Third-Party Risk Management (TPRM) Training Course

Introduction:

Third-party risk management (TPRM) is a multifaceted form of operational risk, encompassing potential issues arising from affiliations with entities such as suppliers, contractors, and other business associates. Regulators are growing concerned about the risks that third parties may introduce to firms.

This course offers an extensive understanding of Third-Party Risk Management (TPRM), from detailing its scope and creating a robust framework to the everyday execution of TPRM operations. Our Third-party Risk course empowers your team with knowledge of various third-party risks and the methodologies to manage them effectively.

This third-party risk management (TPRM) training course will prepare participants to effectively anticipate, manage, and mitigate risks posed by third parties, incorporating TPRM best practices and solutions into daily operations. Participants can also pursue third-party risk management certification to validate their skills and knowledge in this increasingly critical field.

Targeted Groups

• Individuals involved in risk management.
• Those engaged in cybersecurity.
• Professionals aiming to grasp TPRM best practices and tools.

Course Objectives

By the end of this third-party risk management (TPRM) course, participants will:

• Recognize the critical importance of third-party risk management.
• Identify risks associated with third-party relationships and their specific threats.
• Understand the essential elements of a third-party risk management framework.
• Gain familiarity with the regulatory environment and key terms used in TPRM.
• Outline the stages of the TPRM lifecycle.
• Formulate a continuity strategy, including termination and exit plans for significant outsourcing relationships.

Targeted Competencies:

Participants competencies in this third-party risk management (TPRM) training will:

• Mastering third-party risk management.
• Vendor management proficiency.
• Acute awareness of operational risk.
• Resilience and business continuity strategies.
• Risk management expertise.
• Internal audit capabilities.
• IT and Data risk management.

Course Content:

Unit 1: Defining Third-Party Risk Management (TPRM):

• Scope and significance of TPRM.
• Identifying relevant third parties.
• Classifying third parties based on various criteria.

Unit 2: Identifying and Understanding Third-Party Risks:

• Relationship between business objectives and third parties.
• Analyzing the types of impacts from third-party risks.
• Direct and indirect risks from third-party engagements.
• Establishing a taxonomy for third-party risks.
• Risk Bow Tie analysis for risk mapping and comprehension.

Unit 3: A Third-Party Risk Management Framework:

• Incorporation of ISO 31000 standards.
• Application of the eight elements of ISO 31000 within TPRM processes.
• Communication, consultation, and native language considerations.
• Risk identification, analysis, evaluation, and treatment.
• Ongoing monitoring, review, recording, and reporting.
• Developing a cohesive TPRM ecosystem.

Unit 4: Compliance Requirements in TPRM:

• Comprehending critical TPRM compliance requirements:
  • Outsourcing.
  • Modern Slavery.
  • Anti-bribery and corruption.
  • Privacy and data protection.
• Due Diligence procedures.
• TPRM processes and compliance management integration.

Unit 5: Mapping the Steps in TPRM:

• Third-party selection criteria and processes.
• Strategies for initial screening and tiering.
• Implementation of Initial Due Diligence.
• Decision-making and approval processes.
• Onboarding with contractual considerations.
• Continuous monitoring and maintenance.
• Managing incidents such as non-performance or failure.
• Offboarding strategies.
• Connections with other internal risk types and processes (e.g., Cyber, Fraud, Technology, and Data).
• Linkage to Operational Resilience Practices.

Unit 6: Initial Screening, Tiering, and Due Diligence:

• Critical factors in initial screening (Data security and financial security).
• Information sourcing: Internal vs. third-party agencies.
• The Interplay with Risk Appetite.
• Methodologies for understanding third-party importance.
• Determining the scope of Due Diligence.
• Execution of Due Diligence processes.

Unit 7: Ongoing Monitoring and Maintenance:

• Regular updates to due diligence.
• Ensuring continuous compliance.
• Ongoing monitoring of SLAs and contractual obligations.
• Persistent management, including third-party training.
• Establishing risk metrics and monitoring using external and internal data and alerts.
• Procedures for escalation and risk treatment.
• Reporting and analytical frameworks.