Get back to basics with your third-party risk programme
In our recent webinar, “Back to Basics: Are You Building Your Third-Party Risk Management Programme Effectively?”, our Services Director explores how to build a third-party risk management programme from scratch, for an SME company, “Bananas”.
“Julie”, the Third-Party Risk Manager of “Bananas”, recognises that a formal system needs to be put in place. Julie builds a system for capturing and monitoring this programme, given the limited budget and not quite knowing what she needs. She opted for the cheap and cheerful Excel sheet as a base.
SureCloud’s Services Director (GRC) demonstrates utilising simple forms, built out on desktop software such as Excel spreadsheets, to help you begin to gain control of your supply chain.
You can download the Excel sheet template at the bottom of the page.
This download will help you understand what is needed to map out your third-party risk programme and where you should start. Tabs include: third party register, SAQ log, audit log and exceptions log.
Excel spreadsheets not cutting it?
Using an Excel sheet to monitor your third-parties is great for a small start-up business, however there are limitations to Excel, such as:
- It doesn’t do very much on its own.
- There is a lot of manual updating, it doesn’t trigger anything automatically. Reporting has to be built manually.
- It’s not secure.
- It has no audit log, so you don’t know who changed what, from what and when.
- Spreadsheets sit idly by as deadlines come and go, it doesn’t chase or email anyone.
- Countless emails have to be sent to create interaction.
- Finally, someone in the business made it, they will forever support it and what if that person leaves?
You may be like “Julie” and find that after running the program for a year or two, it starts to generate its own work and you need to look at a Third-Party Risk Management platform.
Introducing SureCloud’s Third-Party Risk Management Solution Third-Party
- A holistic view of third-party risk within your organisation.
- Create a centralised register of your third parties.
- Ensure that your network of partners or third parties does not undermine the level of security you apply internally.
- Create your own and edit existing questions through a fully configurable question library.
- Configure sophisticated assessments using screening or conditional questions.
- Monitor third-party progress through the built-in workflow, prioritised by their importance to the business.
- Results and risks are aggregated in real-time on dashboards.
Want to learn more about Julie’s story?
Watch our recent webinar to dive deeper into the story. You can watch it on-demand here.