PwC’s “How your board can oversee third-party risk” identifies the primary areas of corporate risk associated with third-party relationships with vendors, suppliers, and others, and outlines the critical components of a third-party risk management program, as well as the elements of a “robust” program. The publication explains approaches to the board’s oversight structure, the board's role and responsibilities, and the potential challenges the board may encounter in understanding the risks. The publication also discusses increased interest among companies in relying on independent assurance for third-party risks in the form of assessments of the vendors’ controls conducted by external parties (e.g., SOC2 report), which the company can then benefit from without having to create and manage vendor-specific questionnaires.
The questions for the board to ask management about third-party risk at the end of the report can be used to facilitate discussion in the boardroom about the board’s oversight posture in this area.
Access additional resources on our Risk Management & Oversight page.
This post first appeared in the weekly Society Alert!