For this edition of Risk Hotseat, we sit down with Scott Eggleston who leads the Solutions Consulting Team at Aravo. He shares his thoughts on a handful of topics related to third-party risk management and TPRM software.
Most of our clients begin with traditional risk domains that we’re all familiar with: financial viability, information security or cyber, ethics or anti-bribery/anti-corruption, and sometimes data privacy. Then, they move into other areas, often specific to their own jurisdictions or industry sectors.
It’s not a new dimension, but forward-thinking risk management professionals are adding performance management to their slate of risk domains. They are incorporating both quantitative and qualitative measures in both automated and ad-hoc processes, where they’re including multi-stakeholder surveys and involving third parties in those questionnaire processes. This is commonly known as dual score-carding in the industry. We see this as a key risk domain that’s increasing as we move forward.
Having a single source of truth across all the different types of third parties you have, that’s automatically orchestrated, automatically validated with your choice of trusted external data providers, and continuously monitored by the system according to your business rules. And of course it needs to be aligned with a variety of external and/or internal regulatory standards, and give you transparency across the entire process, from registration to offboarding, and everything in between.
It’s really invaluable. Whether it’s graphical documentation of your business processes, risk scoring and reporting, or internal or external regulators, Aravo has you covered. Bottom line, these capabilities enable you to manage all third-party types on an exception basis, generating the appropriate types of documentation and visibility that you need along the way, so that you truly can do more with less across your third-party ecosystem.
The technology itself is table stakes for a successful TPRM program. It’s expected. A proper implementation is actually the most important criteria that you can have. We found that when a company focuses more on the “how”, meaning the actual deployment, versus just the functional requirements, have higher satisfaction and lower time to value, and we have the metrics to prove that
You might find it interesting that many of our clients come to us from a failed deployment or a deployment that really never got off the ground with another provider. We do partner with a number of external best-in-class implementation partners, but many of our clients actually deploy our system using our professional services team.
AI is already reshaping many aspects of the world. Will its effect on TPRM follow a similar path? At Aravo we believe that AI for TPRM is best viewed and utilized as augmented intelligence. We really want to leverage the power of big data and machine learning in ways that enable predictive, prescriptive, and consistent risk management via controlled applications.
So, we’re not replacing human involvement. No one’s comfortable with that. We are enabling the system to handle more of the heavy lifting than we ever thought was possible and saving the truly nuanced tasks for business professionals only when they’re absolutely needed. We see this as the current state, at least for the medium term. Who knows as we move forward into the distant horizon, but that’s where our customers are focused right now.
Share with Your Friends:
