July 13th, 2022 •
Hannah Tichansky • Reading Time: 5minutes
It’s important to get enterprise software purchase decisions right – they are the center of successful third-party risk programs for the business and they impact the adoption and performance of many users. TPRM software demos are a key part of this process.
Research is one of the first steps needed in order to narrow down the focus of which TPRM vendors could best fit your organization. During this phase you should be taking time to determine your current TPRM maturity and needs, as well as exploring relevant analyst reports and the software vendors they’re rating.
The Importance of Conducting Research Before TPRM Software Demos
It is important to approach vendor meetings and software demos with care. It’s critical to understand what capabilities you should be looking for and what questions you should be asking when you are assessing providers. This process can be further complicated if “why” the organization needs to purchase a TPRM solution is lost amongst the lists of tactical questions from various internal stakeholders. At the end of the day, you need to know- is the solution scalable, agile, and adaptable?
Once you know your current TPRM maturity you will have a better understanding of your program’s pain points and what you need in order to improve upon them. Determine where the gaps are during the research phase of your journey and create a shortlist of vendors whose options seem like a good fit to meet your needs.
Not All TPRM Programs Are Created Equal
Keep in mind that each vendor carries its own inherent risk profile both at the entity level, but also according to the types of engagements that they are being used for. Agile TPRM has to be able to drill down into every branch of the third-party relationship to closely manage and monitor individual contracts and SLAs in detail and as well as assessments for multiple risks. Other tools may track individual third parties in great detail, but they can’t easily show the big picture you need to understand the overall risk across the third-party portfolio.
It’s not just about TPRM, either. Enterprises should also ensure that the solution can cover all of their current third-party compliance and risk programs, including:
Anti-bribery and corruption (ABAC)
The solution should be able to be easily extended to other programs as well, either existing or new. This holistic approach will mean that the organization has a single version of the truth, with clear oversight of risk across all suppliers and risk types throughout the entire enterprise. This is critical for today’s regulatory standards.
These concerns make it all the more important to understand what capabilities you should be looking for and what questions you should be asking when you are assessing TPRM providers.
Topics to ask questions about during vendor software demos include:
Introductory Questions for TPRM Software Demos
Before digging into the detailed capabilities of each software provider, there are some general questions to ask to get the process started.
Can the vendor’s system manage the current number of third-party vendors you currently have or plan to have? How easy is it to scale up?
How does the program stay current and standardized?
Will the program help connect internal stakeholders including procurement, privacy, compliance, and others so there is a standard approach to third parties?
How easy is it to change the system to stay current with regulatory or risk changes?
How quickly can the system alert internal stakeholders of potential third-party noncompliance or other issues that require action?
What kinds of efficiency improvements has the program delivered to other clients? How has it helped eliminate manual systems?
What kind of overall ROI have other clients experienced using this system?
Capabilities Questions for TPRM Software Demos
Once you’ve discussed introductory questions regarding the vendor’s software offerings, and you find that it could still be a good match for your organization’s needs, it’s important to dig into the nuts and bolts of how their program works and how it would integrate with and improve upon your current program.
A TPRM program’s configuration is central to responding quickly to the dynamic nature of third-party risk and compliance.
Questions to ask on configuration capabilities include:
How easy is it to change elements of the solution as your organization grows and evolves?
What kinds of templates does the solution provide out-of-the-box?
How often are new templates introduced?
Can the solution provide conditional workflows to adapt to third-party responses?
Can you make forms and processes dynamic and conditional?
Integration is also a key component of a TPRM program and you need to know how the vendor’s services can link to your existing systems and partners.
When on the demo, ask questions like:
What content partners does the system integrate with? Is the content supported by actionable workflow and reporting capabilities?
What will you have to do to integrate the TPRM solution with content feeds from external providers? Or with your own internal systems?
Are all connectors already in place or would you have to manually build them in?
A TPRM program isn’t much use if it’s creating more work for you. Make sure that the program not only looks and feels workable but also supports internationalization and contextualization.
Some usability questions to ask include:
How attractive and easy to use is the solution? Is it fully customizable?
Can the UI support multi-media files for third-party training and e-learning?
How intuitive is the UI?
Will the look-and-feel of the solution help or hinder adoption within your own organization and by third parties?
Can the solution be easily displayed in multiple languages and currencies?
Another cornerstone of any TPRM program is how third parties would work with it. Make sure that the program allows prospective third parties to efficiently register and provide information through a secure web portal, triggering appropriate workflows.
When discussing third-party engagement, make sure to ask about:
Does the solution provide a third-party portal? Does the UI of this reflect corporate branding?
Does the platform provide self-registration capabilities?
Is the data collection efficient, organized, and consistent?
How easy is it to create new forms and assessments to collect information from third parties?
While they are parts of third-party engagement, risk assessments, surveys, and questionnaires are critical components of your relationship with a third party.
Make sure to ask questions surrounding:
How easy is it to create an assessment or build on an existing one?
Can the system offer conditional logic and/or questions based on responses?
Can the assessments be sent out in multiple languages?
What kinds of workflows are associated with assessments to assure compliance?
Scoring and Management:
The right TPRM software vendor should provide capabilities that help you along the entire TPRM lifecycle, and provide services to help you track, score, and manage third-party activities and compliance in an easy-to-use, organized environment.
Questions for scoring management capabilities include:
How flexible and robust are the solution’s risk scoring capabilities?
Are there strong role-based approvals processes and alerts capabilities?
How proactive is the escalation/incident management functionality?
Does the solution support regular relationship reviews?
Does it make managing projects simple?
And how easy is it to pull information for audits out of the solution?
These are just some questions that can help you in navigating TPRM software demos. We have compiled a library of resources to help decision-makers determine which software solutions are good fits for their program needs. If you are interested in learning more about this process or would like to learn more about Aravo, you can contact one of our experts at any time!
Get in touch for a better approach to third-party risk management
The Definition of Better Business
Better business is built on acting with integrity. It commands better performance, delivering better efficiency, collaboration, and financial outcomes. It inspires trust. But better business is more than that – it’s about lifting the ethical standard of an entire business ecosystem to build a better world.