In a recent edition of Risk Hotseat we put Brian Carroll on the spot, Director of Product Success at Aravo. Carroll shares his insights on what it takes to implement successful TPRM programs and key ways third-party risk software and capabilities will need to evolve to meet customer demands.
Hi, my name is Brian Carroll, Director of Product Success here at Aravo, and today is my turn on the Risk Hotseat. I’ve been at Aravo for about six years now and I started on our Professional Services team. I’ve both run and sold implementation projects, and more recently, I’ve worked with our product team to work as the voice of our customer into the product organization, and also to work with our customers on a one-by-one basis to map out programs that deliver the most value. Let’s dive in!
Stating the obvious: a solid implementation is critical. You can buy an A-plus tool, but if you have a C-minus implementation, now you have a C-minus tool. This starts with planning. Internally, you need to understand your organizational culture. How do you make decisions? Who are your stakeholders? What are your priorities? And then externally, how are you going to work with Aravo? What does your roadmap look like, to take you from where you are to where you want to be in the future?
You need to set the right expectations, both internally and externally. We need to make sure that both teams are aligned prior to starting our implementation journey. We need to balance the duration of our projects, the scope of the projects, and the budget that you have in place for them.
Once we do balance those three things, Aravo can deliver a tool that brings value to your organization and confidence that you’re doing business with the right people. But all of that starts with strategy. So, there’s a lot of conversation, a lot of thought that needs to go into planning out your program before we start pushing buttons in the system and configuring it to your needs.
From a technology perspective, lots of customers are wanting to do more with their data. They’re collecting lots of great data from many, many, many third parties, but they need ways to crunch those numbers. Whether that is through using trending over time, or whether that is looking at geographical risk and organizing it that way, lots of our customers are looking at ways to understand the breadth of their data a little bit better.
They’re also looking for strategies to improve third-party participation. Survey fatigue is a real thing. Lots of these third parties that you’re working with are being assessed by our customers on a frequent basis, and they’re being assessed by all of their other customers on a frequent basis as well. Lots of these third parties have been through the gauntlet of filling out lots and lots of assessments. So, our customers are seeing some pushback. We need to help our customers find ways to get the information they need to ensure that they’re working in a compliant environment while also making sure that their third parties are not bogged down by dozens of assessments and thousands of questions to work through.
We’re also spending a lot of time working with our customers on efficiency. How do we build faster turnaround times into your due diligence processes? Is that reducing the number of touch points? Is that reducing the volume of assessments that we’re doing or the volume of questions within those assessments? Is it making sure that we’re routing it to the right people within the customer organization, but not too many people within the customer organization? There’s lots of things that we can look at and tweak to make things more efficient, but that’s been a growing priority among our customer base in recent months and years.
Number one, I would say regulatory compliance, particularly in the EU. We have seen lots of new regulations governing third-party risk management in the EU in the last couple of years. It seems like every country has slightly different flavors of what they’re looking for there. For our global customers, it’s a challenge to manage the rapidly changing regulatory environment. So, we’ve been working with lots of our customers to update assessments and make sure that they’re covering all of the topics they need to cover with their third-party base to make sure that they’re compliant across all of these different governing bodies.
Second, I think Environmental, Social, Governance (ESG) is one that we’re hearing about more and more as time goes on. That term has become more common over the last few years, but I think we’re starting to see more action around it as well. It’s important to make sure that the people you’re doing business with are doing their business responsibly. When a customer is tied back to somebody that is a bad actor, that can reflect negatively in the media or with governing bodies as well. So, it’s important to have an understanding of how your third parties behave in the marketplace.
Number one, we talked a little bit about improving our third-party participation, and one of the strategies for doing that is an intelligence-first approach. It’s going out there and gathering some of that external data and putting it into a supplier profile before we’ve gone out and done a whole bunch of assessments and a whole bunch of due diligence. So, you’ve got a more robust starting point when assessing your suppliers. What we’re finding is that idea helps to increase efficiency, helps to increase confidence that the due diligence that you’re doing is necessary, and maybe tailored a little bit better to the business that you’re doing with that third party.
Alongside that, we need to see better collaboration between major suppliers and their customers. We touched on this a little bit earlier, that we have third parties that are working with many, many customers doing many, many assessments. So, we need to help them find better ways to connect those things so that they’re not just repeating themselves over and over. Let’s help our customers be confident that they’re doing business with the right people, and let’s help those right people not be bogged down with assessments constantly. We’re working on some strategies both product-wise and process-wise with our customers that will help to mitigate those things, and I think that’s a real growth area for us in the future.
This interview has been edited for length and clarity.
Share with Your Friends:
