Ask the Expert: What is the Board asking audit teams concerning Nth-party risk?
Dawn Ward, Senior Solution Consultant at Iceberg Networks and Chris Murphey, VP Advisory Services at Iceberg Networks, discuss what the Board of Directors is asking internal audit teams around Nth-party risk. The following is an edited transcript of the conversation.
Chris Murphey: The Board is broadening their horizons, just like internal teams are doing, that is what’s pushing down to them. The Board is asking organizations to really think about the impacts at the top level and the top lines of the organization. You think risk management teams are fundamentally focused on what can go wrong, but if you spend a little more time on defining “how wrong it could be” and where that could affect us. Thinking about things like supply chain resilience, Nth-party risk, about how your suppliers affect your actual value and supply chain and your distribution, those are the broader, wider thoughts, and it’s forcing organizations to actually govern in a more shared manner. That shared governance model is what Boards are asking their organizations for and to really think about as they protect themselves for the future.
Dawn Ward: I agree with everything that you just said and when you tell that story, it has to be a story. When you go to the leadership boards and you’re talking about this, it has to paint a picture for them that is very tangible. Being able to set the stage on the impacts and do it in a way where you’re telling that broader story for consideration across the organization.
Chris Murphey: Another thing that comes to mind is that Boards are asking organizations to articulate through that story that Dawn said, the bigger picture, the bigger outcome. Maybe organizations are being impacted by getting insurance for their business through the lack of depth and breadth of their third-party risk management program under audit, compliance and enterprise risk management programs. They need to find a way to tie into the bigger organizational problems that really protect the longevity of the organization and what the Board is thinking about everyday.