deloitte Post “Go-live”, Two Options to Sustain the Enabled Risk Management Approach Exist Hand Off Managed Services Team Selection Team Training Policies & Procedures Execution Report & Alerts Configuration On-Going Risk Monitoring Mitigation Strategy Evaluation Maintenance & Troubleshooting Program Performance Evaluation Client Deloitte SAP Client Deloitte SAP 3 Post Go-Live Activities
10©SAP CONFIDENTIAL 2013 10 Copyright © 2014 Deloitte Development LLC. All rights reserved. Contact Us to Learn More Ryan Flynn Principal, Deloitte Consulting LLP rpflynn@deloitte.com +1 (312) 498-8250 Frederic Girardeau-Montaut Director, Deloitte Consulting LLP fgirardeau@deloitte.com +1 (610) 905-2042 Jeffrey Simon Director, Deloitte Risk Advisory LLP jefsimon@deloitte.com +1 (973) 451 6772 10 Padmini Ranganathan V.P. Product Management, SAP padmini.ranganathan@sap.com Keertan Rai Solutions Marketing, SAP Keertan.rai@sap.com
This presentation contains general information only and Deloitte is not, by means of this presentation, rendering accounting, business, financial, investment, legal, tax, or other professional advice or services. This presentation is not a substitute for such professional advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified professional advisor. Deloitte shall not be responsible for any loss sustained by any person who relies on this presentation. Copyright © 2014 Deloitte Development LLC. All rights reserved. Member of Deloitte Touche Tohmatsu Limited

Empfohlen

Third-Party Risk Management: Implementing a Strategy
Third-Party Risk Management: Implementing a StrategyThird-Party Risk Management: Implementing a Strategy
Third-Party Risk Management: Implementing a StrategyNICSA
 
Integrating Risk Appetite With Strategy Feb 14 2011
Integrating Risk Appetite With Strategy Feb 14 2011Integrating Risk Appetite With Strategy Feb 14 2011
Integrating Risk Appetite With Strategy Feb 14 2011Andrew Smart
 
Enterprise Risk Management PowerPoint Presentation Slides
Enterprise Risk Management PowerPoint Presentation Slides Enterprise Risk Management PowerPoint Presentation Slides
Enterprise Risk Management PowerPoint Presentation Slides SlideTeam
 
Key risk indicators shareslide
Key risk indicators shareslideKey risk indicators shareslide
Key risk indicators shareslideZakaria Salah, Ph.D,MBA
 
KRI (Key Risk Indicators) & IT
KRI (Key Risk Indicators) & ITKRI (Key Risk Indicators) & IT
KRI (Key Risk Indicators) & ITMax Neira Schliemann
 
Third Party Risk Management
Third Party Risk ManagementThird Party Risk Management
Third Party Risk ManagementEC-Council
 
Third-Party Risk Management (TPRM) | Risk Assessment Questionnaires
Third-Party Risk Management (TPRM) | Risk Assessment QuestionnairesThird-Party Risk Management (TPRM) | Risk Assessment Questionnaires
Third-Party Risk Management (TPRM) | Risk Assessment QuestionnairesCorporater
 
Integrating Strategy and Risk Management
Integrating Strategy and Risk ManagementIntegrating Strategy and Risk Management
Integrating Strategy and Risk ManagementAndrew Smart
 

Empfohlen

Third-Party Risk Management: Implementing a Strategy
Third-Party Risk Management: Implementing a StrategyThird-Party Risk Management: Implementing a Strategy
Third-Party Risk Management: Implementing a StrategyNICSA
 
Integrating Risk Appetite With Strategy Feb 14 2011
Integrating Risk Appetite With Strategy Feb 14 2011Integrating Risk Appetite With Strategy Feb 14 2011
Integrating Risk Appetite With Strategy Feb 14 2011Andrew Smart
 
Enterprise Risk Management PowerPoint Presentation Slides
Enterprise Risk Management PowerPoint Presentation Slides Enterprise Risk Management PowerPoint Presentation Slides
Enterprise Risk Management PowerPoint Presentation Slides SlideTeam
 
Key risk indicators shareslide
Key risk indicators shareslideKey risk indicators shareslide
Key risk indicators shareslideZakaria Salah, Ph.D,MBA
 
KRI (Key Risk Indicators) & IT
KRI (Key Risk Indicators) & ITKRI (Key Risk Indicators) & IT
KRI (Key Risk Indicators) & ITMax Neira Schliemann
 
Third Party Risk Management
Third Party Risk ManagementThird Party Risk Management
Third Party Risk ManagementEC-Council
 
Third-Party Risk Management (TPRM) | Risk Assessment Questionnaires
Third-Party Risk Management (TPRM) | Risk Assessment QuestionnairesThird-Party Risk Management (TPRM) | Risk Assessment Questionnaires
Third-Party Risk Management (TPRM) | Risk Assessment QuestionnairesCorporater
 
Integrating Strategy and Risk Management
Integrating Strategy and Risk ManagementIntegrating Strategy and Risk Management
Integrating Strategy and Risk ManagementAndrew Smart
 
Information Risk Management - Cyber Risk Management - IT Risks
Information Risk Management - Cyber Risk Management - IT RisksInformation Risk Management - Cyber Risk Management - IT Risks
Information Risk Management - Cyber Risk Management - IT RisksHernan Huwyler, MBA CPA
 
Risk Appetite
Risk AppetiteRisk Appetite
Risk AppetiteTowers Perrin
 
C-Suite’s Guide to Enterprise Risk Management and Emerging Risks
C-Suite’s Guide to Enterprise Risk Management and Emerging RisksC-Suite’s Guide to Enterprise Risk Management and Emerging Risks
C-Suite’s Guide to Enterprise Risk Management and Emerging RisksAronson LLC
 
Third-Party Risk Management
Third-Party Risk ManagementThird-Party Risk Management
Third-Party Risk ManagementMark Scales
 
