CUSTOMER PORTAL
In a recent edition of Risk Hotseat we put Brian Carroll on the spot, Director of Product Success at Aravo. Carroll shares his insights on what it takes to implement successful TPRM programs and key ways third-party risk software and capabilities will need to evolve to meet customer demands.
Hi, my name is Brian Carroll, Director of Product Success here at Aravo, and today is my turn on the Risk Hotseat. Iโve been at Aravo for about six years now and I started on our Professional Services team. Iโve both run and sold implementation projects, and more recently, Iโve worked with our product team to work as the voice of our customer into the product organization, and also to work with our customers on a one-by-one basis to map out programs that deliver the most value. Letโs dive in!
Stating the obvious: a solid implementation is critical. You can buy an A-plus tool, but if you have a C-minus implementation, now you have a C-minus tool. This starts with planning. Internally, you need to understand your organizational culture. How do you make decisions? Who are your stakeholders? What are your priorities? And then externally, how are you going to work with Aravo? What does your roadmap look like, to take you from where you are to where you want to be in the future?
You need to set the right expectations, both internally and externally. We need to make sure that both teams are aligned prior to starting our implementation journey. We need to balance the duration of our projects, the scope of the projects, and the budget that you have in place for them.
Once we do balance those three things, Aravo can deliver a tool that brings value to your organization and confidence that youโre doing business with the right people. But all of that starts with strategy. So, thereโs a lot of conversation, a lot of thought that needs to go into planning out your program before we start pushing buttons in the system and configuring it to your needs.
From a technology perspective, lots of customers are wanting to do more with their data. Theyโre collecting lots of great data from many, many, many third parties, but they need ways to crunch those numbers. Whether that is through using trending over time, or whether that is looking at geographical risk and organizing it that way, lots of our customers are looking at ways to understand the breadth of their data a little bit better.
Theyโre also looking for strategies to improve third-party participation. Survey fatigue is a real thing. Lots of these third parties that youโre working with are being assessed by our customers on a frequent basis, and theyโre being assessed by all of their other customers on a frequent basis as well. Lots of these third parties have been through the gauntlet of filling out lots and lots of assessments. So, our customers are seeing some pushback. We need to help our customers find ways to get the information they need to ensure that theyโre working in a compliant environment while also making sure that their third parties are not bogged down by dozens of assessments and thousands of questions to work through.
Weโre also spending a lot of time working with our customers on efficiency. How do we build faster turnaround times into your due diligence processes? Is that reducing the number of touch points? Is that reducing the volume of assessments that weโre doing or the volume of questions within those assessments? Is it making sure that weโre routing it to the right people within the customer organization, but not too many people within the customer organization? Thereโs lots of things that we can look at and tweak to make things more efficient, but thatโs been a growing priority among our customer base in recent months and years.
Number one, I would say regulatory compliance, particularly in the EU. We have seen lots of new regulations governing third-party risk management in the EU in the last couple of years. It seems like every country has slightly different flavors of what theyโre looking for there. For our global customers, itโs a challenge to manage the rapidly changing regulatory environment. So, weโve been working with lots of our customers to update assessments and make sure that theyโre covering all of the topics they need to cover with their third-party base to make sure that theyโre compliant across all of these different governing bodies.
Second, I think Environmental, Social, Governance (ESG) is one that weโre hearing about more and more as time goes on. That term has become more common over the last few years, but I think weโre starting to see more action around it as well. Itโs important to make sure that the people youโre doing business with are doing their business responsibly. When a customer is tied back to somebody that is a bad actor, that can reflect negatively in the media or with governing bodies as well. So, itโs important to have an understanding of how your third parties behave in the marketplace.
Number one, we talked a little bit about improving our third-party participation, and one of the strategies for doing that is an intelligence-first approach. Itโs going out there and gathering some of that external data and putting it into a supplier profile before weโve gone out and done a whole bunch of assessments and a whole bunch of due diligence. So, youโve got a more robust starting point when assessing your suppliers. What weโre finding is that idea helps to increase efficiency, helps to increase confidence that the due diligence that youโre doing is necessary, and maybe tailored a little bit better to the business that youโre doing with that third party.
Alongside that, we need to see better collaboration between major suppliers and their customers. We touched on this a little bit earlier, that we have third parties that are working with many, many customers doing many, many assessments. So, we need to help them find better ways to connect those things so that theyโre not just repeating themselves over and over. Letโs help our customers be confident that theyโre doing business with the right people, and letโs help those right people not be bogged down with assessments constantly. Weโre working on some strategies both product-wise and process-wise with our customers that will help to mitigate those things, and I think thatโs a real growth area for us in the future.
This interview has been edited for length and clarity.
Share with Your Friends: