A third party is any entity with which your organization has an actual or implied contractual relationship for the receipt of goods and services. Besides being called a third party, these relationships may also be known as vendors or suppliers. An Engagement refers to the actual product or service being received by way of a contract with a third party.
RSA Archer Third Party Engagement provides organizations the capability to inventory all of the product and service engagements they are receiving from third parties. Engagements can be mapped to the third parties supplying the product or service, and to the organization’s business units and business processes they support. Third party contacts can be documented and accountability for third party engagements can be established by named individual and by the business units that own the relationship. If you are utilizing the RSA Archer Third Party Engagement, Risk Management, and Governance use cases then the risk and performance of individual engagements can be established and risk and performance information can be rolled-up across all products and services delivered by a third party; and depicting it in aggregate at the appropriate third party organizational level.
Third parties may relate, to some degree, with every aspect of an organization. They may impact your organization’s objectives and they support, in one way or another, the products and services your organization delivers. They support business processes, introduce risk and affect and supplement the extended internal control environment of your organization. They may provide assets and inputs to the organization such as hardware, software, physical space, and product inputs. Acting as an agent of your extended organization, they are subject to your regulatory obligations and policies, and they may directly supplement your human resources through consultants and temporary labor, or extend your human resources by the nature of the services that they are providing. You may have third parties that touch on every one of these elements of your business.
There are numerous reasons organizations choose to engage third parties. These include competing better; benefiting from a vendor’s expertise that you don’t have in-house; optimizing resources, acquiring resources (often more cheaply), transferring risk such as under insurance, and expanding market share by capitalizing on the third party’s presence in a market where you don’t currently have a presence, or by offering a more attractive product or service because of the third party’s expertise and capabilities.
Third parties are an extension of your business and, in the end, third parties introduce the same risk to your organization as if you internalized the activities. In most cases, it is impossible to eliminate the risk altogether. The best you can do is understand the risk and manage it within acceptable levels.
RSA Archer offers the Third Party Engagement use case to consolidate the list of third party products and services your organization uses.
Key features include:
- Catalog third parties, their business hierarchy, and the product and services engagements they deliver to your organization
- Map third party products and services to the business processes they support
- Roll up engagement risk assessments to obtain an overall third party risk profile
- Catalog contracts and master services agreements associated with engagements
- Execute contract risk assessments utilizing standardized questionnaires focused on minimum required contract language to mitigate and transfer risk
- Capture the third party’s proof of insurance and evaluate the adequacy of the insurance relative to all of the engagements being delivered
- Integrate the results of your business process impact analysis into your assessment of the inherent resiliency risk of each third party
- Establish accountability for each third party engagement
- Document and monitor remediation plans to bring risk within acceptable tolerance
- Track exceptions related to third party engagements
With RSA Archer Third Party Engagement, you can:
- Establish efficient management of your third party relationships
- Know where, how, and why third parties are being used throughout your organization, and who is responsible
- Identify inherently high risk third party products, services, and relationships
- Better understand the adequacy of each third party’s proof of insurance,
- Have fewer third party-related audit and regulatory findings
- Establish the basis for an effective third party risk management program and allocation of scarce resources based on the most significant priorities
- Provide transparency into third party relationships using robust notifications and reporting
- Provide positive assurance to senior management, the Board, and regulators regarding the adequacy of the organization’s third party governance program
Today, organizations are faced with complex and fast moving challenges exacerbated by the very nature of rapidly expanding third party relationships. The RSA Archer Third Party Engagement is one element of an effective Integrated Risk Management program. Stressing the agility and flexibility needed by today’s modern organizations, integrated risk management brings together the various domains of risk across business activities (horizontally), connecting the activities to the strategies and objectives of the organization on an aggregated basis (vertically). This approach to risk management provides leadership with the most holistic understanding of risk facing the organization so they can make truly informed decisions about where to deploy limited capital and human resources to produce the most effective return to the organization.
As your company drives business growth through an extended business ecosystem strategy, your risk management program must evolve and manage risk with more agility and integration than before. Managing third party risk and performance is one ingredient to showing real progress and improvement and decreasing business risk. RSA Archer can help your organization better understand and manage its third party relationships on one configurable, integrated software platform. With RSA Archer solutions, organizations can efficiently implement risk management processes using industry standards and best practices and significantly improve their business risk management maturity.