- About Us
- Request Demo
A haphazard department and document centric approach for third party GRC compounds the problem and does not solve it. It is time for organizations to step back and mature their third party GRC approaches with a cross-functional and coordinated strategy and team to define and govern third party relationships. Organizations need to mature their third party governance with an integrated strategy, process, and architecture to manage the ecosystem of third party relationships with real-time information about third party performance, risk, and compliance, as well as how it impacts the organization.
GRC 20/20 has developed the Third Party GRC Maturity Model to articulate maturity in the Third Party GRC processes and provide organizations with a roadmap to support acceleration through their maturity journey.
There are five stages to the model:
1. Ad Hoc
Today we look at Stage 1, the Ad Hoc level of Third Party GRC
Organizations at the Ad Hoc stage of maturity have siloed approaches to third-party governance, risk and compliance at the department level. Businesses at this stage do not understand risk and exposure in third party relationships; few if any resources are allocated to third party governance. The organization addresses third party GRC in a reactive mode — doing assessments when forced to. There is no ownership or monitoring of risk and compliance, and certainly no integration of risk and compliance information and processes in context of third party performance.
Characteristics of the Ad Hoc Maturity stage are:
Key elements that identify an organization is at the Ad Hoc stage are:
Organizations in the Ad Hoc stage are very much in reactive mode and are likely to answer many of the following in the affirmative:
After reflecting on these points, it is time to next ask: is your organization at the Ad Hoc stage of Third Party GRC Maturity?
Aravo, leveraging the GRC 20/20’s Third Party GRC Maturity Model: A New Paradigm in Governing Third Party Relationships research report, has built the Third-Party Risk Management Maturity Calculator that takes this deeper and provides insight on how to improve your organization’s maturity and approach.