Understanding Third Party GRC Maturity: Agile Stage

September 23rd, 2019 posted by Michael Rasmussen Reading Time: 4 minutes
Blog - Understanding Third Party GRC Maturity: Agile Stage

A haphazard department- and document-centric approach for third party GRC compounds the problem and does not solve it. It is time for organizations to step back and mature their third-party GRC approaches with a cross-functional and coordinated strategy and team to define and govern third party relationships. Organizations need to mature their third-party governance with an integrated strategy, process, and architecture to manage the ecosystem of third-party relationships with real-time information about third-party performance, risk, and compliance, as well as how it impacts the organization.
GRC 20/20 has developed the Third Party GRC Maturity Model to articulate maturity in the third-party GRC processes and provide organizations with a roadmap to support acceleration through their maturity journey.

There are five stages to the model:

  1. Ad Hoc 
  2. Fragmented 
  3. Defined 
  4. Integrated 
  5. Agile

Today we look at Stage 5, the Agile level of third-party GRC.

At the Agile Maturity stage, the organization has completely moved to an integrated approach to third-party GRC across the business that includes an understanding of risk and compliance in context of performance and objectives in third-party relationships. Consistent core third-party GRC processes span the entire organization and its geographies. The organization benefits from consistent, relevant, and harmonized processes for third-party governance with minimal overhead.

The Agile Maturity is where most organizations will find the greatest balance in collaborative third-party governance and oversight. It allows for some department/business function autonomy where needed, but focuses on a common governance model and architecture that the various groups in third-party governance participate in. The Agile stage increases the ability to connect, understand, analyze, and monitor interrelationships and underlying patterns of performance, risk, and compliance across third-`party relationships – as it allows different business functions to be focused on their areas while reporting into a common governance framework and architecture. Different functions participate in third-party management with a focus on coordination and collaboration through a common core architecture that integrates and plays well with other systems.

Characteristics of the Agile Maturity stage are:

Key elements that identify an organization is at the Agile stage are:

Organizations in the Agile Maturity stage answer many of the following questions affirmatively:

After reflecting on these points, it is time to next ask: is your organization at the Agile stage of Third Party GRC Maturity?

Aravo, leveraging the GRC 20/20’s Third Party GRC Maturity Model: A New Paradigm in Governing Third Party Relationships research report, has built the Third-Party Risk Management Maturity Calculator that takes this deeper and provides insight on how to improve your organization’s maturity and approach.

Maturity Calculator - Map your journey

Share with Your Friends:

Subscribe to Blog Updates

Our Expertise
Who We Help

Ready to get started?

Get in touch for a better approach to third-party risk management