950 likes | 1.9k Views
Third-Party Risk Management. ProcessUnity Walkthrough. About ProcessUnity. Risk & Compliance SIMPLIFIED. Risk & Compliance Automation. 99.9%. System Uptime 10+ Years. Third-Party Risk Management. Policy & Procedure Management. 94.8%. Customer Retention Rate. Risk Management.
E N D
Third-Party Risk Management ProcessUnity Walkthrough
About ProcessUnity Risk & Compliance SIMPLIFIED Risk & Compliance Automation 99.9% System Uptime 10+ Years Third-Party Risk Management Policy & Procedure Management 94.8% Customer Retention Rate Risk Management Compliance Management 2003 FOUNDED HQ: Concord, Massachusetts
RISK & COMPLIANCE… SIMPLIFIED DEPLOYS QUICKLY END-USERCONFIGURABLE CLOUD- BASED EASY-TO-USE INTERFACE FLEXIBLE PRICING Tiered pricing plans allow customers to purchase only the features, functions and licenses they need. Most customer implementations are completed within 30 to 45 days. SaaS-based system features automatic system updates / upgrades and includes customer support. Point-and-click interface, dashboards, alerts and online help make our tools the easiest to use. Business users can configure our tools to fit their programs and processes without calling IT.
ProcessUnity Vendor Cloud Cloud-based, Third-Party Risk Management Automation
Third-Party Risk Lifecycle Support Onboarding Performance Reviews Establish an enterprise-wide process to introduce potential providers Manage performance reviews in a consistent, manageable process Due Diligence Contract Reviews Enforce objectivity within your vendor due diligence process Create a unified process for contract management Self-Assessments SLA Monitoring Streamline the assessment process while reducing potential errors Documents KPIs, monitor activity and record observations On-Site Control Assessments Issue Management Systematically conduct and document on-site control assessments Implement a formal process for tracking vendor issues
2003 • Accessing ProcessUnity: • ProcessUnity is a single-tenant private cloud service accessed through standard web browsers. • The solution is user access controlled. FOUNDED
Personal Dashboards: • Personal Dashboards summarize information and allow users to drill through for additional report details. • Personal Dashboards are configurable.
Personal Dashboards: • Personal Dashboards summarize information and allow users to drill through for additional report details. • Personal Dashboards are configurable.
Navigation: • ProcessUnity provides four menu areas for easy navigation: • Workspace • Assessments • Reports • Settings • Security settings determine the menu items each user can view / access.
The Workspace: • Provides quick access to Subject Areas • Contains “bookmarks” for frequently used reports • Offers an easy way to navigate to documents in ProcessUnity
Assessments: • Questionnaire templates can be imported, created or modified. • SIG content can be provided. • Questionnaires can be built in the system or imported. • Questionnaires include multiple sections. • Branching and skip rules are supported. • ProcessUnity supports ‘auto-scoping’ to ensure the third party receives the appropriate set of questions based on criteria such as risk and service
Questionnaire Scoring: • Questions can be defined based on the response type. • Response types include Text, Number, Date, Pick List and Message.
Questionnaire Scoring: • Values can be assigned to responses to establish risk or simply ‘Preferred’ vs. ‘Non Preferred’ answers.
Questionnaire Scoring: • Questions can be associated to standards, frameworks or controls.
Third-Party Profiles: • Third-Party profile information is stored on centralized records. • The Vendor Risk Summary section provides updated risk and scheduling details. This information is updated automatically based on assessments being completed. • Ongoing monitoring activities are established alerts are sent when new activities are due.
Vendor Hierarchy: • Third Party records can be categorized based on the products and services provided. • Assessments and other program activities (such as metrics) can be performed at the third-party or product/service level.
Vendor Hierarchy: • Third Party records can be categorized based on the products and services provided. • Assessments and other program activities (such as metrics) can be performed at the third-party or product/service level.
