With Rising Regulatory Pressures, Risk Programs are Running Hard to Stay in Place
Santa Fe Group’s Gary Roboff and Protiviti’s Paul Kooney discuss today’s increasingly fraught risk environment. Among the findings from a recent study: There’s a growing need for robust third-party risk management and greater board engagement.
Increasing risk and regulatory pressure pose severe challenges to vendor risk management programs and largely offset gains in program effectiveness and efficiency, according to the just-released 2019 Vendor Risk Management Benchmark Study. From The Shared Assessments Program and Protiviti, this fifth-year Benchmarking Study is based on the Shared Assessments Vendor Risk Management Maturity Model (VRMMM), the industry standard reference in determining third-party risk management (TPRM) practice maturity.
The 2019 VRMMM recognizes eight broad categories of performance and incorporates 211 detailed practice criteria, an increase of 81 criteria over the prior edition of the VRMMM. These additional criteria enable exploration of a range of important focus areas, including continuous monitoring, cybersecurity, fourth-party risk management, privacy, resource allocation and optimization and more. The 2019 study by Shared Assessments and Protiviti was conducted during the third quarter of 2018 and is aligned with the updated 2019 VRMMM.
Only four in 10 participating organizations in the 2019 study suggested their vendor risk management programs operate at an acceptable level of maturity. Furthermore, almost one-third have either no TPRM programs or field programs with only ad hoc practices. Maturity scores in the eight VRMMM practice categories were stagnant this year.
Source: Disaster Recovery Journal With Rising Regulatory Pressures, Risk Programs are Running Hard to Stay in Place