Did you know, according to a study done by the University of Scranton, around 80 percent of people fail to keep their New Year’s resolutions? In my opinion, New Year’s resolutions are a fun way to hit the reset button and try again. Or, even improve upon something that may already be done pretty well, but could be done better. So, why do 80 percent of people fail to keep their New Year’s resolutions then? The consensus is that the resolution was something that wasn’t quite realistic in the first place. You see, that’s the key to setting a resolution. It should be a realistic goal that’s attainable.
How about you? Did you set some personal New Year resolutions? How about professional New Year resolutions? In third party risk management, preparing for the months ahead is essential for success; therefore, I think setting some realistic, attainable New Year goals is a great way to get started. Here are some of the resolutions I encourage you try if you haven’t already.
6 Third Party Risk Management Resolutions for 2020
Here are six third party risk resolutions we recommend for 2020:
- Continue to study enforcement actions often and implement best practices learned from them into your program. Reading and truly understanding the enforcement actions similar organizations to your own have been receiving will help you know what not to do (e.g., fines, penalties, requests).
- Ensure ongoing monitoring and oversight is done well. To do this, review your policy and program and verifying ongoing monitoring and oversight is included, and the requirements are clear. This year, make sure ongoing monitoring doesn’t slip through the cracks by implementing a plan to follow up with your vendors periodically, request their most current due diligence as needed, analyze the due diligence thoroughly, etc.
Quick Tip: Verify work product you’ve completed matches what you say you’ll do in your policy and program documentation. If it doesn’t, then that’s a good indication that something is awry regarding your ongoing monitoring processes.
- Do your best to document everything. Yes… everything! Set up calendar reminders to notify you 15 minutes prior to a meeting that you need to take minutes, if that’s what it takes to remember at first. In third party risk management, if it isn’t documented, then it didn’t happen. It also makes it very difficult to retrace your steps and see why you chose a certain vendor, or why you said “XYZ” to the board, etc. if you’re not documenting properly.
- Make it a priority to continue to learn. Stay educated! In an industry that’s constantly evolving and changing, you can never get enough new knowledge. Stay abreast new and updated regulations, attend industry webinars and conferences, read industry resources and continue to seek out ways to keep learning in third party risk management.
Quick Tip: There are many resources and webinars available online that are free! Track them and take credit for it in the form of year-round learning. It’s a real investment of time, money and resources.
- If you need more budget, make a plan and request it. If you need budget allocated to additional resources or tools, explain in detail why you need this, how it will help make third party risk management more efficient and/or better and propose a few options to get it done (e.g., outsource or keep in-house, etc.). It doesn’t hurt to ask.
- Make sure the six pillars of third party risk management are incorporated into your program. But, not only should they be incorporated, but is there proof they’re also being executed? Remember, these are selecting a vendor, risk assessment, due diligence, contractual standards, reporting and ongoing monitoring.
You don’t have to be part of the statistic. Setting realistic New Year resolutions like the ones you see here is something anyone can achieve. Now go out and crush your third party risk management resolutions. 10, 9, 8, 7… Happy New Year!
Make sure you have the right third party risk processes in place before the new year. Download the checklist.