{{item.videoDuration}}
{{item.title}}
{{item.text}}
{{item.videoDuration}}
{{item.title}}
{{item.text}}
Latest insights - 4 items
As the world changes geo politically and technologically, so do businesses’ supply chain, operations and business models. Organisations cannot remain competitive and relevant without third party relationships as part of their service offerings and operations.
With the opportunities with third party collaboration also brings exposure to specific risks, such as the potential loss of sensitive data, and possible disruptions to critical business services. The sheer number of third-party relationships companies often have can make it difficult to oversee the multiple risks involved.
As organisations increasingly expand their ecosystem, enhancing collaboration with third parties, the need to have a robust third party risk management program also increases. Hence, having an efficient and effective tech-powered third-party risk management programme is critical, from onboarding, including integrity due diligence, to persistent monitoring.
We help organisations prioritise their third-party risk management program to focus on the risks that matter (e.g., technology, cyber, resilience, concentration, etc) and offer effective and pragmatic solutions to tailor risk and control processes and operating models to effectively manage third party risks.
How our third party risk management services can help you
We assist your organisation with the design and implementation of third party risk management programmes, including strategically selecting the right technology and providing managed services solutions, to ensure you receive the necessary support throughout the entire third party risk management journey.
- Third party risk management framework
- Third party risk target operating model
- Third party risk management operations
- Service standards and control environment
Third party risk management framework
To manage your third parties and their risk, we can help you build or enhance your third party risk management framework that is fit for purpose while meeting regulatory requirements.
Our framework helps you understand and identify risk associated with your third party in alignment to your enterprise business and risk management strategy. As part of the framework, we can help you establish:
- third party risk governance structure, including reporting lines and oversight functions;
- develop or enhance your policies and standards for third party risk;
- key risk considerations in evaluating your third parties;
- minimum regulatory considerations for third party risk management, for example MAS Outsourcing Guidelines.
Third party risk target operating model
We provide advisory services to help you design and build a fit-for-purpose target operating model tailored to your organisation’s needs, ensuring operational compliance with regulatory requirements and protecting stakeholder trust in your organisation.
The model would help to address 3 important aspects in your third party risk management:
- People - Roles and responsibilities
- Process - Risk management processes through your third party management lifecycle
- Tools - Enablers to standardise and streamline your risk management activities such as, guidance or templates to support risk assessment, materiality assessment, due diligence, exit management, and more
We are also here to support you in your journey to optimise your third party risk management programme through technology integration to drive an effective programme.
Third party risk management operations
We can provide support in the operations of your third party risk activities in pre-onboarding, ongoing monitoring and exit management of your third party arrangements, such as:
- risk and materiality assessment and mitigation based on nature of arrangements;
- due diligence on third parties based on risk exposure, for example third party security control review, business continuity management process in third parties, ability of third party to meet regulatory requirement such as MAS Technology Risk Management Guidelines, etc;
- third party independent assessment including intra-group arrangements reviews, on-site visits, remote visits, etc;
- service terminations and offboarding assessment such as controls related to data disposal, service transitioning, return of asset, etc.
Our pay-per-use service model can help your organisation to manage volume of risk management activities and optimise cost of operations while achieving a consistent, standardise and quality executions.
Service standards and control environment
We can provide support to assess and enhance service provider’s readiness/maturity against relevant industry best practices and applicable regulations such as ISO, NIST, MAS TRM Guidelines, etc. We help service providers take stock of their current environment and advise them on ways to bring their maturity to the next level.
PwC can provide the following services:
- Assess the service provider’s environment against various regulatory requirements and industry standards (MAS TRM Guidelines and Notices, OSPAR, NIST, ISO, etc.);
- Assess the service provider’s maturity against relevant industry practices (Cyber Maturity, etc.).
{{filterContent.facetedTitle}}
{{contentList.loadingText}}
{{contentList.loadingText}}
Follow us
