AuditBoard, a leader in audit, risk and compliance management, has released a new Third Party Risk Management solution. This new feature strengthens the existing AuditBoard platform enabling organisations to monitor and manage third-party risks better.
The importance of third-party risks has grown significantly over the last few years. Covid has introduced a greater reliance on cloud providers. In turn, this has meant that issues such as data protection are no longer containable within an organisation’s infrastructure. Third-party breaches are now estimated to cost U.S. companies an average of $9.5 million per incident, according to IBM research. Those breaches are also rising and extend beyond cloud providers; there has been a 297% rise in breaches via third-party suppliers. They also account for 25% of breaches, according to ForgeRock. As organisations become increasingly connected digitally, risk teams need to understand, monitor and manage the different elements quickly.
Data security is not the only third-party risk either. The rise in importance of sustainability will also, in time, require companies to understand risk exposure around Scope 3 emissions. While this is not specifically within the new feature set of AuditBoard, the risk management solution provides a step in the right direction.
The new platform aims to connect the relevant stakeholders inside and outside the organisation. It aims to deliver the ability to scale risk management programs and map to the growing needs of the business.
The first challenge – Security compliance
The new platform targets the first challenge. It was created in conjunction with AuditBoard Cross Comply, its compliance management solution. The new solution effectively empowers teams to manage their overall IT risk and compliance posture. It consists of four main features.
- Vendor Onboarding: Workflows automate the process of onboarding suppliers. The platform will send requests for information and track the process for submission and reviewing vendor questionnaires. It will aggregate the data from those questionnaires into a central repository that risk teams can use for reporting purposes. This enables those risk teams to focus on suppliers that appear to provide the greater risk.
- Risk Assessments: Similar to onboarding, the risk assessment process is supported by automation. Users can build customer risk assessments or use some already provided on the platform. The system helps to manage the assessments and can also automate and track risk mitigation efforts.
- Mitigation plans: Following an assessment, risk teams can manage any risk mitigation plans from a single dashboard. The advantage is that as new third-party risks emerge, the best risk mitigation plans are initiated quickly. This ensures that the probability of risks occurring can be capped or reduced quickly.
- Vendor Monitoring: Using the data collected, the platform can deliver a holistic view across suppliers. This provides visibility of emerging trends and any changes in the control environment. If vulnerabilities occur, the risk team can proactively begin managing risk across their supply chain.
Rajiv Makhijani, SVP of Emerging Products at AuditBoard, commented: “A wave of digital risk is rising as the global economy becomes ever more interconnected. We’ve created this purpose-built solution to empower our customers to get ahead of this wave by more efficiently and comprehensively managing the expanding third-party risk landscape.”
Enterprise Times: What does this mean
The Third Party Risk Management solution is a timely addition to the AuditBoard platform. Risk Management is becoming both more complex and more important for more organisations. With fines and consequences increasing for non-compliance around data security, organisations must improve their risk management. The new AuditBoard solution provides the automation and collaboration that promises to help with this challenge.
However, does it go far enough? There is no mention of integration to either Teams or Slack, nor is there a mention of support for the risks around sustainability. Organisations are starting to commit to net-zero; as the climate crisis increases, legislation is also more likely to appear, that imposes penalties for those organisations that do not comply. It will be interesting to see how AuditBoard develops Third Party Risk Management and what integrations it introduces. One thing that is missing from the announcement is any information about pricing.