1 / 62

Third-Party Risk Management

Third-Party Risk Management. ProcessUnity Walkthrough. About ProcessUnity. Risk & Compliance SIMPLIFIED. Risk & Compliance Automation. 99.9%. System Uptime 10+ Years. Third-Party Risk Management. Policy & Procedure Management. 94.8%. Customer Retention Rate. Risk Management.

devaki
Download Presentation

Third-Party Risk Management

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Third-Party Risk Management ProcessUnity Walkthrough

  2. About ProcessUnity Risk & Compliance SIMPLIFIED Risk & Compliance Automation 99.9% System Uptime 10+ Years Third-Party Risk Management Policy & Procedure Management 94.8% Customer Retention Rate Risk Management Compliance Management 2003 FOUNDED HQ: Concord, Massachusetts

  3. RISK & COMPLIANCE… SIMPLIFIED DEPLOYS QUICKLY END-USERCONFIGURABLE CLOUD- BASED EASY-TO-USE INTERFACE FLEXIBLE PRICING Tiered pricing plans allow customers to purchase only the features, functions and licenses they need. Most customer implementations are completed within 30 to 45 days. SaaS-based system features automatic system updates / upgrades and includes customer support. Point-and-click interface, dashboards, alerts and online help make our tools the easiest to use. Business users can configure our tools to fit their programs and processes without calling IT.

  4. ProcessUnity Vendor Cloud Cloud-based, Third-Party Risk Management Automation

  5. Third-Party Risk Lifecycle Support Onboarding Performance Reviews Establish an enterprise-wide process to introduce potential providers Manage performance reviews in a consistent, manageable process Due Diligence Contract Reviews Enforce objectivity within your vendor due diligence process Create a unified process for contract management Self-Assessments SLA Monitoring Streamline the assessment process while reducing potential errors Documents KPIs, monitor activity and record observations On-Site Control Assessments Issue Management Systematically conduct and document on-site control assessments Implement a formal process for tracking vendor issues

  6. Getting Started

  7. 2003 • Accessing ProcessUnity: • ProcessUnity is a single-tenant private cloud service accessed through standard web browsers. • The solution is user access controlled. FOUNDED

  8. Personal Dashboards: • Personal Dashboards summarize information and allow users to drill through for additional report details. • Personal Dashboards are configurable.

  9. Personal Dashboards: • Personal Dashboards summarize information and allow users to drill through for additional report details. • Personal Dashboards are configurable.

  10. Navigation: • ProcessUnity provides four menu areas for easy navigation: • Workspace • Assessments • Reports • Settings • Security settings determine the menu items each user can view / access.

  11. The Workspace: • Provides quick access to Subject Areas • Contains “bookmarks” for frequently used reports • Offers an easy way to navigate to documents in ProcessUnity

  12. Assessments

  13. Assessments: • Questionnaire templates can be imported, created or modified. • SIG content can be provided. • Questionnaires can be built in the system or imported. • Questionnaires include multiple sections. • Branching and skip rules are supported. • ProcessUnity supports ‘auto-scoping’ to ensure the third party receives the appropriate set of questions based on criteria such as risk and service

  14. Questionnaire Scoring: • Questions can be defined based on the response type. • Response types include Text, Number, Date, Pick List and Message.

  15. Questionnaire Scoring: • Values can be assigned to responses to establish risk or simply ‘Preferred’ vs. ‘Non Preferred’ answers.

  16. Questionnaire Scoring: • Questions can be associated to standards, frameworks or controls.

  17. Third-Party Profiles

  18. Third-Party Profiles: • Third-Party profile information is stored on centralized records. • The Vendor Risk Summary section provides updated risk and scheduling details. This information is updated automatically based on assessments being completed. • Ongoing monitoring activities are established alerts are sent when new activities are due.

  19. Vendor Hierarchy: • Third Party records can be categorized based on the products and services provided. • Assessments and other program activities (such as metrics) can be performed at the third-party or product/service level.

  20. Vendor Hierarchy: • Third Party records can be categorized based on the products and services provided. • Assessments and other program activities (such as metrics) can be performed at the third-party or product/service level.

  21. Vendor Onboarding

  22. Third-Party Onboarding • ProcessUnity supports multiple use cases for initiating onboarding requests: • For organizations with an established intake process facilitated in another system or via a webform: • Using its open API, ProcessUnity can import information or forms from other systems. • Request records are automatically created and routed to the appropriate risk analyst for review and scoping. • ProcessUnity also provides third-party request forms within the system: • Auto-provisioning capabilities allow business users in an SSO environment to login and complete a vendor intake form. • These “self-provisioned” user accounts will be set to a predefined lite user access role and may use the system accordingly.

