Enlighta TPRM
Third-Party Risk Monitoring
Transform your Third-Party Risk Management program to an automated and auditable set of processes that span the third-party management lifecycle.
Enlighta TPRM (Third Party Risk Monitoring)
Only offering that integrates Supplier Governance & integrates with leading ERP, CLM and GRC tools
Enlighta TPRM supports initial risk assessment of prospective third parties, automation of due-diligence questionnaires to internal stakeholder groups & third parties, internal compliance quality assessments, detailed contract compliance monitoring, and reporting of risk via risk scorecards. Enlighta TPRM makes it easy for regulated entities to roll out and adapt an effective TPRM program across 1000s of third parties.
Enlighta benefits Third-Party Risk Management
- Auditable compliance to regulations such as regulations, policies, contracts by third parties & suppliers
- Internal and external compliance assessments
- Risk scorecards
- Automated action-items assigned to internal stakeholder groups
Out of box TPRM functions that can be easily adapted
- Automated triggers based on Initial or Residual Risk Rating of Third Parties
- One-Time or Recurring Due Diligence Questionnaires & Due Diligence Assessments
- Real-time visibility to business intake requestors
- Automated action items assigned to internal stakeholder groups
Risk Scoring & Auditable Due-Diligence Assessments Across multiple dimensions
- Location/Country
- Information Security/Cyber Risk
- Privacy
- Operational Competency
- Concentration
- Reputational
- Technology
- Sub-Contractor
- Financial Viability
- Financial Crimes
- Anti-Money Laundering
- Human Resources
- Background Screening
Setup TPRM Program
- Define Risk Framework
- Define Risk Elements viz. Service Categories, Suppliers & Contracts
- Define Risk Stakeholders
- Define Risk Tiers e.g. High, Medium, Low
- Define Risk Dashboards, Scorecards, Assessment Surveys
Assess Third-Party Risk
- Shortlist Suppliers and Contracts
- Define Risk Assessment Plan
- Define relevant Controls points
- Run Preliminary Supplier or Contract Risk Profiler
- Run Initial Supplier or Contract Risk Assessment
- Generate Initial Supplier or Contract Risk Score & Tier
- Request detailed information/meetings for recurring Supplier or Contract Risk Assessment
Monitor Third-Party Risk
- Review Supplier Survey responses, notes & operational data
- Recurring Supplier or Contract Risk Assessment
- Define relevant Controls points
- Automate and distribute DDQ (Due-Diligence Questionnaires) and DDAs (Due-Diligence Assessments)
- Preliminary Contract Risk Profiler
- Create Risk Issues and interpret risk
- Preliminary Contract Risk Profiler
- Collaborate internally & with Supplier to create Remediation Plans
- Execute Remediation Plan & Reduce Risk
- Conduct Final Supplier or Contract Risk Assessment
- Generate Final Risk Score & Tier
Report Third-Party Risk
- Create Risk Audit Plan
- Conduct Internal and/or Third-party Audits
- Record Risk Audit Findings & Results
- Corrective Action Plans
- Share Final Risk Score & Tier of Suppliers and Contracts with BUs, Sourcing, Legal, VG&M
- Update systems and publish Risk Dashboards
- Periodically refine Controls & Monitor Risks
