One of the things I pride myself on is being highly organized (is it a problem if my socks are arranged alphabetically by color?). In the ever-hectic world of a third party risk manager, you’re always juggling multiple tasks and need to leave room for the occasional surprise problem that’s thrown into the mix.
Third Party Risk Management Organizational Tricks
The only way I have found to successfully manage the non-stop swirl of activities is with some of these tricks of the trade:
1. Make extensive “To Do” lists. Set priorities and write them down. It’s important that you watch the list carefully and manage its successful conclusion of key activities. You can do this via:
- Old school approach (like me!) - on a piece of paper
- New school approach - in a handy phone or computer app. There are numerous free tools available to help you achieve your tasks. The Venminder team recommends OneNote, Google Keep, Trello, Evernote or using the built-in system from your email provider. For example, Outlook's flagging method allows you to right click on an email that you need to add to your to-dos, select the priority level of on the now flagged email and adds it to your to-do list.
- Newer school approach - a robust tracking system. Software that you use at your company might have a built-in task management system.
2. Tie certain items, like due diligence tasks, to a particular date. I recommend tying it to the most critical item you need, like 90 days after fiscal year end to make sure you have current financials or perhaps tied to certain SSAE 18 report dates - that’s certainly a step in the right direction.
3. Organize your list by function. Have notes under vendor selection, risk assessment, due diligence, contracts, reporting and ongoing monitoring. That was a good springboard toward the reports I’d do for senior management and the board which tended to focus time on each of those functions in a PowerPoint type of format.
4. Finding the way to balance the items is important. If something keeps slipping down the to-do list, does it need to be on there at all? If it does, perhaps one day just make it the number one priority and get it done and over with.
5. See if you can find someone willing to help. Teamwork and shared resources have saved me on numerous occasions!
Knowing that you have to not only address one item of third party risk but regularly manage updates to every pillar of third party risk, it definitely requires an organized approach lest something inadvertently fall out of sight.
Getting organized is difficult but once it’s a habit, it’s fairly easy to maintain. Unless you have the luxury of a large team of highly organized individuals, there’s no way to make up for a lack of organization in such a busy job.