GRC
GRCGRC
GRCMaryam Hidayatallah CPFA,MIPA,MA,CICA
 
Operational Risk Management - A Gateway to managing the risk profile of your...
Operational Risk Management - A Gateway to managing the risk profile of your...Operational Risk Management - A Gateway to managing the risk profile of your...
Operational Risk Management - A Gateway to managing the risk profile of your...Eneni Oduwole
 
Riskpro - Operational Risk Management
Riskpro - Operational Risk ManagementRiskpro - Operational Risk Management
Riskpro - Operational Risk ManagementManoj Jain
 
Risk management
Risk managementRisk management
Risk managementHarold Malamion
 
Operational Risk Management under BASEL era
Operational Risk Management under BASEL eraOperational Risk Management under BASEL era
Operational Risk Management under BASEL eraTreat Risk
 
Strategic Risk Management as a CFO: Getting Risk Management Right
Strategic Risk Management as a CFO: Getting Risk Management RightStrategic Risk Management as a CFO: Getting Risk Management Right
Strategic Risk Management as a CFO: Getting Risk Management RightProformative, Inc.
 
Operational Risk Management
Operational Risk ManagementOperational Risk Management
Operational Risk ManagementAsad Hameed
 
PECB Webinar: Aligning ISO 31000 and Management of Risk Methodology
PECB Webinar: Aligning ISO 31000 and Management of Risk MethodologyPECB Webinar: Aligning ISO 31000 and Management of Risk Methodology
PECB Webinar: Aligning ISO 31000 and Management of Risk MethodologyPECB
 
How to Build an Enterprise Risk Management Framework
How to Build an Enterprise Risk Management FrameworkHow to Build an Enterprise Risk Management Framework
How to Build an Enterprise Risk Management FrameworkColleen Beck-Domanico
 
Strategic Risk Management in the Face of Uncertainty and Unexpected Risks
Strategic Risk Management in the Face of Uncertainty and Unexpected RisksStrategic Risk Management in the Face of Uncertainty and Unexpected Risks
Strategic Risk Management in the Face of Uncertainty and Unexpected RisksInternational Federation of Accountants
 
CISA Domain 4 Information Systems Operation | Infosectrain
CISA Domain 4 Information Systems Operation | InfosectrainCISA Domain 4 Information Systems Operation | Infosectrain
CISA Domain 4 Information Systems Operation | InfosectrainInfosecTrain
 
Risk indicators
Risk indicatorsRisk indicators
Risk indicatorsSravani Varma
 
A compliance officer's guide to third party risk management
A compliance officer's guide to third party risk managementA compliance officer's guide to third party risk management
A compliance officer's guide to third party risk managementSALIH AHMED ISLAM
 
Enterprise Risk Management - Aligning Risk with Strategy and Performance
Enterprise Risk Management - Aligning Risk with Strategy and PerformanceEnterprise Risk Management - Aligning Risk with Strategy and Performance
Enterprise Risk Management - Aligning Risk with Strategy and PerformanceResolver Inc.
 
Enterprise Risk Management as a Core Management Process
Enterprise Risk Management as a Core Management ProcessEnterprise Risk Management as a Core Management Process
Enterprise Risk Management as a Core Management Processregio12
 
The Three Lines of Defense Model & Continuous Controls Monitoring
The Three Lines of Defense Model & Continuous Controls MonitoringThe Three Lines of Defense Model & Continuous Controls Monitoring
The Three Lines of Defense Model & Continuous Controls MonitoringCaseWare IDEA
 
Streamlining Supplier Risk
Streamlining Supplier RiskStreamlining Supplier Risk
Streamlining Supplier RiskCompany Watch
 
Bill Stankeiwicz Copy Scope 2010 Bristlecone Co. Strategy
Bill Stankeiwicz Copy Scope 2010 Bristlecone Co. StrategyBill Stankeiwicz Copy Scope 2010 Bristlecone Co. Strategy
Bill Stankeiwicz Copy Scope 2010 Bristlecone Co. StrategyBillStankiewicz
 

Weitere ähnliche Inhalte

Was ist angesagt?

Information Risk Management - Cyber Risk Management - IT Risks
Information Risk Management - Cyber Risk Management - IT RisksInformation Risk Management - Cyber Risk Management - IT Risks
Information Risk Management - Cyber Risk Management - IT RisksHernan Huwyler, MBA CPA
 
C-Suite’s Guide to Enterprise Risk Management and Emerging Risks
C-Suite’s Guide to Enterprise Risk Management and Emerging RisksC-Suite’s Guide to Enterprise Risk Management and Emerging Risks
C-Suite’s Guide to Enterprise Risk Management and Emerging RisksAronson LLC
 
Third-Party Risk Management
Third-Party Risk ManagementThird-Party Risk Management
Third-Party Risk ManagementMark Scales
 
Operational Risk Management - A Gateway to managing the risk profile of your...
Operational Risk Management - A Gateway to managing the risk profile of your...Operational Risk Management - A Gateway to managing the risk profile of your...
Operational Risk Management - A Gateway to managing the risk profile of your...Eneni Oduwole
 
Riskpro - Operational Risk Management
Riskpro - Operational Risk ManagementRiskpro - Operational Risk Management
Riskpro - Operational Risk ManagementManoj Jain
 
Operational Risk Management under BASEL era
Operational Risk Management under BASEL eraOperational Risk Management under BASEL era
Operational Risk Management under BASEL eraTreat Risk
 
Strategic Risk Management as a CFO: Getting Risk Management Right
Strategic Risk Management as a CFO: Getting Risk Management RightStrategic Risk Management as a CFO: Getting Risk Management Right
Strategic Risk Management as a CFO: Getting Risk Management RightProformative, Inc.
 
