Third Party Risk Management

    Third Party Risk Management solution helps an organisation to identify, assess, and manage risk associated with third-party relationship(s)
    A businessman thoughtfully examines investment opportunities, showcasing a professional and strategic approach to financial decisions against a modern backdrop.

    Third Party Risk Management emerging as a key focus area

    Global organisations increasingly rely on and partner with third parties to perform their operations effectively and efficiently. This dependency or relationship with third parties exposes organisations to different types of risks and makes third parties an attack vector for targeting the end organisations. The resulting increase in number of third party incidents impacting the organisations and emphasis on regulatory assessments has resulted in TPRM emerging as a key focus area for the board and senior management across organisations.

    However, organisations continue to face multiple challenges in addressing third party risks including lack of visibility on third/ nth party relationships, managing ever-increasing requests for third party risk assessments, absence of upstream/ downstream process and system integration, complex operating model, and limited use of technology.

    KPMG in India, through the below services, assists global and national majors in addressing the above challenges and transforming their TPRM program aligned with Industry leading practices, regulatory requirements, and business objectives:

    Advisory Services

    KPMG supports organisations in designing and up-lifting their third-party risk management program in-line with the industry leading practices and regulatory requirements.

    Advisory Services

    Assessment Services

    KPMG supports organisations in conducting assessments throughout the third party life cycle to identify, assess, report, monitor, and mitigate risks to the organisation.

    Digital Transformation

    KPMG supports organisations in digital transformation of their TPRM program.

     

    Digital Transformation

    Other Solutions:

    • Enterprise Third Party Risk Management

      KPMG supports organization to design, streamline and operationalize enterprise wide third party risk management program to assess and manage third party risks covering risk risk beyond cyber including ESG, Financial, Legal, Compliance, Operational and Reputational risks. For more information, please refer to Enterprise Third Party Risk Management

    • Software Supply Chain Security

      KPMG supports organisation to start their software supply chain security journey by assessing and managing risk associated with third party software products and components.

    • Third Party Cloud Security Assessments

      KPMG supports organisation with cloud control catalog capability that enables them to efficiently assess third party SaaS application services and associated environments.

    • Third Party Continuous Cyber Risk Monitoring

      KPMG supports organisation to perform continuous monitoring of their third party based on external data feeds or substantive review of control population data.

    Our Service offerings

    • Regulatory gap assessment

      Provide regulatory health check assessment including observation and impact analysis details and Impact Analysis

    • Maturity assessment
      1. Perform “As-Is” state review of the client’s TPRM program capabilities
      2. Provide TPRM program maturity assessment report including areas of improvement and recommendations along with a transformation roadmap
    • Business case and roadmap

      Prioritize enhancements, and estimate the efforts and resources required to roll out the TPRM program.

    • TPRM framework development

      Enhance TPRM framework including scope definitions (risk domains, third party entities, and third party lifecycle), governance mechanism, guidance for third party lifecycle activity, issue and exception management, program KPIs, escalation matrix and reporting mechanism, change management, and policy/process documentation

       

    • Building TPRM Target Operating Model

      Design and operationalize the TPRM target operating model covering people, process, technology, deployment strategy, service delivery model, performance insights, and data governance

       

    • Service risk profiling
      1. Inherent risk assessment of potential third party arrangements/services
      2. Periodic review of the third party arrangements/services to assess and monitor any change in the inherent risk profile
    • Third party risk and control assessments
      1. Third party lifecycle stage coverage: Onboarding, Ongoing Monitoring, and Termination
      2. Assessment Mode: Self-Assessment, Remote Assessment, and Onsite Assessment
      3. Assessment Depth: Response/evidence-based validation, Walkthrough based validation, Test of design, Test of operating effectiveness
    • Thematic assessments

      Ad-hoc assessments conducted for identified set of third parties and focused on specific risk areas (e.g., impacts assessment for log4j attack)

    • Contract compliance review

      Contract gap analysis, and diagnostic assessment of Information Security requirements in third party contracts

    • Issue management

      Logging, tracking, monitoring, and closure of identified gaps as per the agreed action plan and timeline

    • Leverage utility platform assessments

      Review third party risk assessment results provided by utility platforms

    • Leverage external data feeds

      Leverage external sources to determine third party risk posture for specific risk groups without the need for intensive manual assessments

    • Process automation

      End-to-end implementation services for COTS (SAP Ariba, Coupa Risk Assess, Archer, Service Now, One Trust) and KPMG TPRM solutions [KPMG Vendor Assessment and Compliance Hub, Digital Signal Insights Platform (DSIP)]

      1. Business analyst services
      2. Solution implementation and System Integration
      3. Testing Services (UAT / Functionality)
      4. Production support
      5. Program management
      6. Change management
      7. Backlog Management
    • Dashboard and Reporting

      Automation of Strategic KPIs and Operational SLAs leveraging external dashboarding tools such as PowerBI, Tableau, etc.

