It's the best way to help risk adjusting, and then the second is, of course, the risks that are presented by the relationship itself. Most companies are still managing their programs on the inherent risk, which is the risk prior to the assessment of the strength and controls, but some companies have been able to selectively move to residual risk management. It is a journey. What you really want to think about is depending on the lens you'd want to put on it. How good is the business at actually managing the relationship and the risk, and you may selectively want to deal with the different businesses. They have more people, more robust processes. We're starting to see tech and ops groups build third-party management programs so that they can get sharing best practices and, also, to reduce the resource requirements.

The other thing is also to really think about the risk itself. The risk actually belongs to the business and if you're not doing this, you really should give them a formal ... Put in place a formal acceptance process. If you have a really great sourcing and procurement department, just blend those things together to say you're either new, renewing, et cetera, and here is a broader view of the relationship because that's really what matters to the business. It's not a single thread, but the broader thread. Okay, so moving along. When you think about risk-centric or risk-adjusted programs, risk-centric just means systematic or risk oriented. If you can really start to think.

If you got a program in place, I would spend a lot of time thinking about the risk centricity of your programs and how to risk adjust them because you want to make sure that the work effort and the controls you're putting in place commensurate with the actual risk of the relationship. The types of risk filters allow that you can put in place, allows you to get more clarity on the risk. Some of the programs are starting to migrate and a couple of newer things that we're seeing is that sort of entire categories of relationships go through an initial review to say, "Okay. This type of relationship should be coming out our risk filter as a high risk. This type should be coming out of your risk."

Then when you go through the process and it comes out as something else, it can determine whether your risk filters whether or not they're too tight or too loose or whatever or if you're starting to see a lot of the exceptions, you can start to adjust. Start looking at your issues and incidents and that can better inform your due diligence programs. You want to make sure that your contract controls are not one size fits all because, boy, that'll sure slow down your contracting process if you're trying to get your third parties to sign up or contract terms that don't really make any sense to them because they either don't apply, they don't make sense for this relationship or they're just totally unrealistic.

Basically, the more and more you do this, the smoother it'll go and you'll find that things will start to speed up

This webinar was co-hosted with Linda Tuck Chapman of Ontala Performance Solutions.