Operational Risk Management
Operational Risk ManagementOperational Risk Management
Operational Risk ManagementAsad Hameed
 
PECB Webinar: Aligning ISO 31000 and Management of Risk Methodology
PECB Webinar: Aligning ISO 31000 and Management of Risk MethodologyPECB Webinar: Aligning ISO 31000 and Management of Risk Methodology
PECB Webinar: Aligning ISO 31000 and Management of Risk MethodologyPECB
 
How to Build an Enterprise Risk Management Framework
How to Build an Enterprise Risk Management FrameworkHow to Build an Enterprise Risk Management Framework
How to Build an Enterprise Risk Management FrameworkColleen Beck-Domanico
 
Strategic Risk Management in the Face of Uncertainty and Unexpected Risks
Strategic Risk Management in the Face of Uncertainty and Unexpected RisksStrategic Risk Management in the Face of Uncertainty and Unexpected Risks
Strategic Risk Management in the Face of Uncertainty and Unexpected RisksInternational Federation of Accountants
 
CISA Domain 4 Information Systems Operation | Infosectrain
CISA Domain 4 Information Systems Operation | InfosectrainCISA Domain 4 Information Systems Operation | Infosectrain
CISA Domain 4 Information Systems Operation | InfosectrainInfosecTrain
 
A compliance officer's guide to third party risk management
A compliance officer's guide to third party risk managementA compliance officer's guide to third party risk management
A compliance officer's guide to third party risk managementSALIH AHMED ISLAM
 
Enterprise Risk Management - Aligning Risk with Strategy and Performance
Enterprise Risk Management - Aligning Risk with Strategy and PerformanceEnterprise Risk Management - Aligning Risk with Strategy and Performance
Enterprise Risk Management - Aligning Risk with Strategy and PerformanceResolver Inc.
 
Enterprise Risk Management as a Core Management Process
Enterprise Risk Management as a Core Management ProcessEnterprise Risk Management as a Core Management Process
Enterprise Risk Management as a Core Management Processregio12
 
The Three Lines of Defense Model & Continuous Controls Monitoring
The Three Lines of Defense Model & Continuous Controls MonitoringThe Three Lines of Defense Model & Continuous Controls Monitoring
The Three Lines of Defense Model & Continuous Controls MonitoringCaseWare IDEA
 

Was ist angesagt? (20)

Information Risk Management - Cyber Risk Management - IT Risks
Information Risk Management - Cyber Risk Management - IT RisksInformation Risk Management - Cyber Risk Management - IT Risks
Information Risk Management - Cyber Risk Management - IT Risks
 
Risk Appetite
Risk AppetiteRisk Appetite
Risk Appetite
 
C-Suite’s Guide to Enterprise Risk Management and Emerging Risks
C-Suite’s Guide to Enterprise Risk Management and Emerging RisksC-Suite’s Guide to Enterprise Risk Management and Emerging Risks
C-Suite’s Guide to Enterprise Risk Management and Emerging Risks
 
Third-Party Risk Management
Third-Party Risk ManagementThird-Party Risk Management
Third-Party Risk Management
 
GRC
GRCGRC
GRC
 
Operational Risk Management - A Gateway to managing the risk profile of your...
Operational Risk Management - A Gateway to managing the risk profile of your...Operational Risk Management - A Gateway to managing the risk profile of your...
Operational Risk Management - A Gateway to managing the risk profile of your...
 
Riskpro - Operational Risk Management
Riskpro - Operational Risk ManagementRiskpro - Operational Risk Management
Riskpro - Operational Risk Management
 
Risk management
Risk managementRisk management
Risk management
 
Operational Risk Management under BASEL era
Operational Risk Management under BASEL eraOperational Risk Management under BASEL era
Operational Risk Management under BASEL era
 
Strategic Risk Management as a CFO: Getting Risk Management Right
Strategic Risk Management as a CFO: Getting Risk Management RightStrategic Risk Management as a CFO: Getting Risk Management Right
Strategic Risk Management as a CFO: Getting Risk Management Right
 
Operational Risk Management
Operational Risk ManagementOperational Risk Management
Operational Risk Management
 
PECB Webinar: Aligning ISO 31000 and Management of Risk Methodology
PECB Webinar: Aligning ISO 31000 and Management of Risk MethodologyPECB Webinar: Aligning ISO 31000 and Management of Risk Methodology
PECB Webinar: Aligning ISO 31000 and Management of Risk Methodology
 
How to Build an Enterprise Risk Management Framework
How to Build an Enterprise Risk Management FrameworkHow to Build an Enterprise Risk Management Framework
How to Build an Enterprise Risk Management Framework
 
Strategic Risk Management in the Face of Uncertainty and Unexpected Risks
Strategic Risk Management in the Face of Uncertainty and Unexpected RisksStrategic Risk Management in the Face of Uncertainty and Unexpected Risks
Strategic Risk Management in the Face of Uncertainty and Unexpected Risks
 
CISA Domain 4 Information Systems Operation | Infosectrain
CISA Domain 4 Information Systems Operation | InfosectrainCISA Domain 4 Information Systems Operation | Infosectrain
CISA Domain 4 Information Systems Operation | Infosectrain
 
Risk indicators
Risk indicatorsRisk indicators
Risk indicators
 
A compliance officer's guide to third party risk management
A compliance officer's guide to third party risk managementA compliance officer's guide to third party risk management
A compliance officer's guide to third party risk management
 
Enterprise Risk Management - Aligning Risk with Strategy and Performance
Enterprise Risk Management - Aligning Risk with Strategy and PerformanceEnterprise Risk Management - Aligning Risk with Strategy and Performance
Enterprise Risk Management - Aligning Risk with Strategy and Performance
 
Enterprise Risk Management as a Core Management Process
Enterprise Risk Management as a Core Management ProcessEnterprise Risk Management as a Core Management Process
Enterprise Risk Management as a Core Management Process
 
The Three Lines of Defense Model & Continuous Controls Monitoring
The Three Lines of Defense Model & Continuous Controls MonitoringThe Three Lines of Defense Model & Continuous Controls Monitoring
The Three Lines of Defense Model & Continuous Controls Monitoring
 

Andere mochten auch

Streamlining Supplier Risk
Streamlining Supplier RiskStreamlining Supplier Risk
Streamlining Supplier RiskCompany Watch
 
