Risk Hotseat: TPRM Implementation & Software Capabilities

July 2nd, 2024 Brian Carroll Reading Time: 4 minutes
Riskhotseat Blogfeaturedimg1200x628

In a recent edition of Risk Hotseat we put Brian Carroll on the spot, Director of Product Success at Aravo. Carroll shares his insights on what it takes to implement successful TPRM programs and key ways third-party risk software and capabilities will need to evolve to meet customer demands.

Hi, my name is Brian Carroll, Director of Product Success here at Aravo, and today is my turn on the Risk Hotseat. I’ve been at Aravo for about six years now and I started on our Professional Services team. I’ve both run and sold implementation projects, and more recently, I’ve worked with our product team to work as the voice of our customer into the product organization, and also to work with our customers on a one-by-one basis to map out programs that deliver the most value. Let’s dive in!

How important is proper implementation for building successful TPRM programs?

Stating the obvious: a solid implementation is critical. You can buy an A-plus tool, but if you have a C-minus implementation, now you have a C-minus tool. This starts with planning. Internally, you need to understand your organizational culture. How do you make decisions? Who are your stakeholders? What are your priorities? And then externally, how are you going to work with Aravo? What does your roadmap look like, to take you from where you are to where you want to be in the future?

You need to set the right expectations, both internally and externally. We need to make sure that both teams are aligned prior to starting our implementation journey. We need to balance the duration of our projects, the scope of the projects, and the budget that you have in place for them.

Once we do balance those three things, Aravo can deliver a tool that brings value to your organization and confidence that you’re doing business with the right people. But all of that starts with strategy. So, there’s a lot of conversation, a lot of thought that needs to go into planning out your program before we start pushing buttons in the system and configuring it to your needs.

What are some of the top TPRM software capabilities that customers are asking for to meet their business needs?

From a technology perspective, lots of customers are wanting to do more with their data. They’re collecting lots of great data from many, many, many third parties, but they need ways to crunch those numbers. Whether that is through using trending over time, or whether that is looking at geographical risk and organizing it that way, lots of our customers are looking at ways to understand the breadth of their data a little bit better.

They’re also looking for strategies to improve third-party participation. Survey fatigue is a real thing. Lots of these third parties that you’re working with are being assessed by our customers on a frequent basis, and they’re being assessed by all of their other customers on a frequent basis as well. Lots of these third parties have been through the gauntlet of filling out lots and lots of assessments. So, our customers are seeing some pushback. We need to help our customers find ways to get the information they need to ensure that they’re working in a compliant environment while also making sure that their third parties are not bogged down by dozens of assessments and thousands of questions to work through.

We’re also spending a lot of time working with our customers on efficiency. How do we build faster turnaround times into your due diligence processes? Is that reducing the number of touch points? Is that reducing the volume of assessments that we’re doing or the volume of questions within those assessments? Is it making sure that we’re routing it to the right people within the customer organization, but not too many people within the customer organization? There’s lots of things that we can look at and tweak to make things more efficient, but that’s been a growing priority among our customer base in recent months and years.

What’s a new or evolving risk domain that TPRM technology will need to cover or help manage in the near future?

Number one, I would say regulatory compliance, particularly in the EU. We have seen lots of new regulations governing third-party risk management in the EU in the last couple of years. It seems like every country has slightly different flavors of what they’re looking for there. For our global customers, it’s a challenge to manage the rapidly changing regulatory environment. So, we’ve been working with lots of our customers to update assessments and make sure that they’re covering all of the topics they need to cover with their third-party base to make sure that they’re compliant across all of these different governing bodies.

Second, I think Environmental, Social, Governance (ESG) is one that we’re hearing about more and more as time goes on. That term has become more common over the last few years, but I think we’re starting to see more action around it as well. It’s important to make sure that the people you’re doing business with are doing their business responsibly. When a customer is tied back to somebody that is a bad actor, that can reflect negatively in the media or with governing bodies as well. So, it’s important to have an understanding of how your third parties behave in the marketplace.

How do you see the future of implementation evolving to meet these challenges?

Number one, we talked a little bit about improving our third-party participation, and one of the strategies for doing that is an intelligence-first approach. It’s going out there and gathering some of that external data and putting it into a supplier profile before we’ve gone out and done a whole bunch of assessments and a whole bunch of due diligence. So, you’ve got a more robust starting point when assessing your suppliers. What we’re finding is that idea helps to increase efficiency, helps to increase confidence that the due diligence that you’re doing is necessary, and maybe tailored a little bit better to the business that you’re doing with that third party.

Alongside that, we need to see better collaboration between major suppliers and their customers. We touched on this a little bit earlier, that we have third parties that are working with many, many customers doing many, many assessments. So, we need to help them find better ways to connect those things so that they’re not just repeating themselves over and over. Let’s help our customers be confident that they’re doing business with the right people, and let’s help those right people not be bogged down with assessments constantly. We’re working on some strategies both product-wise and process-wise with our customers that will help to mitigate those things, and I think that’s a real growth area for us in the future.

Watch Brian’s full Risk Hotseat interview here, and stayed tuned for our next discussion with more Aravo experts!

This interview has been edited for length and clarity.

Brian Carroll

Brian is currently the Director of Product Success at Aravo Solutions working closely with customers to ensure they are enabled to take advantage of the Aravo platform to excel their Third-Party Risk Programs. Brian’s experience at Aravo adds to his over a decade of work and knowledge in consulting with organizations in implementing solutions to create efficiency and maturity.

Brian holds a B.A. in Management & Society from University of North Carolina at Chapel Hill; which he can also discuss with you in Spanish, as he additionally received a B.A. in Spanish as well.

A believer in work-life-balance, Brian spends his spare time enjoying cycling and shuttling his kids to sporting practices and games.

Brian is currently the Director of Product Success at Aravo Solutions working closely with customers to ensure they are enabled to take advantage of the Aravo platform to excel their Third-Party Risk Programs. Brian’s experience at Aravo adds to his over a decade of work and knowledge in consulting with organizations in implementing solutions to create efficiency and maturity.

Share with Your Friends:

Subscribe to Blog Updates

Our Expertise
Who We Help

Ready to get started?

Get in touch for a better approach to third-party risk management