  23. Business User Access / Vendor Intake Process: • Business users can access the system and use a simple process to initiate a new vendor request. • The user experience is determined by security settings and is configurable by system admins. • Users can select the + icon to initiate a new vendor request.

  24. Business User Access / Vendor Intake Process: • The user completes all information on request form • The Service Information section includes questions that can help drive inherent risk and necessary steps for onboarding the third party.

  25. Business User Access / Vendor Intake Process: • Upon completion, the request is submitted for review.

  26. Analyst Reviews

  27. Analyst Review: • Once submitted, users such as Risk Analysts receive notice of a new request. • Analysts review the request along with calculated Inherent Risk, Recommended Due Diligence and Scope.

  28. Analyst Review: • Analysts can communicate with the requester – asking questions and responding to them. • ProcessUnity provides an efficient way for analysts to set up third-party information. • Actionable buttons can be used to set up third-party information that can be accessed with one click.

  29. Third-Party Setup

  30. Third-Party Setup: • ProcessUnity provides an efficient way for analysts to set up third party information. • Actionable buttons can be used to access up third party information with a single click.

  31. Third-Party Setup: • This action, using configurable business rules, will use data provided via the request form to: • Create the third-party’s profile • Create the Service • Create and activate the third-party’s contact • Auto-scope the questionnaire

  32. Assessment Reviews

  33. Assessment Review: • Assessment Scope can be reviewed and modified by analysts.

  34. Assessment Review: • The assessment can be sent to the third-party contact by selecting ‘send questionnaire’.

  35. Vendor Portal

  36. Vendor Notifications: • The Third-Party contact receives an email with a link that will take them to their portal login.

  37. Vendor Portal: • The link will open a login screen for the third party. • If the third party has never accessed ProcessUnity, user ID and a temporary password are included in the email communication. • Third-party contacts have the ability to change/reset passwords without admin assistance.

  38. Vendor Portal: • Vendors will see the assigned questionnaire upon login. • A summary table will display the number and percentage of questions that have been completed. • Vendors can select a section to answer questions and attach documents.

  39. Vendor Portal: • Vendors can select responses, provide comments and attach documents. • Once completed, the vendor can select ‘submit’ which will notify the analyst for review.

  40. Vendor Portal (Offline): • Vendors can export the questionnaire into Excel and work offline. • Responses can be captured in Excel and imported. • By selecting ‘import’, the responses will be updated in the online questionnaire.

  41. Analyst Reviews

  42. Analyst Review: • Analysts receive emails to alert them of pending assessments. • ProcessUnity also provides status reports to access all assessments.

  43. Analyst Review: • Status reports organize assessments by their overall status. • They also provide you with the real-time percentage to completion to gauge where your vendors are in the process. • Each assessment has a due date which is used to send reminder emails to vendors regarding approaching deadlines. Escalations can also be automated once an assessment is past due.

  44. Analyst Review: • Analysts can review assessments through a report that will display the vendor’s response and indicate whether the response was preferred or non preferred. • Analysts can filter the report to display a specific attribute such as ‘Non Preferred.’

  45. Analyst Review: • Analysts can review each question and perform their analysis. • If additional information is needed, they can document a follow-up request. This will be routed back to the vendor to respond. • The follow up collaboration is stored in an audit history report that is easily accessible for the analyst.

  46. Analyst Review: • Analysts can review each question and perform their analysis. • If additional information is needed, they can document a follow-up request. This will be routed back to the vendor to respond. • The follow up collaboration is stored in an audit history report that is easily accessible for the analyst.

  47. Analyst Conclusion: • Analysts can document their conclusion by assigning a rating, ranking the severity of the failure and describing the rationale.

  48. Issue Management: • Issues and remediation steps can be created to document problems that have been discovered and any remediation steps expected from the vendor. • Owners and due dates are assigned to ensure responsible parties are notified of the assignment and any approaching deadlines.

  49. Assessment Rating: • Once the review is complete, consolidated results can be reviewed on the assessment. • Assessment ratings can be automatically calculated based on various methods such as scoring or the number of issues discovered. • Assessments can be routed to stakeholders for internal approval.

More Related