Bill Stankeiwicz Copy Scope 2010 Bristlecone Co. Strategy
Bill Stankeiwicz Copy Scope 2010 Bristlecone Co. StrategyBill Stankeiwicz Copy Scope 2010 Bristlecone Co. Strategy
Bill Stankeiwicz Copy Scope 2010 Bristlecone Co. StrategyBillStankiewicz
 
2015 global capital markets risk management study
2015 global capital markets risk management study2015 global capital markets risk management study
2015 global capital markets risk management studyLapman Lee ✔
 
Raising The Bar With Contractor Management
Raising The Bar With Contractor ManagementRaising The Bar With Contractor Management
Raising The Bar With Contractor Managementbrowzcompliance
 
Supplier Risk Is Your Risk. Are you prepared?
Supplier Risk Is Your Risk. Are you prepared?Supplier Risk Is Your Risk. Are you prepared?
Supplier Risk Is Your Risk. Are you prepared?SAP Ariba
 
Supplier Risk Management for ISM 4-16
Supplier Risk Management for ISM 4-16Supplier Risk Management for ISM 4-16
Supplier Risk Management for ISM 4-16Randy Christoffersen
 
Vendor Management Best Practices: Is Your Program Up to Par?
Vendor Management Best Practices: Is Your Program Up to Par?Vendor Management Best Practices: Is Your Program Up to Par?
Vendor Management Best Practices: Is Your Program Up to Par?EDR
 
Effective Supplier Management: Because Knowing Is Better than Wondering
Effective Supplier Management: Because Knowing Is Better than WonderingEffective Supplier Management: Because Knowing Is Better than Wondering
Effective Supplier Management: Because Knowing Is Better than WonderingSAP Ariba
 
Supplier Enablement: Building a Strong Foundation that Supports Program Ramp ...
Supplier Enablement: Building a Strong Foundation that Supports Program Ramp ...Supplier Enablement: Building a Strong Foundation that Supports Program Ramp ...
Supplier Enablement: Building a Strong Foundation that Supports Program Ramp ...SAP Ariba
 
Driving growth in Indian manufacturing industry
Driving growth in Indian manufacturing industry Driving growth in Indian manufacturing industry
Driving growth in Indian manufacturing industry Sumit Roy
 
Deloitte Technology Media and Telecommunications Predictions 2016
Deloitte Technology Media and Telecommunications Predictions 2016Deloitte Technology Media and Telecommunications Predictions 2016
Deloitte Technology Media and Telecommunications Predictions 2016David Graham
 
The True Cost of Open Source Software: Uncovering Hidden Costs and Maximizing...
The True Cost of Open Source Software: Uncovering Hidden Costs and Maximizing...The True Cost of Open Source Software: Uncovering Hidden Costs and Maximizing...
The True Cost of Open Source Software: Uncovering Hidden Costs and Maximizing...ActiveState
 
How to Scale your Analytics in a Maturing Organization
How to Scale your Analytics in a Maturing OrganizationHow to Scale your Analytics in a Maturing Organization
How to Scale your Analytics in a Maturing OrganizationKissmetrics on SlideShare
 

Andere mochten auch (20)

Streamlining Supplier Risk
Streamlining Supplier RiskStreamlining Supplier Risk
Streamlining Supplier Risk
 
Bill Stankeiwicz Copy Scope 2010 Bristlecone Co. Strategy
Bill Stankeiwicz Copy Scope 2010 Bristlecone Co. StrategyBill Stankeiwicz Copy Scope 2010 Bristlecone Co. Strategy
Bill Stankeiwicz Copy Scope 2010 Bristlecone Co. Strategy
 
Deloitte_POV_Beyond Risk
Deloitte_POV_Beyond RiskDeloitte_POV_Beyond Risk
Deloitte_POV_Beyond Risk
 
Deloitte_Risk Sensing
Deloitte_Risk SensingDeloitte_Risk Sensing
Deloitte_Risk Sensing
 
2015 global capital markets risk management study
2015 global capital markets risk management study2015 global capital markets risk management study
2015 global capital markets risk management study
 
Oracle Procurement Channel
Oracle Procurement ChannelOracle Procurement Channel
Oracle Procurement Channel
 
Raising The Bar With Contractor Management
Raising The Bar With Contractor ManagementRaising The Bar With Contractor Management
Raising The Bar With Contractor Management
 
Supplier Risk Is Your Risk. Are you prepared?
Supplier Risk Is Your Risk. Are you prepared?Supplier Risk Is Your Risk. Are you prepared?
Supplier Risk Is Your Risk. Are you prepared?
 
Supplier Risk Management for ISM 4-16
Supplier Risk Management for ISM 4-16Supplier Risk Management for ISM 4-16
Supplier Risk Management for ISM 4-16
 
Vendor Management Best Practices: Is Your Program Up to Par?
Vendor Management Best Practices: Is Your Program Up to Par?Vendor Management Best Practices: Is Your Program Up to Par?
Vendor Management Best Practices: Is Your Program Up to Par?
 
Effective Supplier Management: Because Knowing Is Better than Wondering
Effective Supplier Management: Because Knowing Is Better than WonderingEffective Supplier Management: Because Knowing Is Better than Wondering
Effective Supplier Management: Because Knowing Is Better than Wondering
 
Supplier Enablement: Building a Strong Foundation that Supports Program Ramp ...
Supplier Enablement: Building a Strong Foundation that Supports Program Ramp ...Supplier Enablement: Building a Strong Foundation that Supports Program Ramp ...
Supplier Enablement: Building a Strong Foundation that Supports Program Ramp ...
 
R.D.Fernandez et al - Software rates vs price of function points
R.D.Fernandez et al - Software rates vs price of function pointsR.D.Fernandez et al - Software rates vs price of function points
R.D.Fernandez et al - Software rates vs price of function points
 
Driving growth in Indian manufacturing industry
Driving growth in Indian manufacturing industry Driving growth in Indian manufacturing industry
Driving growth in Indian manufacturing industry
 
Fehlmann and Kranich - Measuring tests using cosmic
Fehlmann and Kranich - Measuring tests using cosmicFehlmann and Kranich - Measuring tests using cosmic
Fehlmann and Kranich - Measuring tests using cosmic
 
Galorath - IT Data Collection, Analysis and Benchmarking: From Processes and...
Galorath - IT Data Collection, Analysis and Benchmarking: From Processes and...Galorath - IT Data Collection, Analysis and Benchmarking: From Processes and...
Galorath - IT Data Collection, Analysis and Benchmarking: From Processes and...
 
