Policy, Program and Procedures

 View Only
  • 1.  Implementation

    This message was posted by a user wishing to remain anonymous
    Posted 06-13-2022 08:17 AM
    This message was posted by a user wishing to remain anonymous

    Hi all,

    We are in the process of implementing the TPRM for the 1st time our organization, & ready with process flow, Policy & procedure involving all the stakeholders.
    Do anyone have the steps/process/approach of implementing the TPRM, can anyone share their ideas please.

    Thanks & Regards
    Sri


  • 2.  RE: Implementation

    Posted 06-13-2022 05:20 PM
    So my advice is always to look at the FDIC guidance FIL-44-2008. (if you're a Bank you may already be familiar with it)
    It breaks the program into 4 elements. 

    1. Sourcing (you can table that process for now) 
    2. Risk Assessment and Due Diligence life cycle (do this one first; you need to know the Risks)
    3. Contracts Development and Review (do this now! once you know the Inherent Risks build you contract accordingly)  :-)
    4. Oversight / Performance monitoring (you can table this, but it needs some priority -> do this before Sourcing)

    I have a good list of links regarding the Banking Regulatory "stuff" at bradleymartin.net so stop on by there for the Regs...
    2 & 3 above are the center points... 
    You need to know the risks and what controls you want to see as a result. 
    And once you know the risks (regardless of controls) you build your contract requirements. 
    4 (Oversight) becomes a big deal when you have good contracts that include Service Level Agreements (and make certain those SLAs have remedies). 
    1. Sourcing... think about your procurement program if you have one... if you don't, then you'll want to focus some attention on Sourcing; but you may want think a bit broader as Procurement processes allow for the implementation of controls that support TPRM programs. And while Sourcing and Procurement are different processes; Sourcing often lives within Procurement (albeit, some might see it has dipping outside Procurement and then dipping back in, once a supplier is selected... but that's why this is some much fun! 

    :-) 
    -Bradley Martin


  • 3.  RE: Implementation

    Posted 06-14-2022 08:41 AM
    Thanks for your response, very kind of you and helpful. :)