Suche senden
Hochladen
FSI_Third Party Risk Management_Deloitte PoV
•
2 gefällt mir
•
1,388 views
Frederic Girardeau-Montaut
Folgen
Melden
Teilen
Melden
Teilen
1 von 11
Jetzt herunterladen
Downloaden Sie, um offline zu lesen
Empfohlen
Third-Party Risk Management: Implementing a Strategy
Third-Party Risk Management: Implementing a Strategy
NICSA
Integrating Risk Appetite With Strategy Feb 14 2011
Integrating Risk Appetite With Strategy Feb 14 2011
Andrew Smart
Enterprise Risk Management PowerPoint Presentation Slides
Enterprise Risk Management PowerPoint Presentation Slides
SlideTeam
Key risk indicators shareslide
Key risk indicators shareslide
Zakaria Salah, Ph.D,MBA
KRI (Key Risk Indicators) & IT
KRI (Key Risk Indicators) & IT
Max Neira Schliemann
Third Party Risk Management
Third Party Risk Management
EC-Council
Third-Party Risk Management (TPRM) | Risk Assessment Questionnaires
Third-Party Risk Management (TPRM) | Risk Assessment Questionnaires
Corporater
Integrating Strategy and Risk Management
Integrating Strategy and Risk Management
Andrew Smart
Empfohlen
Third-Party Risk Management: Implementing a Strategy
Third-Party Risk Management: Implementing a Strategy
NICSA
Integrating Risk Appetite With Strategy Feb 14 2011
Integrating Risk Appetite With Strategy Feb 14 2011
Andrew Smart
Enterprise Risk Management PowerPoint Presentation Slides
Enterprise Risk Management PowerPoint Presentation Slides
SlideTeam
Key risk indicators shareslide
Key risk indicators shareslide
Zakaria Salah, Ph.D,MBA
KRI (Key Risk Indicators) & IT
KRI (Key Risk Indicators) & IT
Max Neira Schliemann
Third Party Risk Management
Third Party Risk Management
EC-Council
Third-Party Risk Management (TPRM) | Risk Assessment Questionnaires
Third-Party Risk Management (TPRM) | Risk Assessment Questionnaires
Corporater
Integrating Strategy and Risk Management
Integrating Strategy and Risk Management
Andrew Smart
Information Risk Management - Cyber Risk Management - IT Risks
Information Risk Management - Cyber Risk Management - IT Risks
Hernan Huwyler, MBA CPA
Risk Appetite
Risk Appetite
Towers Perrin
C-Suite’s Guide to Enterprise Risk Management and Emerging Risks
C-Suite’s Guide to Enterprise Risk Management and Emerging Risks
Aronson LLC
Third-Party Risk Management
Third-Party Risk Management
Mark Scales
GRC
GRC
Maryam Hidayatallah CPFA,MIPA,MA,CICA
Operational Risk Management - A Gateway to managing the risk profile of your...
Operational Risk Management - A Gateway to managing the risk profile of your...
Eneni Oduwole
Riskpro - Operational Risk Management
Riskpro - Operational Risk Management
Manoj Jain
Risk management
Risk management
Harold Malamion
Operational Risk Management under BASEL era
Operational Risk Management under BASEL era
Treat Risk
Strategic Risk Management as a CFO: Getting Risk Management Right
Strategic Risk Management as a CFO: Getting Risk Management Right
Proformative, Inc.
Operational Risk Management
Operational Risk Management
Asad Hameed
PECB Webinar: Aligning ISO 31000 and Management of Risk Methodology
PECB Webinar: Aligning ISO 31000 and Management of Risk Methodology
PECB
How to Build an Enterprise Risk Management Framework
How to Build an Enterprise Risk Management Framework
Colleen Beck-Domanico
Strategic Risk Management in the Face of Uncertainty and Unexpected Risks
Strategic Risk Management in the Face of Uncertainty and Unexpected Risks
International Federation of Accountants
CISA Domain 4 Information Systems Operation | Infosectrain
CISA Domain 4 Information Systems Operation | Infosectrain
InfosecTrain
Risk indicators
Risk indicators
Sravani Varma
A compliance officer's guide to third party risk management
A compliance officer's guide to third party risk management
SALIH AHMED ISLAM
Enterprise Risk Management - Aligning Risk with Strategy and Performance
Enterprise Risk Management - Aligning Risk with Strategy and Performance
Resolver Inc.