Third-Party Onboarding • ProcessUnity supports multiple use cases for initiating onboarding requests: • For organizations with an established intake process facilitated in another system or via a webform: • Using its open API, ProcessUnity can import information or forms from other systems. • Request records are automatically created and routed to the appropriate risk analyst for review and scoping. • ProcessUnity also provides third-party request forms within the system: • Auto-provisioning capabilities allow business users in an SSO environment to login and complete a vendor intake form. • These “self-provisioned” user accounts will be set to a predefined lite user access role and may use the system accordingly.
Business User Access / Vendor Intake Process: • Business users can access the system and use a simple process to initiate a new vendor request. • The user experience is determined by security settings and is configurable by system admins. • Users can select the + icon to initiate a new vendor request.
Business User Access / Vendor Intake Process: • The user completes all information on request form • The Service Information section includes questions that can help drive inherent risk and necessary steps for onboarding the third party.
Business User Access / Vendor Intake Process: • Upon completion, the request is submitted for review.
Analyst Review: • Once submitted, users such as Risk Analysts receive notice of a new request. • Analysts review the request along with calculated Inherent Risk, Recommended Due Diligence and Scope.
Analyst Review: • Analysts can communicate with the requester – asking questions and responding to them. • ProcessUnity provides an efficient way for analysts to set up third-party information. • Actionable buttons can be used to set up third-party information that can be accessed with one click.
Third-Party Setup: • ProcessUnity provides an efficient way for analysts to set up third party information. • Actionable buttons can be used to access up third party information with a single click.
Third-Party Setup: • This action, using configurable business rules, will use data provided via the request form to: • Create the third-party’s profile • Create the Service • Create and activate the third-party’s contact • Auto-scope the questionnaire
Assessment Review: • Assessment Scope can be reviewed and modified by analysts.
Assessment Review: • The assessment can be sent to the third-party contact by selecting ‘send questionnaire’.
Vendor Notifications: • The Third-Party contact receives an email with a link that will take them to their portal login.
Vendor Portal: • The link will open a login screen for the third party. • If the third party has never accessed ProcessUnity, user ID and a temporary password are included in the email communication. • Third-party contacts have the ability to change/reset passwords without admin assistance.
Vendor Portal: • Vendors will see the assigned questionnaire upon login. • A summary table will display the number and percentage of questions that have been completed. • Vendors can select a section to answer questions and attach documents.
Vendor Portal: • Vendors can select responses, provide comments and attach documents. • Once completed, the vendor can select ‘submit’ which will notify the analyst for review.
Vendor Portal (Offline): • Vendors can export the questionnaire into Excel and work offline. • Responses can be captured in Excel and imported. • By selecting ‘import’, the responses will be updated in the online questionnaire.
Analyst Review: • Analysts receive emails to alert them of pending assessments. • ProcessUnity also provides status reports to access all assessments.
Analyst Review: • Status reports organize assessments by their overall status. • They also provide you with the real-time percentage to completion to gauge where your vendors are in the process. • Each assessment has a due date which is used to send reminder emails to vendors regarding approaching deadlines. Escalations can also be automated once an assessment is past due.
Analyst Review: • Analysts can review assessments through a report that will display the vendor’s response and indicate whether the response was preferred or non preferred. • Analysts can filter the report to display a specific attribute such as ‘Non Preferred.’
Analyst Review: • Analysts can review each question and perform their analysis. • If additional information is needed, they can document a follow-up request. This will be routed back to the vendor to respond. • The follow up collaboration is stored in an audit history report that is easily accessible for the analyst.
Analyst Review: • Analysts can review each question and perform their analysis. • If additional information is needed, they can document a follow-up request. This will be routed back to the vendor to respond. • The follow up collaboration is stored in an audit history report that is easily accessible for the analyst.
Analyst Conclusion: • Analysts can document their conclusion by assigning a rating, ranking the severity of the failure and describing the rationale.
Issue Management: • Issues and remediation steps can be created to document problems that have been discovered and any remediation steps expected from the vendor. • Owners and due dates are assigned to ensure responsible parties are notified of the assignment and any approaching deadlines.
Assessment Rating: • Once the review is complete, consolidated results can be reviewed on the assessment. • Assessment ratings can be automatically calculated based on various methods such as scoring or the number of issues discovered. • Assessments can be routed to stakeholders for internal approval.