Ogilvie - Beyond the statistical average
Ogilvie - Beyond the statistical averageOgilvie - Beyond the statistical average
Ogilvie - Beyond the statistical average
 
Deloitte Technology Media and Telecommunications Predictions 2016
Deloitte Technology Media and Telecommunications Predictions 2016Deloitte Technology Media and Telecommunications Predictions 2016
Deloitte Technology Media and Telecommunications Predictions 2016
 
The True Cost of Open Source Software: Uncovering Hidden Costs and Maximizing...
The True Cost of Open Source Software: Uncovering Hidden Costs and Maximizing...The True Cost of Open Source Software: Uncovering Hidden Costs and Maximizing...
The True Cost of Open Source Software: Uncovering Hidden Costs and Maximizing...
 
How to Scale your Analytics in a Maturing Organization
How to Scale your Analytics in a Maturing OrganizationHow to Scale your Analytics in a Maturing Organization
How to Scale your Analytics in a Maturing Organization
 

Ähnlich wie FSI_Third Party Risk Management_Deloitte PoV

Vendor risk management 2013
Vendor risk management 2013Vendor risk management 2013
Vendor risk management 2013Nidhi Gupta
 
Vendor risk management 2013
Vendor risk management 2013Vendor risk management 2013
Vendor risk management 2013Nidhi Gupta
 
2015 WACHA Hot Regulatory Exam Issues 03202015
2015 WACHA Hot Regulatory Exam Issues 032020152015 WACHA Hot Regulatory Exam Issues 03202015
2015 WACHA Hot Regulatory Exam Issues 03202015Brent Siegel
 
Questions for a Risk Analyst Interview - Get Ready for Success.pdf
Questions for a Risk Analyst Interview - Get Ready for Success.pdfQuestions for a Risk Analyst Interview - Get Ready for Success.pdf
Questions for a Risk Analyst Interview - Get Ready for Success.pdfinfosecTrain
 
𝐑𝐢𝐬𝐤 𝐀𝐧𝐚𝐥𝐲𝐬𝐭 𝐈𝐧𝐭𝐞𝐫𝐯𝐢𝐞𝐰 𝐐𝐮𝐞𝐬𝐭𝐢𝐨𝐧𝐬
𝐑𝐢𝐬𝐤 𝐀𝐧𝐚𝐥𝐲𝐬𝐭 𝐈𝐧𝐭𝐞𝐫𝐯𝐢𝐞𝐰 𝐐𝐮𝐞𝐬𝐭𝐢𝐨𝐧𝐬𝐑𝐢𝐬𝐤 𝐀𝐧𝐚𝐥𝐲𝐬𝐭 𝐈𝐧𝐭𝐞𝐫𝐯𝐢𝐞𝐰 𝐐𝐮𝐞𝐬𝐭𝐢𝐨𝐧𝐬
𝐑𝐢𝐬𝐤 𝐀𝐧𝐚𝐥𝐲𝐬𝐭 𝐈𝐧𝐭𝐞𝐫𝐯𝐢𝐞𝐰 𝐐𝐮𝐞𝐬𝐭𝐢𝐨𝐧𝐬priyanshamadhwal2
 
GP_for_Third_Party_Anti-Corruption_product_sheet
GP_for_Third_Party_Anti-Corruption_product_sheetGP_for_Third_Party_Anti-Corruption_product_sheet
GP_for_Third_Party_Anti-Corruption_product_sheetMarco Villacorta Olano
 
Financial crimes compliance Brochure - BMR Advisors
Financial crimes compliance Brochure - BMR AdvisorsFinancial crimes compliance Brochure - BMR Advisors
Financial crimes compliance Brochure - BMR AdvisorsAbhishek Bali
 
Taking the road to advanced approaches and heightened standards in risk manag...
Taking the road to advanced approaches and heightened standards in risk manag...Taking the road to advanced approaches and heightened standards in risk manag...
Taking the road to advanced approaches and heightened standards in risk manag...Grant Thornton LLP
 
An industrial approach to risk and control self-assessments
An industrial approach to risk and control self-assessmentsAn industrial approach to risk and control self-assessments
An industrial approach to risk and control self-assessmentsGrant Thornton LLP
 
Applying risk management_to_your_business_continuity_management_efforts
Applying risk management_to_your_business_continuity_management_effortsApplying risk management_to_your_business_continuity_management_efforts
Applying risk management_to_your_business_continuity_management_effortsSubhajit Bhuiya
 
Spire Brief - Risk Consulting
Spire Brief - Risk ConsultingSpire Brief - Risk Consulting
Spire Brief - Risk ConsultingPrashant Jain
 
Vendor Management - Compliance Checklist Manifesto Series
Vendor Management - Compliance Checklist Manifesto SeriesVendor Management - Compliance Checklist Manifesto Series
Vendor Management - Compliance Checklist Manifesto SeriesContinuity Control
 
#Contract Risk Audit# By SN panigrahi
#Contract Risk Audit# By SN panigrahi#Contract Risk Audit# By SN panigrahi
#Contract Risk Audit# By SN panigrahiSN Panigrahi, PMP
 

Ähnlich wie FSI_Third Party Risk Management_Deloitte PoV (20)

Vendor risk management 2013
Vendor risk management 2013Vendor risk management 2013
Vendor risk management 2013
 
Vendor risk management 2013
Vendor risk management 2013Vendor risk management 2013
Vendor risk management 2013
 
Vendor risk management 2013
Vendor risk management 2013Vendor risk management 2013
Vendor risk management 2013
 
Vendor risk management 2013
Vendor risk management 2013Vendor risk management 2013
Vendor risk management 2013
 
