Enterprise Risk Management (ERM) and Third Party Risk Management (TPRM) are are often used interchangeably, but they truly are two different functions. ERM really functions at the highest levels of the organization and takes into account all of the different areas of risk across the organization, while TPRM is a smaller subset that needs just as much attention. Listen to Third Party Thursday to learn more.
Welcome to this week’s Third Party Thursday! My name is Branan Cooper and I’m the Chief Risk Officer here at Venminder.
Today, we are going to talk a little bit about ERM vs TPRM. Now that I’ve spouted off a couple of anacronyms let me explain what those mean. ERM is Enterprise Risk Management and TPRM is Third Party Risk Management or also sometimes referred to Vendor Management.
ERM and TPRM are certainly confused in many cases and are often used interchangeably, but they truly are two totally different functions.
ERM really functions at the highest levels of the organization and takes into account all of the different areas of risk across the organization. It sets risk policy standards, determines what your risk appetite is and looks at all sorts of categories of risk such as credit risk, compliance risk, interest rate risk, numerous others depending on the lines of business.
TPRM may feed into portions of those but its certainly not all encompassing as ERM is. TPRM in many ways is sort of a subset of ERM, but TPRM also goes much much deeper into the various facets of vendor management that ERM simply doesn’t dig into in any level of detail.
TPRM for example, may dig into a lot of defining how your going to manage the compliance risk of doing business with a third party, while ERM certainly just sits at the top and informs of any changes in the overall risk profile.
Again, I’m Branan and thanks for tuning in to this week’s Third Party Thursday. If you haven’t already done so, please subscribe to our series.