Risk Management

Trends in TPRM: Q&A with Gartner and H-ISAC

Recently, RiskRecon founder Kelly White sat down with Sam Olyaei, Director at Gartner Research, and Errol Weiss, Chief Security Officer at Health-ISAC, to discuss their client’s experiences regarding third-party risk management.

In this paper, RiskRecon highlight some of the insights discussed during our Q&A session including:

Why some organizations are better at managing third-party risks
The current and future state of TPRM ownership within firms
How firms are currently identifying risks from Nth parties

Intermediate Guide to Risk Management by Daniel Wright

Beginners Guide to Risk Management by Daniel Wright

Complexity is a Friend, Once You Understand It by Karen Walker

Complexity as the enemy is a popular catch cry.

So what creates complexity in organisations and should strategies that generate complexity be avoided?

Here’s a quick summary of what is typically described as making organisations more complex.

People; more staff, more staff locations, multiple lines of accountability and responsibility, role duplication, diversity of workforce, more relationships with third parties / business partners / vendors.

Clarifying responsibility in digital changes and more decentralised decision making by Clive Martin

The big changes happening around us provide opportunity for a better way of clarifying responsibility.

One of the first letters to an editor I wrote was in 1990 or 1991 and it was to Paul Bawcutt who was the editor of a risk management journal called "Foresight". It was on the subject of whether risk managers should have direct responsibility for managing risk or not. There were different views around at the time and there still are today. A quarter of a century has passed and the debate over the roles of risk functions and others involved in managing risk still rages on.