So my advice is always to look at the FDIC guidance FIL-44-2008. (if you're a Bank you may already be familiar with it)
It breaks the program into 4 elements.
1. Sourcing (you can table that process for now)
2. Risk Assessment and Due Diligence life cycle (do this one first; you need to know the Risks)
3. Contracts Development and Review (do this now! once you know the Inherent Risks build you contract accordingly) :-)
4. Oversight / Performance monitoring (you can table this, but it needs some priority -> do this before Sourcing)
I have a good list of links regarding the Banking Regulatory "stuff" at bradleymartin.net so stop on by there for the Regs...
2 & 3 above are the center points...
You need to know the risks and what controls you want to see as a result.
And once you know the risks (regardless of controls) you build your contract requirements.
4 (Oversight) becomes a big deal when you have good contracts that include Service Level Agreements (and make certain those SLAs have remedies).
1. Sourcing... think about your procurement program if you have one... if you don't, then you'll want to focus some attention on Sourcing; but you may want think a bit broader as Procurement processes allow for the implementation of controls that support TPRM programs. And while Sourcing and Procurement are different processes; Sourcing often lives within Procurement (albeit, some might see it has dipping outside Procurement and then dipping back in, once a supplier is selected... but that's why this is some much fun!
:-)
-Bradley Martin
Original Message:
Sent: 06-13-2022 03:56 AM
From: Anonymous Member
Subject: Implementation
This message was posted by a user wishing to remain anonymous
Hi all,
We are in the process of implementing the TPRM for the 1st time our organization, & ready with process flow, Policy & procedure involving all the stakeholders.
Do anyone have the steps/process/approach of implementing the TPRM, can anyone share their ideas please.
Thanks & Regards
Sri