    • NextGen TPRM solutions (AI/ML, RPA)

      Leverage technologies such as RPA and AI/ML to automate manual and redundant task (use cases include automated control testing, parsing of third-party evidence/ documents etc.)

       

    Why KPMG in India?

    How can we help you?

    We have built TPRM program accelerators such as end-to-end TPRM process workflow, risk profiling and assessment questionnaire template, risk mitigation and acceptance form covering exception cases, KPIs template, risk metrics etc. We will leverage these accelerators to reduce time spent on building the deliverable and focus more on building acceptance for the framework with the stakeholders.

    How can we help you?

    How can we help you?

    We work with a network of member firms to ensure physical presence and language capabilities for our global clients. We have consistently delivered engagements beyond traditional assessments and assisted its clients in designing, regulatory requirement mapping, issue assurance, and automation aspects of their third-party risk management programs.

    How can we help you?

    How can we help you?

    We have a strong team of 200+ individuals focused on third party cyber risk management with skill sets such as DevOps, DevSecOps, Cloud Security, Application Security and Product Security, Cyber Security, Pen Testing, SAST & DAST, Security Architect, SOC, etc. Our security professionals are certified in ISO270001, CISSP, CCSP, CISA, CISM, CRISC, CTPRP, OSCP, DevSecOps, AWS, MS Azure, etc.

    How can we help you?

    How can we help you?

    We have worked on digital interventions including third party risk intelligence, bot-led risk assessment, etc. to achieve a shorter turnaround time for executing TPRM program activities.

    How can we help you?

    Cyber security

    Use cyber security to protect your future

    Cyber security

    Rich Industry Experience

    “ KPMG in India has been a trusted partner in the transformation of our Third-Party Risk Management Program for more than two years. Their expertise guidance, insights, and support have been integral to the maturity and success of our program ”

    -Global US based Software Technology Company





    “ As always, it has been pleasure working with you. I have found the engagement to be incredibly organized and efficient, when delays did arise you demonstrated empathy and understanding. I and the wider team also appreciate the efforts that you put into reducing the controls through historical evidence mapping. ”

    -Global Swiss Investment Bank and Financial Services Company
     
     
     

    “ We have been working with KPMG’s third-party risk management consultants for over two years and decided it was time to take our program to the next level. We needed industry expertise to help to uplift our manual end-to-end TPRM process. KPMG gave us the best TPRM expert and ServiceNow architects, Not only were they knowledgeable, but they were also extremely patient as we worked through some internal issues. Their partnership has proven valuable several times over. ”

    -Global US based Retail Company

    Select Credentials

    India Insights

    Our insights is your gateway to thought leadership and in-depth reports. Explore our curated collection of valuable content, where we delve into complex business challenges, share industry trends, and provide actionable insights.

    International Fraud Awareness Week

    International Fraud Awareness Week 2024, held from 17-23 November, to raise awareness about the impacts and prevention of fraud

    Awareness and actions at the forefront of third-party risk management

    Awareness and actions at the forefront of third-party risk management

    Beyond the resume: Background screening to protect organisational integrity

    Understanding importance of background screening for organisations

    Elevating fourth-party risk oversight for financial services

    Navigating the complex web of fourth-party risk identification and management in financial services

    ‘Fit and proper’ due diligence

    Integrity through ‘fit and proper’ due diligence for shareholders and key personnel in financial institutions.

    International Fraud Awareness Week

    International Fraud Awareness Week 2024, held from 17-23 November, to raise awareness about the impacts and prevention of fraud
    International Fraud Awareness Week

    Key Contacts

    To know more about how we at KPMG in India can help your clients build their TPRM programs, please connect with us.

    Atul Gupta

    Partner and Head - Digital Trust and Cyber

    KPMG in India

    Kunal Pande

    National Co-Head - Digital Risk and Cyber, National Leader - Digital Trust for Financial Services Sector

    KPMG in India

    Srinivas Potharaju

    Partner and Head, Digital Risk and Cyber

    KPMG in India

    Srijit Menon

    National Head for TPRM in India

    KPMG in India

    Connect with us

    Contact our specialists for more information

    connect with us