Adding Value, Being Valued

Third Party Risk

Management 301:

Prudential Insurance

Lisa WrightVice President

ONTALA Performance Solutions

Linda Tuck ChapmanCPO Emeritus & President

www.sig.org/eval

Third Party Risk Management

Adding Value, Being Valued

Prudential Insurance Lisa Wright

ONTALA Performance Solutions Linda Tuck Chapman

October 28, 2015

© 2015 ONTALA Performance Solutions Ltd..Confidential Information. Do not copy or distribute. 3

Contact Information

Lisa Wright

Vice President, Prudential Insurance Company of America

Lisa is an accomplished strategist and senior leader, with a strong track

record for designing and driving new programs and initiatives. Leveraging

her experience as an entrepreneur Lisa was responsible for building and

leading Prudential’s non-domestic IT and BPO programs, global service

centers, including an award winning center in Texas and Prudential’s

Enterprise Vendor Governance Office with direct responsibility for IT

vendor risk management.

Linda Tuck Chapman

CPO Emeritus & President ONTALA Performance Solutions Ltd.

Linda Tuck Chapman is a widely recognized expert in third party risk

management, outsourcing governance and sourcing optimization. Her

unique insight and expertise is built on her experience as a consultant

and former Chief Procurement Officer in three of North America's largest

banks. ONTALA delivers leading-edge third party risk management

advisory services in association with Crowe Horwath Global Risk

Consulting.

Lisa Wright

lisa.wright@prudential.com

973.716.5535

Linda Tuck Chapman

lindatuckchapman@ontala.com

416.452.4635

© 2015 Crowe Horwath LLP

© 2015 ONTALA Performance Solutions Ltd..Confidential Information. Do not copy or distribute. 4© 2015 Crowe Horwath LLP

Our team

Experienced professionals publishing timely information, leading

educational events, and delivering relevant market insight on

critical topics such as emerging risks, regulatory compliance, and

industry trends.

© 2015 ONTALA Performance Solutions Ltd..Confidential Information. Do not copy or distribute. 5

Agenda

1 Context

2 3PRM Frameworks

3 Adding value

4 Working with start-ups

4 Developing new products

© 2015 Crowe Horwath LLP

Context

© 2015 ONTALA Performance Solutions Ltd..Confidential Information. Do not copy or distribute. 7

Third party risk management program executives have done

a great job stepping up to regulatory requirements

Regulatory expectations are intense and still increasing

Risk control experts are falling behind on due diligence

assessments and monitoring responsibilities

Business partners are chafing under increasing workloads

Heavy workloads, getting heavier

© 2015 Crowe Horwath LLP

3PRM Frameworks

© 2015 ONTALA Performance Solutions Ltd..Confidential Information. Do not copy or distribute. 9 9

3PRM Operating Framework

StrategicSourcing

Business Strategy

Risk Acceptance

“Risk SME” Due Diligence

Business-led Sourcing

Controls Design

Residual Risk Rating

Residual Risk Assessment

Questionnaire

Validation & Approval

Preliminary Risk Assessment

Questionnaire

Periodic Re-assessment

Post-contract Management &

Monitoring

Contract Execution

Renew or Terminate

Negotiations & Contracting

Business-led Sourcing

Validation & Approval

3PRM Operating Framework

© 2015 Crowe Horwath LLP

© 2015 ONTALA Performance Solutions Ltd..Confidential Information. Do not copy or distribute. 1010

Third Party Risk Management

Delegated AuthorityOperational Risk

Management

Risk SME Due Diligence

Escalation and Remediation

Risk Controls

Effective Challenge

KRI’s and KPI’s

ENTERPRISE RISK MANAGEMENT (ERM)

BOARD OF DIRECTORS

3PRM GOVERNANCE COMMITTEE

Contract Terms and Conditions

Process-based Procedures

Management and Monitoring

“Book of Record” - workflow, evidence and QA reviews

Performance and Risk Reporting

Trend Analysis & Reporting

Governance & Oversight

Policies & Standards

Assessments & Controls

Enablement & Evidence

Insight & Action

3PRM Governance Framework

© 2015 Crowe Horwath LLP

© 2015 ONTALA Performance Solutions Ltd..Confidential Information. Do not copy or distribute. 11 11

RISK

MANAGEMENT

VALUE

MANAGEMENT

PERFORMANCE

MANAGEMENT

3rd Party Management

360o insight

The end game

© 2015 Crowe Horwath LLP

Adding Value

© 2015 ONTALA Performance Solutions Ltd..Confidential Information. Do not copy or distribute. 13© 2015 Crowe Horwath LLP

Intrinsic value of 3PRM programs

Identify

Assess

Manage

Control

Consistency

Completeness

Regulated risks

Operational risks

Reputation risk

Compliance

Inherent risks

Residual risks

Consistency

Process efficiencies

Specific controls

Better contracts

Incident response

Risk visibility

Risk tolerance

Risk culture

Working with Start-ups

© 2015 ONTALA Performance Solutions Ltd..Confidential Information. Do not copy or distribute. 15

Context for Action

Worked hard to reduce

the number of

relationships

Need for agility and

speed

Conflict with standards

processes and controls

How much risk are you

willing to accept?

Need to trade off risk

versus value?

Enabling Innovation with Existing 3rd Parties

How can you mitigate risk?

Proof of concept

Equity stake, VC investment

J/V

Skills and knowledge transfer

DD in parallel with development

Cyber insurance

Multi-source risk mitigation partner

Onsite access

Use your 3PRM program to assess their

relationships/contracts

Leverage your company’s 3rd party

relationships

Use your own IP: differentiating / non-

differentiating solutions

© 2015 Crowe Horwath LLP

Developing new products

© 2015 ONTALA Performance Solutions Ltd..Confidential Information. Do not copy or distribute. 17

Context for Action

Need for agility and

speed

Leading 3rd parties are

innovators too

Slowed down by with

standards processes

and controls?

Enabling Innovation with Start-ups

How can you mitigate risk?

Take on more risk – aligned with their

core competence not yours

Proof of concept

Contract with start-up not with your

company

Joint development

Limited period non-compete

© 2015 Crowe Horwath LLP

Contact Information

© 2015 ONTALA Performance Solutions Ltd..Confidential Information. Do not copy or distribute.

Lisa Wright (973) 716-5535

Vice President, Prudential Insurance Company lisa.wright@prudential.com

Linda Tuck Chapman 416.452.4635

CPO Emeritus, and President, ONTALA lindatuckchapman@ontala.comin association with Crowe Horwath Global Risk Consulting

© 2015 Crowe Horwath LLP

Evaluation How-to:

Your feedback drives

SIG Event content

By signing and

submitting your

evaluation, you are

automatically entered

into a prize drawing

Why?

Option 1: App

1. Select Schedule2. Select Schedule by Day3. Select Day4. Select Session5. Scroll to Description 6. Click on the Evaluation link

Option 2: Browser

1. Go to www.sig.org/eval2. Select Session (#23)

How?

COMPLETE &SUBMIT EVAL

Download the App: bit.ly/SIGCAappTweet: #SIGfall15

Session #23

Third Party Risk Management 301:

Adding Value, Being Valued

www.sig.org/eval

Lisa WrightVice President, Prudential Insurance Company

(973) 716-5535lisa.wright@prudential.com

Linda Tuck ChapmanCPO Emeritus, and President, ONTALA in association with Crowe Horwath Global Risk Consulting

416.452.4635lindatuckchapman@ontala.com