Enterprise Risk Management as a Core Management Process
Enterprise Risk Management as a Core Management Process
regio12
The Three Lines of Defense Model & Continuous Controls Monitoring
The Three Lines of Defense Model & Continuous Controls Monitoring
CaseWare IDEA
Streamlining Supplier Risk
Streamlining Supplier Risk
Company Watch
Bill Stankeiwicz Copy Scope 2010 Bristlecone Co. Strategy
Bill Stankeiwicz Copy Scope 2010 Bristlecone Co. Strategy
BillStankiewicz
Weitere ähnliche Inhalte
Was ist angesagt?
Information Risk Management - Cyber Risk Management - IT Risks
Information Risk Management - Cyber Risk Management - IT Risks
Hernan Huwyler, MBA CPA
Risk Appetite
Risk Appetite
Towers Perrin
C-Suite’s Guide to Enterprise Risk Management and Emerging Risks
C-Suite’s Guide to Enterprise Risk Management and Emerging Risks
Aronson LLC
Third-Party Risk Management
Third-Party Risk Management
Mark Scales
GRC
GRC
Maryam Hidayatallah CPFA,MIPA,MA,CICA
Operational Risk Management - A Gateway to managing the risk profile of your...
Operational Risk Management - A Gateway to managing the risk profile of your...
Eneni Oduwole
Riskpro - Operational Risk Management
Riskpro - Operational Risk Management
Manoj Jain
Risk management
Risk management
Harold Malamion
Operational Risk Management under BASEL era
Operational Risk Management under BASEL era
Treat Risk
Strategic Risk Management as a CFO: Getting Risk Management Right
Strategic Risk Management as a CFO: Getting Risk Management Right
Proformative, Inc.
Operational Risk Management
Operational Risk Management
Asad Hameed
PECB Webinar: Aligning ISO 31000 and Management of Risk Methodology
PECB Webinar: Aligning ISO 31000 and Management of Risk Methodology
PECB
How to Build an Enterprise Risk Management Framework
How to Build an Enterprise Risk Management Framework
Colleen Beck-Domanico
Strategic Risk Management in the Face of Uncertainty and Unexpected Risks
Strategic Risk Management in the Face of Uncertainty and Unexpected Risks
International Federation of Accountants
CISA Domain 4 Information Systems Operation | Infosectrain
CISA Domain 4 Information Systems Operation | Infosectrain
InfosecTrain
Risk indicators
Risk indicators
Sravani Varma
A compliance officer's guide to third party risk management
A compliance officer's guide to third party risk management
SALIH AHMED ISLAM
Enterprise Risk Management - Aligning Risk with Strategy and Performance
Enterprise Risk Management - Aligning Risk with Strategy and Performance
Resolver Inc.
Enterprise Risk Management as a Core Management Process
Enterprise Risk Management as a Core Management Process
regio12
The Three Lines of Defense Model & Continuous Controls Monitoring
The Three Lines of Defense Model & Continuous Controls Monitoring
CaseWare IDEA
Was ist angesagt?
(20)
Information Risk Management - Cyber Risk Management - IT Risks
Information Risk Management - Cyber Risk Management - IT Risks
Risk Appetite
Risk Appetite
C-Suite’s Guide to Enterprise Risk Management and Emerging Risks
C-Suite’s Guide to Enterprise Risk Management and Emerging Risks
Third-Party Risk Management
Third-Party Risk Management
GRC
GRC
Operational Risk Management - A Gateway to managing the risk profile of your...
Operational Risk Management - A Gateway to managing the risk profile of your...
