Iceberg recently worked with a large U.S. financial organization to centralize and automate a number of Third Party Risk Management (TPRM) processes within a GRC solution, in order to achieve greater efficiency and effectiveness.
Many of the organization’s vendor risk management activities were being done using tools like Excel, Sharepoint and PeopleSoft, posing a number of challenges including:
- Overall vendor management. Getting an accurate, centralized view of all engagements for a vendor was difficult, and there was no way to aggregate risk scores between engagements. Information about vendors was disjointed in numerous spreadsheets and internal documents.
- Risk assessments. The Excel-based questionnaire had become unwieldy because of the sheer volume of questions, answers, reviews, and comments (in some cases covering nearly 1,000 control questions) and they were having trouble scaling this approach due to the number of engagements. The organization needed a logic-based questionnaire to reduce the complexity of the assessment process.
With the new solution, the organization wanted to be able to answer these three key questions for their executives:
- Which vendors represent the greatest risk to our organization?
- How are we mitigating vendor risk?
- Are we adhering to regulator demands?
The organization chose Iceberg because of our extensive experience implementing GRC solutions for financial organizations, including third party risk management. The depth of our GRC development team was ideally suited for their requirements.