ENHANCING BOARD OVERSIGHT: NAVIGATING THIRD PARTY RISK MANAGEMENT CHALLENGES

R&C: How can boards effectively oversee the strategic integration of third party risk management (TPRM) within an organisation’s overall risk management framework?

Matthews: The board’s oversight of third party risk management (TPRM) is pivotal to aligning it with the organisation’s overall risk framework and appetite. Essential actions should be considered to achieve this. Boards should ensure that enterprise-wide governance structures define clear roles and responsibilities for TPRM, with a clear leader for the programme. The board should understand how third parties are involved in the delivery of the organisation’s strategy and ensure that management has undertaken appropriate due diligence to mitigate key risks such as to reputation. Boards need to ensure that management has taken a risk-based approach to TPRM so that effort and focus is aligned to risk appetite, and that the various reports on risk position to the board allow for an understanding of how much of that particular risk is managed by third parties.

Jul-Sep 2024 Issue

KPMG LLP