Riskpro - Operational Risk Management
Riskpro - Operational Risk Management
Risk management
Risk management
Operational Risk Management under BASEL era
Operational Risk Management under BASEL era
Strategic Risk Management as a CFO: Getting Risk Management Right
Strategic Risk Management as a CFO: Getting Risk Management Right
Operational Risk Management
Operational Risk Management
PECB Webinar: Aligning ISO 31000 and Management of Risk Methodology
PECB Webinar: Aligning ISO 31000 and Management of Risk Methodology
How to Build an Enterprise Risk Management Framework
How to Build an Enterprise Risk Management Framework
Strategic Risk Management in the Face of Uncertainty and Unexpected Risks
Strategic Risk Management in the Face of Uncertainty and Unexpected Risks
CISA Domain 4 Information Systems Operation | Infosectrain
CISA Domain 4 Information Systems Operation | Infosectrain
Risk indicators
Risk indicators
A compliance officer's guide to third party risk management
A compliance officer's guide to third party risk management
Enterprise Risk Management - Aligning Risk with Strategy and Performance
Enterprise Risk Management - Aligning Risk with Strategy and Performance
Enterprise Risk Management as a Core Management Process
Enterprise Risk Management as a Core Management Process
The Three Lines of Defense Model & Continuous Controls Monitoring
The Three Lines of Defense Model & Continuous Controls Monitoring
Andere mochten auch
Streamlining Supplier Risk
Streamlining Supplier Risk
Company Watch
Bill Stankeiwicz Copy Scope 2010 Bristlecone Co. Strategy
Bill Stankeiwicz Copy Scope 2010 Bristlecone Co. Strategy
BillStankiewicz
Deloitte_POV_Beyond Risk
Deloitte_POV_Beyond Risk
Frederic Girardeau-Montaut
Deloitte_Risk Sensing
Deloitte_Risk Sensing
Frederic Girardeau-Montaut
2015 global capital markets risk management study
2015 global capital markets risk management study
Lapman Lee ✔
Oracle Procurement Channel
Oracle Procurement Channel
antonella Buonagurio
Raising The Bar With Contractor Management
Raising The Bar With Contractor Management
browzcompliance
Supplier Risk Is Your Risk. Are you prepared?
Supplier Risk Is Your Risk. Are you prepared?
SAP Ariba
Supplier Risk Management for ISM 4-16
Supplier Risk Management for ISM 4-16
Randy Christoffersen
Vendor Management Best Practices: Is Your Program Up to Par?
Vendor Management Best Practices: Is Your Program Up to Par?
EDR
Effective Supplier Management: Because Knowing Is Better than Wondering
Effective Supplier Management: Because Knowing Is Better than Wondering
SAP Ariba
Supplier Enablement: Building a Strong Foundation that Supports Program Ramp ...
Supplier Enablement: Building a Strong Foundation that Supports Program Ramp ...
SAP Ariba
R.D.Fernandez et al - Software rates vs price of function points
R.D.Fernandez et al - Software rates vs price of function points
International Software Benchmarking Standards Group (ISBSG)
Driving growth in Indian manufacturing industry
Driving growth in Indian manufacturing industry
Sumit Roy
Fehlmann and Kranich - Measuring tests using cosmic
Fehlmann and Kranich - Measuring tests using cosmic
International Software Benchmarking Standards Group (ISBSG)
Galorath - IT Data Collection, Analysis and Benchmarking: From Processes and...
Galorath - IT Data Collection, Analysis and Benchmarking: From Processes and...
International Software Benchmarking Standards Group (ISBSG)
Ogilvie - Beyond the statistical average
Ogilvie - Beyond the statistical average
International Software Benchmarking Standards Group (ISBSG)
Deloitte Technology Media and Telecommunications Predictions 2016
Deloitte Technology Media and Telecommunications Predictions 2016
David Graham
The True Cost of Open Source Software: Uncovering Hidden Costs and Maximizing...
The True Cost of Open Source Software: Uncovering Hidden Costs and Maximizing...
