Bill Bonney, Chris Forbes, Gary Hayslip, Dr. Andrea Little Limbago, and Matt Stamper bring together a wealth of expertise from across the risk management spectrum, forming an ideal team to address the complex and urgent challenges of third-party risk. Drawing on their collective experience as practitioners, consultants, and researchers, they deliver a rich blend of insights that both inform and motivate. Their guidance spans philosophical concepts, practical steps, and technical details, equipping you to design a third-party risk management program that’s robust, forward-thinking, and exceeds mere regulatory compliance. Mastering Third-Party Risk: A Practical Handbook for Managing Vendor, Third-Party, and Supply Chain Threats in Every Organization empowers you to proactively manage risks, enhance your supply chain, and prepare for emerging threats.
Third-party risks that are the result of relationships external to our organizations grow greater and more complex as the number of third parties we deal with grows and the complexity of our supply chains increases. In the ever-expanding and rapidly evolving global marketplace, supply chain management (SCM) has become increasingly critical for businesses of all sizes. SCM is a necessary lifeline for organizations that depend on external providers for their products, services, intellectual property, and integration of extended partner networks. As supply chains become increasingly complex, often spanning multiple countries, they become more vulnerable to geopolitical risks and logistical challenges. Unplanned events, such as natural disasters, supplier bankruptcies, trade disputes, and cyberattacks, can lead to significant operational disruptions and economic losses and have profound implications for a company’s financial stability. This book provides a thorough treatment of third-party risk, whether you’re dealing primarily with regional vendors or a complex global supply chain.
Table of Contents
Mastering Third-Party Risk
A Practical Handbook for Managing Vendor, Third-Party, and Supply Chain Threats in Every Organization
Section 1 – Foundations of Third-Party Risk Management (Chapters 1-3)
In the first section, “Foundations of Third-Party Risk Management,” handle the key governance foundation of TPRM. Section one lays out governance principles such as charters, policy, roles and responsibilities, required resources and some of the fundamental tools to successfully manage your program.
Section 2 – Operational Considerations for Third-Party Risk Management Programs (Chapter 4-7)
In Section two we go through the operational ecosystem that makes up the tasks and risk considerations of TPRM. We methodically dissect the TPRM lifecycle, beginning with bringing new third parties onboard, including the due diligence necessary to do that safely. We also discuss the day-to-day operations and continual risk mitigation required to manage third-party risk. We then look at how to respond when incidents occur within your third-party portfolio and finally, how to safely offboard terminated third parties.
Section 3 – Managing and Optimizing (Chapters 8-10)
In Section three we begin to examine the external factors that impact the supply chain and provide a methodology for optimization. First, in Chapter 8, we provide a comprehensive analysis of how global supply chains have transformed in response to recent disruptions and geopolitical shifts. Then in Chapter 9, we present a comprehensive framework for optimizing supply chain risk management (SCRM) programs, emphasizing the need for practical, agile, and financially sound approaches that align with business objectives and resilience goals. Finally, in Chapter 10, we examine the growing and intertwined risks of sustainability, climate change, and third-party (vendor) management. Whether or not companies take a stance on combating climate change is irrelevant to the impact that these changes will have on them, their suppliers, and their customers.
Section 4 – Legal and Regulatory (Chapters 11 and 12)
In Section four we do a deep dive into the legal and regulatory frameworks that inform how we operate our third-party risk management programs. We start in Chapter 11 by examining the critical legal aspects of Third-Party Risk Management (TPRM), emphasizing the importance of thorough, well-crafted contracts and the necessity of close collaboration among legal, security, and operational teams. We also look at how the shifting international regulatory landscape has created a very dynamic and fluid set of requirements that take continual diligence. Then in Chapter 12, we look at the specifics of regulatory action and what it directly means for your programs.
Section 5 – Supply Chain Risks (Chapters 13 and 14)
In Section five we begin in Chapter 13 by unpacking a holistic, adaptive approach that blends rigorous methodologies, advanced technology, cross-functional collaboration, and continuous improvement to anticipate, mitigate, and respond to the full spectrum of supply chain risks. In addition to the analytical approach, we also demonstrate the value of building a strong risk culture, fostering communication, and integrating risk management with business strategy. In Chapter 14, we finish Section 5 and the book by exploring the rapidly evolving landscape of artificial intelligence (AI) and its profound impact on third-party risk management.
Your content goes here. Edit or remove this text inline or in the module Content settings. You can also style every aspect of this content in the module Design settings and even apply custom CSS to this text in the module Advanced settings.