2015 WACHA Hot Regulatory Exam Issues 03202015
2015 WACHA Hot Regulatory Exam Issues 032020152015 WACHA Hot Regulatory Exam Issues 03202015
2015 WACHA Hot Regulatory Exam Issues 03202015
 
Questions for a Risk Analyst Interview - Get Ready for Success.pdf
Questions for a Risk Analyst Interview - Get Ready for Success.pdfQuestions for a Risk Analyst Interview - Get Ready for Success.pdf
Questions for a Risk Analyst Interview - Get Ready for Success.pdf
 
𝐑𝐢𝐬𝐤 𝐀𝐧𝐚𝐥𝐲𝐬𝐭 𝐈𝐧𝐭𝐞𝐫𝐯𝐢𝐞𝐰 𝐐𝐮𝐞𝐬𝐭𝐢𝐨𝐧𝐬
𝐑𝐢𝐬𝐤 𝐀𝐧𝐚𝐥𝐲𝐬𝐭 𝐈𝐧𝐭𝐞𝐫𝐯𝐢𝐞𝐰 𝐐𝐮𝐞𝐬𝐭𝐢𝐨𝐧𝐬𝐑𝐢𝐬𝐤 𝐀𝐧𝐚𝐥𝐲𝐬𝐭 𝐈𝐧𝐭𝐞𝐫𝐯𝐢𝐞𝐰 𝐐𝐮𝐞𝐬𝐭𝐢𝐨𝐧𝐬
𝐑𝐢𝐬𝐤 𝐀𝐧𝐚𝐥𝐲𝐬𝐭 𝐈𝐧𝐭𝐞𝐫𝐯𝐢𝐞𝐰 𝐐𝐮𝐞𝐬𝐭𝐢𝐨𝐧𝐬
 
GP_for_Third_Party_Anti-Corruption_product_sheet
GP_for_Third_Party_Anti-Corruption_product_sheetGP_for_Third_Party_Anti-Corruption_product_sheet
GP_for_Third_Party_Anti-Corruption_product_sheet
 
Erm talking points
Erm talking pointsErm talking points
Erm talking points
 
Financial crimes compliance Brochure - BMR Advisors
Financial crimes compliance Brochure - BMR AdvisorsFinancial crimes compliance Brochure - BMR Advisors
Financial crimes compliance Brochure - BMR Advisors
 
Taking the road to advanced approaches and heightened standards in risk manag...
Taking the road to advanced approaches and heightened standards in risk manag...Taking the road to advanced approaches and heightened standards in risk manag...
Taking the road to advanced approaches and heightened standards in risk manag...
 
An industrial approach to risk and control self-assessments
An industrial approach to risk and control self-assessmentsAn industrial approach to risk and control self-assessments
An industrial approach to risk and control self-assessments
 
Risk Technology Strategy, Selection and Implementation
Risk Technology Strategy, Selection and ImplementationRisk Technology Strategy, Selection and Implementation
Risk Technology Strategy, Selection and Implementation
 
Applying risk management_to_your_business_continuity_management_efforts
Applying risk management_to_your_business_continuity_management_effortsApplying risk management_to_your_business_continuity_management_efforts
Applying risk management_to_your_business_continuity_management_efforts
 
Spire Brief - Risk Consulting
Spire Brief - Risk ConsultingSpire Brief - Risk Consulting
Spire Brief - Risk Consulting
 
Vendor Management - Compliance Checklist Manifesto Series
Vendor Management - Compliance Checklist Manifesto SeriesVendor Management - Compliance Checklist Manifesto Series
Vendor Management - Compliance Checklist Manifesto Series
 
It62015 slides
It62015 slidesIt62015 slides
It62015 slides
 
#Contract Risk Audit# By SN panigrahi
#Contract Risk Audit# By SN panigrahi#Contract Risk Audit# By SN panigrahi
#Contract Risk Audit# By SN panigrahi
 
Enterprise governance risk_compliance_fcm slides
Enterprise governance risk_compliance_fcm slidesEnterprise governance risk_compliance_fcm slides
Enterprise governance risk_compliance_fcm slides
 
Presentation_IA Focus
Presentation_IA FocusPresentation_IA Focus
Presentation_IA Focus
 

Mehr von Frederic Girardeau-Montaut

Beyond EDI - Unlocking new value with SAP Ariba_July2016
Beyond EDI - Unlocking new value with SAP Ariba_July2016Beyond EDI - Unlocking new value with SAP Ariba_July2016
Beyond EDI - Unlocking new value with SAP Ariba_July2016Frederic Girardeau-Montaut
 
Ariba_Sourcing_sales_sheet_final_WEB_02Nov2015
Ariba_Sourcing_sales_sheet_final_WEB_02Nov2015Ariba_Sourcing_sales_sheet_final_WEB_02Nov2015
Ariba_Sourcing_sales_sheet_final_WEB_02Nov2015Frederic Girardeau-Montaut
 
Ariba® Spend Visibility - pinpoint where the money is going_Sept2015
Ariba® Spend Visibility - pinpoint where the money is going_Sept2015Ariba® Spend Visibility - pinpoint where the money is going_Sept2015
Ariba® Spend Visibility - pinpoint where the money is going_Sept2015Frederic Girardeau-Montaut
 
Ariba® Invoice and Dynamic Discounting - Pay early, save more_Sept2015
Ariba® Invoice and Dynamic Discounting - Pay early, save more_Sept2015Ariba® Invoice and Dynamic Discounting - Pay early, save more_Sept2015
Ariba® Invoice and Dynamic Discounting - Pay early, save more_Sept2015Frederic Girardeau-Montaut
 
SAPsAribaNetwork-Cloud-enabledBusinessCollaboration-1434069739-1434381998
SAPsAribaNetwork-Cloud-enabledBusinessCollaboration-1434069739-1434381998SAPsAribaNetwork-Cloud-enabledBusinessCollaboration-1434069739-1434381998
SAPsAribaNetwork-Cloud-enabledBusinessCollaboration-1434069739-1434381998Frederic Girardeau-Montaut
 

Mehr von Frederic Girardeau-Montaut (6)