ActiveState
How to Scale your Analytics in a Maturing Organization
How to Scale your Analytics in a Maturing Organization
Kissmetrics on SlideShare
Andere mochten auch
(20)
Streamlining Supplier Risk
Streamlining Supplier Risk
Bill Stankeiwicz Copy Scope 2010 Bristlecone Co. Strategy
Bill Stankeiwicz Copy Scope 2010 Bristlecone Co. Strategy
Deloitte_POV_Beyond Risk
Deloitte_POV_Beyond Risk
Deloitte_Risk Sensing
Deloitte_Risk Sensing
2015 global capital markets risk management study
2015 global capital markets risk management study
Oracle Procurement Channel
Oracle Procurement Channel
Raising The Bar With Contractor Management
Raising The Bar With Contractor Management
Supplier Risk Is Your Risk. Are you prepared?
Supplier Risk Is Your Risk. Are you prepared?
Supplier Risk Management for ISM 4-16
Supplier Risk Management for ISM 4-16
Vendor Management Best Practices: Is Your Program Up to Par?
Vendor Management Best Practices: Is Your Program Up to Par?
Effective Supplier Management: Because Knowing Is Better than Wondering
Effective Supplier Management: Because Knowing Is Better than Wondering
Supplier Enablement: Building a Strong Foundation that Supports Program Ramp ...
Supplier Enablement: Building a Strong Foundation that Supports Program Ramp ...
R.D.Fernandez et al - Software rates vs price of function points
R.D.Fernandez et al - Software rates vs price of function points
Driving growth in Indian manufacturing industry
Driving growth in Indian manufacturing industry
Fehlmann and Kranich - Measuring tests using cosmic
Fehlmann and Kranich - Measuring tests using cosmic
Galorath - IT Data Collection, Analysis and Benchmarking: From Processes and...
Galorath - IT Data Collection, Analysis and Benchmarking: From Processes and...
Ogilvie - Beyond the statistical average
Ogilvie - Beyond the statistical average
Deloitte Technology Media and Telecommunications Predictions 2016
Deloitte Technology Media and Telecommunications Predictions 2016
The True Cost of Open Source Software: Uncovering Hidden Costs and Maximizing...
The True Cost of Open Source Software: Uncovering Hidden Costs and Maximizing...
How to Scale your Analytics in a Maturing Organization
How to Scale your Analytics in a Maturing Organization
Ähnlich wie FSI_Third Party Risk Management_Deloitte PoV
Vendor risk management 2013
Vendor risk management 2013
Rahul Bhan (CA, CIA, MBA)
Vendor risk management 2013
Vendor risk management 2013
Nidhi Gupta
Vendor risk management 2013
Vendor risk management 2013
Rahul Bhan (CA, CIA, MBA)
Vendor risk management 2013
Vendor risk management 2013
Nidhi Gupta
2015 WACHA Hot Regulatory Exam Issues 03202015
2015 WACHA Hot Regulatory Exam Issues 03202015
Brent Siegel
Questions for a Risk Analyst Interview - Get Ready for Success.pdf
Questions for a Risk Analyst Interview - Get Ready for Success.pdf
infosecTrain
𝐑𝐢𝐬𝐤 𝐀𝐧𝐚𝐥𝐲𝐬𝐭 𝐈𝐧𝐭𝐞𝐫𝐯𝐢𝐞𝐰 𝐐𝐮𝐞𝐬𝐭𝐢𝐨𝐧𝐬
𝐑𝐢𝐬𝐤 𝐀𝐧𝐚𝐥𝐲𝐬𝐭 𝐈𝐧𝐭𝐞𝐫𝐯𝐢𝐞𝐰 𝐐𝐮𝐞𝐬𝐭𝐢𝐨𝐧𝐬
priyanshamadhwal2
GP_for_Third_Party_Anti-Corruption_product_sheet
GP_for_Third_Party_Anti-Corruption_product_sheet
Marco Villacorta Olano
Erm talking points
Erm talking points
EnterpriseGRC Solutions, Inc.
