How to Risk Adjust Your Program

How to Risk Adjust Your Program


 You can download a full copy of the slides from this webinar. 




Full transcript available below:

Hello, everyone, and welcome to today's webinar hosted by me, Joe Boyhan, of MCO and third-party risk expert and president of ONTALA Linda Tuck Chapman

This is another concept that you want to think about, basically, is a concept of risk segmentation and this is how you actually risk adjust your program. There are two different dimensions and even if your risk calculator blends them together, criticality, which is another way of saying, "reliance," is one dimension that is the first year or first filter that you'd want to put things through.

It's the best way to help risk adjusting, and then the second is, of course, the risks that are presented by the relationship itself. Most companies are still managing their programs on the inherent risk, which is the risk prior to the assessment of the strength and controls, but some companies have been able to selectively move to residual risk management. It is a journey. What you really want to think about is depending on the lens you'd want to put on it. How good is the business at actually managing the relationship and the risk, and you may selectively want to deal with the different businesses. They have more people, more robust processes. We're starting to see tech and ops groups build third-party management programs so that they can get sharing best practices and, also, to reduce the resource requirements.

The other thing is also to really think about the risk itself. The risk actually belongs to the business and if you're not doing this, you really should give them a formal ... Put in place a formal acceptance process. If you have a really great sourcing and procurement department, just blend those things together to say you're either new, renewing, et cetera, and here is a broader view of the relationship because that's really what matters to the business. It's not a single thread, but the broader thread. Okay, so moving along. When you think about risk-centric or risk-adjusted programs, risk-centric just means systematic or risk oriented. If you can really start to think.

If you got a program in place, I would spend a lot of time thinking about the risk centricity of your programs and how to risk adjust them because you want to make sure that the work effort and the controls you're putting in place commensurate with the actual risk of the relationship. The types of risk filters allow that you can put in place, allows you to get more clarity on the risk. Some of the programs are starting to migrate and a couple of newer things that we're seeing is that sort of entire categories of relationships go through an initial review to say, "Okay. This type of relationship should be coming out our risk filter as a high risk. This type should be coming out of your risk."

Then when you go through the process and it comes out as something else, it can determine whether your risk filters whether or not they're too tight or too loose or whatever or if you're starting to see a lot of the exceptions, you can start to adjust. Start looking at your issues and incidents and that can better inform your due diligence programs. You want to make sure that your contract controls are not one size fits all because, boy, that'll sure slow down your contracting process if you're trying to get your third parties to sign up or contract terms that don't really make any sense to them because they either don't apply, they don't make sense for this relationship or they're just totally unrealistic.

Basically, the more and more you do this, the smoother it'll go and you'll find that things will start to speed up


Download our whitepaper "Framework for a Third Party Risk Management Program".


This webinar was co-hosted with Linda Tuck Chapman of Ontala Performance Solutions.

Find out how MCO can help

Request a demo today to learn how MyComplianceOffice puts you in command of your compliance program, synchronizing your business needs with regulation. 

Request a Demo



Download our four page Portfolio of Solutions to learn about;

  • Personal Trade Monitoring
  • Gifts & Entertainment
  • Political Contributions
  • Third Party vendor risk management
  • Trade surveillance
  • And more

Brochure Download