Beyond EDI - Unlocking new value with SAP Ariba_July2016
Beyond EDI - Unlocking new value with SAP Ariba_July2016Beyond EDI - Unlocking new value with SAP Ariba_July2016
Beyond EDI - Unlocking new value with SAP Ariba_July2016
 
Ariba_Sourcing_sales_sheet_final_WEB_02Nov2015
Ariba_Sourcing_sales_sheet_final_WEB_02Nov2015Ariba_Sourcing_sales_sheet_final_WEB_02Nov2015
Ariba_Sourcing_sales_sheet_final_WEB_02Nov2015
 
Ariba® Spend Visibility - pinpoint where the money is going_Sept2015
Ariba® Spend Visibility - pinpoint where the money is going_Sept2015Ariba® Spend Visibility - pinpoint where the money is going_Sept2015
Ariba® Spend Visibility - pinpoint where the money is going_Sept2015
 
Ariba® Invoice and Dynamic Discounting - Pay early, save more_Sept2015
Ariba® Invoice and Dynamic Discounting - Pay early, save more_Sept2015Ariba® Invoice and Dynamic Discounting - Pay early, save more_Sept2015
Ariba® Invoice and Dynamic Discounting - Pay early, save more_Sept2015
 
SAPsAribaNetwork-Cloud-enabledBusinessCollaboration-1434069739-1434381998
SAPsAribaNetwork-Cloud-enabledBusinessCollaboration-1434069739-1434381998SAPsAribaNetwork-Cloud-enabledBusinessCollaboration-1434069739-1434381998
SAPsAribaNetwork-Cloud-enabledBusinessCollaboration-1434069739-1434381998
 
Ariba and SAP_The Hybrid Cloud Approach_2015
Ariba and SAP_The Hybrid Cloud Approach_2015Ariba and SAP_The Hybrid Cloud Approach_2015
Ariba and SAP_The Hybrid Cloud Approach_2015
 