Financial crimes compliance Brochure - BMR Advisors
Financial crimes compliance Brochure - BMR Advisors
Abhishek Bali
Taking the road to advanced approaches and heightened standards in risk manag...
Taking the road to advanced approaches and heightened standards in risk manag...
Grant Thornton LLP
An industrial approach to risk and control self-assessments
An industrial approach to risk and control self-assessments
Grant Thornton LLP
Risk Technology Strategy, Selection and Implementation
Risk Technology Strategy, Selection and Implementation
Risk Management Institution of Australasia
Applying risk management_to_your_business_continuity_management_efforts
Applying risk management_to_your_business_continuity_management_efforts
Subhajit Bhuiya
Spire Brief - Risk Consulting
Spire Brief - Risk Consulting
Prashant Jain
Vendor Management - Compliance Checklist Manifesto Series
Vendor Management - Compliance Checklist Manifesto Series
Continuity Control
It62015 slides
It62015 slides
Jim Kaplan CIA CFE
#Contract Risk Audit# By SN panigrahi
#Contract Risk Audit# By SN panigrahi
SN Panigrahi, PMP
Enterprise governance risk_compliance_fcm slides
Enterprise governance risk_compliance_fcm slides
EnterpriseGRC Solutions, Inc.
Presentation_IA Focus
Presentation_IA Focus
saurav Chandgothia
Ähnlich wie FSI_Third Party Risk Management_Deloitte PoV
(20)
Vendor risk management 2013
Vendor risk management 2013
Vendor risk management 2013
Vendor risk management 2013
Vendor risk management 2013
Vendor risk management 2013
Vendor risk management 2013
Vendor risk management 2013
2015 WACHA Hot Regulatory Exam Issues 03202015
2015 WACHA Hot Regulatory Exam Issues 03202015
Questions for a Risk Analyst Interview - Get Ready for Success.pdf
Questions for a Risk Analyst Interview - Get Ready for Success.pdf
𝐑𝐢𝐬𝐤 𝐀𝐧𝐚𝐥𝐲𝐬𝐭 𝐈𝐧𝐭𝐞𝐫𝐯𝐢𝐞𝐰 𝐐𝐮𝐞𝐬𝐭𝐢𝐨𝐧𝐬
𝐑𝐢𝐬𝐤 𝐀𝐧𝐚𝐥𝐲𝐬𝐭 𝐈𝐧𝐭𝐞𝐫𝐯𝐢𝐞𝐰 𝐐𝐮𝐞𝐬𝐭𝐢𝐨𝐧𝐬
GP_for_Third_Party_Anti-Corruption_product_sheet
GP_for_Third_Party_Anti-Corruption_product_sheet
Erm talking points
Erm talking points
Financial crimes compliance Brochure - BMR Advisors
Financial crimes compliance Brochure - BMR Advisors
Taking the road to advanced approaches and heightened standards in risk manag...
Taking the road to advanced approaches and heightened standards in risk manag...
