March 13, 2017 Global Executive Summit SIG Working Council Third Party Risk Management National Bank of Canada Bernard Truong Senior Director of Third Party Risk Management Sourcing Industry Group Matt Shocklee SIG Global Ambassador ONTALA Linda Tuck Chapman CPO Emeritus and President sig.org/summit
19
Embed
SIG Working Councilsig.org/docs2/Council_3PRM_March_16_2017_Meeting_2017_03_11.pdf · SIG Working Council Third Party Risk Management National Bank of Canada Bernard Truong Senior
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
March 13, 2017
Global Executive Summit
SIG Working CouncilThird Party Risk Management
National Bank of CanadaBernard TruongSenior Director of Third Party Risk Management
Sourcing Industry GroupMatt Shocklee
SIG Global Ambassador
ONTALALinda Tuck ChapmanCPO Emeritus and President
Introduce SIG Working Council Concept & Structure- Third Party Risk Management Working Council Charter- Discuss role/responsibilities of the Members of the Leadership Team- Review of last WebEx session
Matt Shocklee (SIG)
10:40amLifecycle Management; Governance and Oversight.How to Create a Supplier Tool Kit
Bernard TruongLinda Tuck Chapman
11:10amReview Council Member Survey Results Matt Shocklee (SIG)
11:15am Topics/Speakers for the next WebEx meeting in April 2017
Introduce SIG Working Council Concept & Structure- Third Party Risk Management Working Council Charter- Discuss role/responsibilities of the Members of the Leadership Team- Review of last WebEx session
Matt Shocklee (SIG)
10:40amLifecycle Management; Governance and Oversight.How to Create a Supplier Tool Kit
Bernard TruongLinda Tuck Chapman
11:10amReview Council Member Survey Results Matt Shocklee (SIG)
11:15am Topics/Speakers for the next WebEx meeting in April 2017
SIG Working CouncilThird Party Risk Management (3PRM)
sig.org/summit
What are our Working Council’s Objectives for 2017?
• Identify the key topics of interest to be addressed through quarterly webinars and semi-annual on-site meetings at the SIG Summits as well as through other methods such as research, white papers or special events.
• Identify SIG and guest speakers/thought leaders to address the topics/areas of interest identified above.
• Identify any special initiatives/activities related to SIG’s programming/services suchas education/training, research, tools/technologies or other value added areas the Council should consider for its SIG Members.
Current Schedule of Future Events:
• WebEx Meeting # 3: Friday, April 21st at 2pm EDT via WebEx.
• WebEx Meeting #4: TBD July 2017
• On-site: Fall 2017 Global Executive Summit – Carlsbad, CA
Introduce SIG Working Council Concept & Structure- Third Party Risk Management Working Council Charter- Discuss role/responsibilities of the Members of the Leadership Team- Review of last WebEx session
Matt Shocklee (SIG)
10:40amLifecycle Management; Governance and Oversight.How to Create a Supplier Tool Kit
Bernard TruongLinda Tuck Chapman
11:10amReview Council Member Survey Results Matt Shocklee (SIG)
11:15am Topics/Speakers for the next WebEx meeting in April 2017
Matt ShockleeBernard TruongLinda Tuck Chapman
11:20am Other topics of interests and Q&A Matt/Bernard/Linda?
Third party risk managementlifecycle management + governance
Relationships should be managed through their lifecycle
Good governance begins with insight and oversight
Business Need and
Requirements Initial Inherent
Risk Assessment
Sourcing and Pre-Selection
Activities
Risk-Centric
Due Diligence
Risk-Adjusted Controls and Contracting
Residual Risk Assessment
and Risk Tiering
Deal Summary ; Risk
Acceptance
Finalize Execute Contract
Appoint Relationship
Manager
Onboard; Implement
Controls
Manage Performance,
Costs Risks and Issues
Periodic Reviews and
Reassessment(s)
Renew, Amend or Terminate
Companies can have
Business Need and Requirements
Initial Inherent
Risk Assessment
Sourcing and Pre-Selection Activities
Risk-Centric
Due Diligence
Risk-Adjusted Controls and Contracting
Residual Risk Assessment and Risk
Tiering
Deal Summary ; Risk Acceptance
Finalize & Execute Contract
Appoint Relationship Manager
Onboard; Implement Controls
Manage Performance, Costs Risks and Issues
Periodic Reviews and Reassessment(s)
Renew, Amend or Terminate
New or substantially
different
Lifecycle management… a substantial increase in rigor and controls
Companies can haveGovernancesubstantial increase in sr. level engagement
Ransomware a pervasive cyber issue
Source: NIST Special Publication 800-184; Guide for Cybersecurity Event Recovery http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-184.pdf
Computer malware that covertly installs in systems and devices. It either mounts the crypto viral extortion attack that holds the victim's data hostage, or mounts a leakware attack that threatens to publish the victim's data. Relatively small ransom amounts are demanded, making it easier to pay than to expend expensive resources trying to isolate and eradicate malware that is constantly changing.
Introduce SIG Working Council Concept & Structure- Third Party Risk Management Working Council Charter- Discuss role/responsibilities of the Members of the Leadership Team- Review of last WebEx session
Matt Shocklee (SIG)
10:40amLifecycle Management; Governance and Oversight.How to Create a Supplier Tool Kit
Bernard Truong/Linda Tuck Chapman
11:10amReview Council Member Survey Results Matt Shocklee (SIG)
11:15am Topics/Speakers for the next WebEx meeting in April 2017
Matt ShockleeBernard TruongLinda Tuck Chapman
11:20am Other topics of interests and Q&A Matt/Bernard/Linda
Introduce SIG Working Council Concept & Structure- Third Party Risk Management Working Council Charter- Discuss role/responsibilities of the Members of the Leadership Team- Review of last WebEx session
Matt Shocklee (SIG)
10:40amLifecycle Management; Governance and Oversight.How to Create a Supplier Tool Kit
Bernard Truong/Linda Tuck Chapman
11:10amReview Council Member Survey Results Matt Shocklee (SIG)
11:15am Topics/Speakers for the next WebEx meeting in April 2017Matt ShockleeBernard TruongLinda Tuck Chapman
11:20am Other topics of interests and Q&A Matt/Bernard/Linda