FSI_Third Party Risk Management_Deloitte PoV

  • 1. Managing Third-Party Relationships in the Financial Services Industry Leveraging leading practices and technology to achieve excellence in OCC compliance
  • 2. Copyright © 2014 Deloitte Development LLC. All rights reserved2 Deloitte’s Point of View on Third-Party Risk Management What is required to effectively manage risk? Governance and controls Achieving a rating of “Strong/Excellent” Why should Financial Institutions be concerned with third- party risk?  U.S. financial institution regulators have made clear their expectations that firms must deploy third-party risk management programs that will achieve a rating of “strong” Regulatory expectation Enforcement actions  The number of enforcement actions since 2011 has remained steady while total penalties have soared from $54MM (2011) to $3.6BB (2013) How can Financial Institutions leverage the Deloitte Third- Party Risk Management (TPRM) Framework to achieve excellence in risk management and OCC compliance?  Formalized third-party risk management program  Risk & regulatory mapping to the third-party landscape  Risk-based classification and oversight  Management reporting  Adopt end-to-end approach to supplier lifecycle management, including evaluation and selection, contracting and on-boarding, managing and monitoring, terminating and off-boarding Building risk management excellence requires a holistic and proactive approach, people, processes and technology SAP InfoNet can augment existing supplier lifecycle management technology  Incorporate an insights tool that is embedded in to your sourcing, supplier invitation, pre-qualification, selection and management process  Ongoing monitoring of global or targeted vendor risk facilitated by noise filtering technology that delivers relevant information in real time.  Third and fourth-party risk assessment, due diligence, contract provisions, oversight and monitoring, business continuity and contingency plans, other risk considerations  Governance and oversight structure, policies and procedures, audit practices, measuring, monitoring, alerting and reporting capabilities 1 2 3
  • 3. Copyright © 2014 Deloitte Development LLC. All rights reserved3 The Federal Guidance On Third-Party Risk Develop a risk assessment framework to analyze the business activities and implications of outsourcing the proposed activities as well as the service provider risk, and determine cost implications for establishing the outsourcing arrangement Risk Assessments Due Diligence and Selection of Service Providers Perform the necessary due diligence for a prospective service provider prior to engaging the service provider with regard to business background, reputation, strategy, financial performance, condition & operations, and internal controls Contract Provisions and Considerations Develop well defined contracts and service agreements with elements including scope, cost and compensation, right to audit, confidentiality, ownership and license, insurance, etc. Incentive Compensation Review Implement effective processes to review and approve incentive compensation for service providers as inappropriately structured incentives may result in reputational damage, increased litigation, or other risks to the financial institution Oversight and Monitoring of Service Providers Implement processes to effectively monitor contractual requirements and establish acceptable performance metrics especially for higher risk service providers that exhibit performance, financial, compliance, or control concerns Business Continuity and Contingency Plans Prepare contingency plans for DRP, BCP, roles and responsibilities for maintaining and testing the service provider's business continuity plans, and maintain an effective and well tested exit strategy Additional Risk Considerations Develop additional risk considerations for suspicious activity report (SAR) reporting functions, foreign-based service providers, internal audit and other related risk management activities Both the OCC Bulletin 2013-29 and the Federal Reserve System guidance on managing outsourcing require Financial Institutions to establish effective risk management capabilities commensurate with the level of risk presented by the outsourcing arrangements. 1
  • 4. Copyright © 2014 Deloitte Development LLC. All rights reserved4 Effectively Managing Third-Party Risk Requires Focus on 4 Areas Governance & Risk Culture Description  Boards of directors and senior management should set the “tone at the top”  Establish the risk appetite and implement the appropriate operating structure and risk framework to manage the firm Key Activities Description  Internal controls (financial and operational) should help prevent and detect inappropriate or unapproved risk taking. and determine conformance with risk appetite  Establish and document ownership of various report and monitoring activities to the appropriate forums / functions / individuals in the governance and operating model Key Activities  Comprehensive documentation of management policies, procedures and guidelines Description  Implement robust policies and procedures that address the complexity of their business and their risk appetite  Create sound risk mitigation strategies and controls Key Activities Description Key Activities Management Process & Internal ControlsRisk Metric, Tools Reporting  Build a robust IT infrastructure and overall risk management framework  Establish an appropriate set of Key Risk Indicators (KRIs) and Key Performance Indicators (KPIs) that will be measured and reported  Identify appropriate reporting requirements and key escalation points Policies and Standards  Strong ongoing Business Unit collaboration and global alignment  Clearly defined and communicated data ownership and associated responsibilities  Firms should have the ability to identify, measure, monitor and report all risks 2
  • 5. Copyright © 2014 Deloitte Development LLC. All rights reserved5 To Achieve a Rating of “Strong/Excellent”, You Need to Manage Risks Across the Third-Party Management Lifecycle Third-party risk is not a risk unto itself. It is a combination of other risks with various degrees of severity based on the nature of the relationship with the third-party:  An organization is exposed to a variety of risks when it utilizes third parties  The level of risk exposure varies based on how third parties are used, can impact regulatory compliance, and impact meeting financial performance and strategic objectives  Organizations must establish a systematic approach to manage these risks across the Third-Party Lifecycle Third-Party Management Lifecycle Evaluate and select Manage and monitor Terminate and off-board Contract and on-board Strategic Information Security Reputation Compliance Transactional / Operational Credit Contractual Geopolitical Financial Stability Business Continuity Third-Party Risks Third-party profile Product/service profile Level of integration with processes / operations Service model affecting third- party oversight Dependency on fourth parties Impact on customers, reputation, financial & strategic objectives How Risks Are Manifested 2
  • 6. Copyright © 2014 Deloitte Development LLC. All rights reserved6 Building Risk Management Excellence Requires a Holistic and Proactive Approach , People, Processes and Technology 3  Keep compliance costs low  Build strong third-party risk management capabilities including leading practices, processes, governance and policies & procedures  Implement a sustainable risk management processes capable of addressing existing risk as well as adapting to emerging risks focused on the alignment of risk management activities with strategic and performance objectives  Deploy tools that will not only help gain full visibility over the third-party landscape but also help design optimum mitigation strategies  Leverage technology that is capable of delivering only the information that is relevant to the business or its functions and filtering out the “noise” of risk data Key Benefits of enabling Deloitte’s TPRM Framework
  • 7. 7©SAP CONFIDENTIAL 2013 7 Copyright © 2014 Deloitte Development LLC. All rights reserved. Technology Is a Key Enabler of the TPRM Framework – SAP InfoNet Enables Efficient Supplier Due Diligence and Ongoing Monitoring SAP InfoNet offers Supplier Risk Analysis, a dynamic cloud-based knowledge service that provides visibility and insights to suppliers or supply locations at risk, and highlight the relevance to your business. SAP InfoNet monitors a number of risk categories including reputational, operational, regulatory, compliance, financial, etc. for your suppliers, and be alerted to risk based on relevance, context and impact to your business. SAP InfoNet empowers users to take action with full knowledge of a supplier’s risk profile. Value  Proactively qualify, select and monitor your suppliers  Reduce supplier lifecycle management costs  Manage third-party regulatory and compliance adherence better  Protect your brand News and geo Alerts on Disruptive Events Risk insights relevant to you Risk impact analysis Risk profile at point of use Supply base dashboard Real-Time Risk Analysis 3
  • 8. 8 Copyright © 2014 Deloitte Development LLC. All rights reserved. What are the Key Steps to Deploy Deloitte’s TPRM Framework? Phase 5 Post Deployment 3. Deploy SAP InfoNet 4. Manage Supplier Risks 1. Evaluate Situation 2. Define Policies & Procedures Identify corporate strategic objectives Assess supplier strategic impact Establish risk management monitoring requirement Design supplier segmentation program based on operational risk, strategic and financial impact Collect data requirements Set up news Phase 1 Kick Off Phase 2 Supplier Landscape Evaluation Phase 4 Go Live Phase 3 Roll out Establish governance structure Define compliance requirements Identify supplier risks Conduct supplier operational impact analysis Compute supplier financial impact Design project plan Design data protocols Deploy data transformation strategy Set up apps Load client data Set up user credentials Design custom risk reports Publish risk reports and analytics reviews Administer user training Coordinate hand-offMonitor Go-Live session On-going technical support Optional managed services Deloitte SAP Both 3
  • 9. 9 Copyright © 2014 Deloitte Development LLC. All rights reserved. Our TPRM Framework is designed to accommodate two sustainment approaches: (1) hand-off to your internal organization or (2) post go-live services managed by Deloitte Post “Go-live”, Two Options to Sustain the Enabled Risk Management Approach Exist Hand Off Managed Services Team Selection Team Training Policies & Procedures Execution Report & Alerts Configuration On-Going Risk Monitoring Mitigation Strategy Evaluation Maintenance & Troubleshooting Program Performance Evaluation Client Deloitte SAP Client Deloitte SAP 3 Post Go-Live Activities
  • 10. 10©SAP CONFIDENTIAL 2013 10 Copyright © 2014 Deloitte Development LLC. All rights reserved. Contact Us to Learn More Ryan Flynn Principal, Deloitte Consulting LLP rpflynn@deloitte.com +1 (312) 498-8250 Frederic Girardeau-Montaut Director, Deloitte Consulting LLP fgirardeau@deloitte.com +1 (610) 905-2042 Jeffrey Simon Director, Deloitte Risk Advisory LLP jefsimon@deloitte.com +1 (973) 451 6772 10 Padmini Ranganathan V.P. Product Management, SAP padmini.ranganathan@sap.com Keertan Rai Solutions Marketing, SAP Keertan.rai@sap.com
  • 11. This presentation contains general information only and Deloitte is not, by means of this presentation, rendering accounting, business, financial, investment, legal, tax, or other professional advice or services. This presentation is not a substitute for such professional advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified professional advisor. Deloitte shall not be responsible for any loss sustained by any person who relies on this presentation. Copyright © 2014 Deloitte Development LLC. All rights reserved. Member of Deloitte Touche Tohmatsu Limited