An industrial approach to risk and control self-assessments
An industrial approach to risk and control self-assessments
Risk Technology Strategy, Selection and Implementation
Risk Technology Strategy, Selection and Implementation
Applying risk management_to_your_business_continuity_management_efforts
Applying risk management_to_your_business_continuity_management_efforts
Spire Brief - Risk Consulting
Spire Brief - Risk Consulting
Vendor Management - Compliance Checklist Manifesto Series
Vendor Management - Compliance Checklist Manifesto Series
It62015 slides
It62015 slides
#Contract Risk Audit# By SN panigrahi
#Contract Risk Audit# By SN panigrahi
Enterprise governance risk_compliance_fcm slides
Enterprise governance risk_compliance_fcm slides
Presentation_IA Focus
Presentation_IA Focus
Mehr von Frederic Girardeau-Montaut
Beyond EDI - Unlocking new value with SAP Ariba_July2016
Beyond EDI - Unlocking new value with SAP Ariba_July2016
Frederic Girardeau-Montaut
Ariba_Sourcing_sales_sheet_final_WEB_02Nov2015
Ariba_Sourcing_sales_sheet_final_WEB_02Nov2015
Frederic Girardeau-Montaut
Ariba® Spend Visibility - pinpoint where the money is going_Sept2015
Ariba® Spend Visibility - pinpoint where the money is going_Sept2015
Frederic Girardeau-Montaut
Ariba® Invoice and Dynamic Discounting - Pay early, save more_Sept2015
Ariba® Invoice and Dynamic Discounting - Pay early, save more_Sept2015
Frederic Girardeau-Montaut
SAPsAribaNetwork-Cloud-enabledBusinessCollaboration-1434069739-1434381998
SAPsAribaNetwork-Cloud-enabledBusinessCollaboration-1434069739-1434381998
Frederic Girardeau-Montaut
Ariba and SAP_The Hybrid Cloud Approach_2015
Ariba and SAP_The Hybrid Cloud Approach_2015
Frederic Girardeau-Montaut
Mehr von Frederic Girardeau-Montaut
(6)
Beyond EDI - Unlocking new value with SAP Ariba_July2016
Beyond EDI - Unlocking new value with SAP Ariba_July2016
Ariba_Sourcing_sales_sheet_final_WEB_02Nov2015
Ariba_Sourcing_sales_sheet_final_WEB_02Nov2015
Ariba® Spend Visibility - pinpoint where the money is going_Sept2015
Ariba® Spend Visibility - pinpoint where the money is going_Sept2015
Ariba® Invoice and Dynamic Discounting - Pay early, save more_Sept2015
Ariba® Invoice and Dynamic Discounting - Pay early, save more_Sept2015
SAPsAribaNetwork-Cloud-enabledBusinessCollaboration-1434069739-1434381998
SAPsAribaNetwork-Cloud-enabledBusinessCollaboration-1434069739-1434381998
Ariba and SAP_The Hybrid Cloud Approach_2015
Ariba and SAP_The Hybrid Cloud Approach_2015
FSI_Third Party Risk Management_Deloitte PoV
1.
Managing Third-Party Relationships in
the Financial Services Industry Leveraging leading practices and technology to achieve excellence in OCC compliance
2.
Copyright © 2014
Deloitte Development LLC. All rights reserved2 Deloitte’s Point of View on Third-Party Risk Management What is required to effectively manage risk? Governance and controls Achieving a rating of “Strong/Excellent” Why should Financial Institutions be concerned with third- party risk? U.S. financial institution regulators have made clear their expectations that firms must deploy third-party risk management programs that will achieve a rating of “strong” Regulatory expectation Enforcement actions The number of enforcement actions since 2011 has remained steady while total penalties have soared from $54MM (2011) to $3.6BB (2013) How can Financial Institutions leverage the Deloitte Third- Party Risk Management (TPRM) Framework to achieve excellence in risk management and OCC compliance? Formalized third-party risk management program Risk & regulatory mapping to the third-party landscape Risk-based classification and oversight Management reporting Adopt end-to-end approach to supplier lifecycle management, including evaluation and selection, contracting and on-boarding, managing and monitoring, terminating and off-boarding Building risk management excellence requires a holistic and proactive approach, people, processes and technology SAP InfoNet can augment existing supplier lifecycle management technology Incorporate an insights tool that is embedded in to your sourcing, supplier invitation, pre-qualification, selection and management process Ongoing monitoring of global or targeted vendor risk facilitated by noise filtering technology that delivers relevant information in real time. Third and fourth-party risk assessment, due diligence, contract provisions, oversight and monitoring, business continuity and contingency plans, other risk considerations Governance and oversight structure, policies and procedures, audit practices, measuring, monitoring, alerting and reporting capabilities 1 2 3
3.
