Enlighta TPRM

Third Party Risk Monitoring

Transform your Third-Party Risk Management program to an automated and auditable set of processes that span the third-party management lifecycle.

Enlighta TPRM (Third Party Risk Monitoring)

Only offering that integrates Supplier Governance & integrates with leading ERP, CLM and GRC tools

Enlighta TPRM supports initial risk assessment of prospective third-parties, automation of due-diligence questionnaires to internal stakeholder groups and third-parties, internal compliance quality assessments, detailed contract compliance monitoring and reporting of risk via risk scorecards. Enlighta TPRM makes it easy for regulated entities to roll-out and adapt an effective TPRM program across 1000s of third-parties.

Enlighta benefits Third Party Risk Mgmt.

  • Auditable compliance to regulations such as regulations, policies, contracts by 3rd parties & suppliers
  • Internal and external compliance assessments
  • Risk scorecards
  • Automated action-items assigned to internal stakeholder groups

Out of box TPRM functions that can be easily adapted

  • Automated triggers based in Initial or Residual Risk Rating of Third Parties
  • One-Time or Recurring Due Diligence Questionnaires & Due Diligence Assessments
  • Real-time visibility to business intake requestors
  • Automated action-items assigned to internal stakeholder groups

Risk Scoring & Auditable Due-Diligence Assessments Across multiple dimensions

  • Location / Country
  • Information Security / Cyber Risk
  • Privacy
  • Operational Competency
  • Concentration
  • Reputational
  • Technology
  • Sub-Contractor
  • Financial Viability
  • Financial Crimes
  • Anti-Money Laundering
  • Human Resources
  • Background Screening

Setup TPRM Program

  • Define Risk Framework
  • Define Risk Elements viz. Service Categories, Suppliers and Contracts
  • Define Risk Stakeholders
  • Define Risk Tiers e.g. High, Med, Low
  • Define Risk Dashboards, Scorecards, Assessment Surveys

Assess Third Party Risk

  • Shortlist Suppliers and Contracts
  • Define Risk Assessment Plan
  • Define relevant Controls points
  • Run Preliminary Supplier Risk Profiler or
  • Preliminary Contract Risk Profiler
  • Run Initial Supplier Risk Assessment or Initial
  • Preliminary Contract Risk Profiler
  • Contract Risk Assessment
  • Generate Initial Supplier (or Contract) Risk
  • Score & Tier
  • Generate Initial Supplier (or Contract) Risk
  • Request detailed information/ meetings for
  • Recurring Supplier (or Contract) Risk Assessment

Monitor Third Party Risk

  • Review Supplier Survey responses, notes & operational data
  • Recurring Supplier or Contract Risk Assessment
  • Define relevant Controls points
  • Automate and distribute DDQ (Due-Diligence Questionnaires) and DDAs (Due-Diligence Assessments)
  • Preliminary Contract Risk Profiler
  • Create Risk Issues and interpret risk
  • Preliminary Contract Risk Profiler
  • Collaborate internally & with Supplier to create Remediation Plans
  • Execute Remediation Plan & Reduce Risk
  • Conduct Final Supplier or Contract Risk Assessment; generate Final Risk Score & Tier

Report Third Party Risk

  • Create Risk Audit Plan
  • Conduct Internal and or
  • Third party Audits
  • Record Risk Audit Findings
  • Record Risk Audit Results
  • Corrective Action Plans
  • Share Final Risk Score & Tier of Suppliers and Contracts with BUs, Sourcing, Legal, VG&M
  • Share Final Risk Score & Tier of Suppliers and Contracts with BUs, Sourcing, Legal, VG&M
  • Update systems; and publish Risk Dashboards
  • Periodically refine Controls & Monitor Risks
Scroll to Top