Iceberg recently worked with a large U.S. financial organization to centralize and automate a number of Third Party Risk Management (TPRM) processes within a GRC solution, in order to achieve greater efficiency and effectiveness.
The Challenge
Many of the organization’s vendor risk management activities were being done using tools like Excel, Sharepoint and PeopleSoft, posing a number of challenges including:
- Overall vendor management: Getting an accurate, centralized view of all engagements for a vendor was difficult, and there was no way to aggregate risk scores between engagements. Information about vendors was disjointed in numerous spreadsheets and internal documents.
- Risk assessments: The Excel-based questionnaire had become unwieldy because of the sheer volume of questions, answers, reviews, and comments (in some cases covering nearly 1,000 control questions) and they were having trouble scaling this approach due to the number of engagements. The organization needed a logic based questionnaire to reduce the complexity of the assessment process.