Copyright © 2014
Deloitte Development LLC. All rights reserved3 The Federal Guidance On Third-Party Risk Develop a risk assessment framework to analyze the business activities and implications of outsourcing the proposed activities as well as the service provider risk, and determine cost implications for establishing the outsourcing arrangement Risk Assessments Due Diligence and Selection of Service Providers Perform the necessary due diligence for a prospective service provider prior to engaging the service provider with regard to business background, reputation, strategy, financial performance, condition & operations, and internal controls Contract Provisions and Considerations Develop well defined contracts and service agreements with elements including scope, cost and compensation, right to audit, confidentiality, ownership and license, insurance, etc. Incentive Compensation Review Implement effective processes to review and approve incentive compensation for service providers as inappropriately structured incentives may result in reputational damage, increased litigation, or other risks to the financial institution Oversight and Monitoring of Service Providers Implement processes to effectively monitor contractual requirements and establish acceptable performance metrics especially for higher risk service providers that exhibit performance, financial, compliance, or control concerns Business Continuity and Contingency Plans Prepare contingency plans for DRP, BCP, roles and responsibilities for maintaining and testing the service provider's business continuity plans, and maintain an effective and well tested exit strategy Additional Risk Considerations Develop additional risk considerations for suspicious activity report (SAR) reporting functions, foreign-based service providers, internal audit and other related risk management activities Both the OCC Bulletin 2013-29 and the Federal Reserve System guidance on managing outsourcing require Financial Institutions to establish effective risk management capabilities commensurate with the level of risk presented by the outsourcing arrangements. 1
4.
Copyright © 2014
Deloitte Development LLC. All rights reserved4 Effectively Managing Third-Party Risk Requires Focus on 4 Areas Governance & Risk Culture Description Boards of directors and senior management should set the “tone at the top” Establish the risk appetite and implement the appropriate operating structure and risk framework to manage the firm Key Activities Description Internal controls (financial and operational) should help prevent and detect inappropriate or unapproved risk taking. and determine conformance with risk appetite Establish and document ownership of various report and monitoring activities to the appropriate forums / functions / individuals in the governance and operating model Key Activities Comprehensive documentation of management policies, procedures and guidelines Description Implement robust policies and procedures that address the complexity of their business and their risk appetite Create sound risk mitigation strategies and controls Key Activities Description Key Activities Management Process & Internal ControlsRisk Metric, Tools Reporting Build a robust IT infrastructure and overall risk management framework Establish an appropriate set of Key Risk Indicators (KRIs) and Key Performance Indicators (KPIs) that will be measured and reported Identify appropriate reporting requirements and key escalation points Policies and Standards Strong ongoing Business Unit collaboration and global alignment Clearly defined and communicated data ownership and associated responsibilities Firms should have the ability to identify, measure, monitor and report all risks 2
5.
Copyright © 2014
Deloitte Development LLC. All rights reserved5 To Achieve a Rating of “Strong/Excellent”, You Need to Manage Risks Across the Third-Party Management Lifecycle Third-party risk is not a risk unto itself. It is a combination of other risks with various degrees of severity based on the nature of the relationship with the third-party: An organization is exposed to a variety of risks when it utilizes third parties The level of risk exposure varies based on how third parties are used, can impact regulatory compliance, and impact meeting financial performance and strategic objectives Organizations must establish a systematic approach to manage these risks across the Third-Party Lifecycle Third-Party Management Lifecycle Evaluate and select Manage and monitor Terminate and off-board Contract and on-board Strategic Information Security Reputation Compliance Transactional / Operational Credit Contractual Geopolitical Financial Stability Business Continuity Third-Party Risks Third-party profile Product/service profile Level of integration with processes / operations Service model affecting third- party oversight Dependency on fourth parties Impact on customers, reputation, financial & strategic objectives How Risks Are Manifested 2
6.
Copyright © 2014
Deloitte Development LLC. All rights reserved6 Building Risk Management Excellence Requires a Holistic and Proactive Approach , People, Processes and Technology 3 Keep compliance costs low Build strong third-party risk management capabilities including leading practices, processes, governance and policies & procedures Implement a sustainable risk management processes capable of addressing existing risk as well as adapting to emerging risks focused on the alignment of risk management activities with strategic and performance objectives Deploy tools that will not only help gain full visibility over the third-party landscape but also help design optimum mitigation strategies Leverage technology that is capable of delivering only the information that is relevant to the business or its functions and filtering out the “noise” of risk data Key Benefits of enabling Deloitte’s TPRM Framework
7.
