Extended Enterprise Risk and Compliance: Managing the Approach

I wrote a blog post last summer on the topic of Extended Enterprise Risk Management and it is still a top-of-mind initiative for most companies. The highly regarded GRC visionary Michael Rasmussen, CEO at Corporate Integrity recently posted the Ultimate 3rd Party/Supply-Chain Risk & Compliance Management Platform article to his blog and makes some great points that I wanted to expand upon.

Axentis has worked with a number of customers on developing a practical approach using its single GRC application to manage risk and compliance across thousands of third-parties relative to the exposures present within those relationships.

Can the ultimate risk and compliance management platform be an enabler for improved efficiency and effectiveness? absolutely. Can lessons be learned and applied from others who have created an effective and efficient process? absolutely.

Some of the key elements of successful approaches I would add to the list to managing these 3rd Party risk and compliance challenges are;

* A process of applying risk ratings to vendors, suppliers, etc based on various criteria, like dollars paid, criticality to production, regulations supplier is subject to, etc.

* Associating various risk oriented processes, policies and procedures to them based on risk ratings

* Integrating compliance and risk management assessment functions with the contracting processes

* Integrating third-party user provisioning with compliance training

I produced a white paper last year: Managing Risk in the Extended Enterprise that more clearly articulates the elements needed to effectively manage extended enterprise risk that is still relevant today.

If you’d like to explore this solution further, take a look at the white paper I have prepared and if you like, contact me directly to discuss in more detail.

I’d be interested to hear about similar approaches that you have taken or other effective ways you have constructed to manage and oversee your extended enterprise risk.