7©SAP CONFIDENTIAL 2013 7
Copyright © 2014 Deloitte Development LLC. All rights reserved. Technology Is a Key Enabler of the TPRM Framework – SAP InfoNet Enables Efficient Supplier Due Diligence and Ongoing Monitoring SAP InfoNet offers Supplier Risk Analysis, a dynamic cloud-based knowledge service that provides visibility and insights to suppliers or supply locations at risk, and highlight the relevance to your business. SAP InfoNet monitors a number of risk categories including reputational, operational, regulatory, compliance, financial, etc. for your suppliers, and be alerted to risk based on relevance, context and impact to your business. SAP InfoNet empowers users to take action with full knowledge of a supplier’s risk profile. Value Proactively qualify, select and monitor your suppliers Reduce supplier lifecycle management costs Manage third-party regulatory and compliance adherence better Protect your brand News and geo Alerts on Disruptive Events Risk insights relevant to you Risk impact analysis Risk profile at point of use Supply base dashboard Real-Time Risk Analysis 3
8.
8 Copyright ©
2014 Deloitte Development LLC. All rights reserved. What are the Key Steps to Deploy Deloitte’s TPRM Framework? Phase 5 Post Deployment 3. Deploy SAP InfoNet 4. Manage Supplier Risks 1. Evaluate Situation 2. Define Policies & Procedures Identify corporate strategic objectives Assess supplier strategic impact Establish risk management monitoring requirement Design supplier segmentation program based on operational risk, strategic and financial impact Collect data requirements Set up news Phase 1 Kick Off Phase 2 Supplier Landscape Evaluation Phase 4 Go Live Phase 3 Roll out Establish governance structure Define compliance requirements Identify supplier risks Conduct supplier operational impact analysis Compute supplier financial impact Design project plan Design data protocols Deploy data transformation strategy Set up apps Load client data Set up user credentials Design custom risk reports Publish risk reports and analytics reviews Administer user training Coordinate hand-offMonitor Go-Live session On-going technical support Optional managed services Deloitte SAP Both 3
9.
9 Copyright ©
2014 Deloitte Development LLC. All rights reserved. Our TPRM Framework is designed to accommodate two sustainment approaches: (1) hand-off to your internal organization or (2) post go-live services managed by Deloitte Post “Go-live”, Two Options to Sustain the Enabled Risk Management Approach Exist Hand Off Managed Services Team Selection Team Training Policies & Procedures Execution Report & Alerts Configuration On-Going Risk Monitoring Mitigation Strategy Evaluation Maintenance & Troubleshooting Program Performance Evaluation Client Deloitte SAP Client Deloitte SAP 3 Post Go-Live Activities
10.
10©SAP CONFIDENTIAL 2013 10
Copyright © 2014 Deloitte Development LLC. All rights reserved. Contact Us to Learn More Ryan Flynn Principal, Deloitte Consulting LLP rpflynn@deloitte.com +1 (312) 498-8250 Frederic Girardeau-Montaut Director, Deloitte Consulting LLP fgirardeau@deloitte.com +1 (610) 905-2042 Jeffrey Simon Director, Deloitte Risk Advisory LLP jefsimon@deloitte.com +1 (973) 451 6772 10 Padmini Ranganathan V.P. Product Management, SAP padmini.ranganathan@sap.com Keertan Rai Solutions Marketing, SAP Keertan.rai@sap.com
11.
This presentation contains
general information only and Deloitte is not, by means of this presentation, rendering accounting, business, financial, investment, legal, tax, or other professional advice or services. This presentation is not a substitute for such professional advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified professional advisor. Deloitte shall not be responsible for any loss sustained by any person who relies on this presentation. Copyright © 2014 Deloitte Development LLC. All rights reserved. Member of Deloitte Touche Tohmatsu Limited
Jetzt herunterladen