EAA Web Session: "Third-Party Risk Management: Managing External Service Providers"

Einleitung/Dauer

In an increasingly globalized and competitive business environment, outsourcing activities or services has become a key strategy for many organizations. This approach allows access to specialized expertise, reduces operational costs, and enables a focus on core competencies. However, it also involves transferring critical responsibilities to third parties, introducing new financial, operational, legal, technological, and reputational risks that can significantly impact the organization if not properly managed.

The Outsourcing Risk Management Program is designed to address these challenges by providing a systematic framework to identify, assess, mitigate, and monitor the risks inherent to outsourcing. This program focuses on establishing strong relationships with providers, ensuring compliance with applicable regulations, and protecting the interests of the organization, its customers, and other stakeholders.

By implementing this program, the goal is not only to minimize the risks associated with outsourcing but also to maximize the benefits of this practice, ensuring operational continuity, service quality, and alignment with the company’s strategic objectives. This is achieved through structured processes, advanced monitoring tools, and an organizational culture that values proactive risk management.

Vorgehensweise und Ziele

The nature of the risk management program in outsourcing lies in establishing a comprehensive framework to identify, assess, mitigate, and monitor risks associated with service outsourcing, safeguarding the organization’s interests. Its purpose is to ensure operational continuity, regulatory compliance, and the quality of outsourced services while minimizing negative financial, legal, reputational, or security impacts. The objectives are to identify inherent risks, evaluate and select reliable providers, effectively manage contracts, monitor performance through key indicators, ensure regulatory compliance, and strengthen cybersecurity, fostering a strategic relationship with providers to enable proactive and resilient management.

Teilnehmer

Transversal profile across the organization:

1. Executive Leadership (Directors and General Managers)
• Responsible for defining the overall outsourcing strategy, allocating resources, and ensuring the program aligns with the organization’s strategic objectives.
2. Project or Outsourcing Program Managers
• Lead the implementation of the program and act as the primary point of contact between the company and providers. Oversee activities related to risk management.
3. Procurement and Contracting Department
• Manages the selection and contracting processes for providers, ensuring contractual clauses include risk mitigation measures.
4. Legal Department
• Reviews and drafts contracts to ensure the company’s protection, addressing compliance, confidentiality, and dispute resolution.
5. Corporate Risk Management Department
• Evaluates and prioritizes risks associated with providers and outsourced activities, developing mitigation strategies.
6. Information Security and IT Department
• Ensures providers comply with cybersecurity and data management standards and regulations. Conducts system and access control audits.
7. Finance
• Analyzes the financial viability of outsourcing agreements and evaluates financial risks, such as the provider’s economic stability.
8. Operations and Logistics
• Oversees the operational execution of outsourced services, ensuring alignment with internal quality and time standards.
9. Internal and External Audit
   
• Conducts periodic reviews to assess the program’s effectiveness and identify areas for improvement in risk management.
  
10. Provider Representatives
    
• Collaborate with the company to meet expectations, requirements, and standards outlined in the contract and risk management program.
  
11. Human Resources
    
• Participates if outsourcing includes external workforce management, ensuring compliance with labor regulations and best practices in the relationship with third-party workers.
  
12. Compliance and Regulation
    
• Ensures all outsourcing-related activities comply with applicable local, national, and international regulations.
  
13. Marketing and Customer Service
    
• Involved if outsourcing impacts areas related to customer experience, overseeing quality and consistency in service delivery.
  
14. Business Continuity Managers
    
• Design and implement plans to mitigate disruptions in case of provider failures or adverse events.
  

Technical Requirements
Please check with your IT department if your firewall and computer settings support web session participation (the programme Zoom will be used for this online training). Please also make sure to join the web session with a stable internet connection.

Dozierende

Isabel Sánchez Sánchez

• PhD candidate in ESG Risks and Sustainable Finance at Cantabria University.
  
• Head of different undergraduate and postgraduate programs in different Universities and Business Schools (Carlemany, VIU, OBS, ESADE…) and keynote speaker in different forums and conferences.
  
• Professional and lecturer specialized in Banking and Strategic Consulting with extensive experience in Financial and Insurance Entities (KPMG, Popular Bank, Santander Bank...)
  
• Business Continuity and Crisis Manager in Volkswagen Bank

Sprache/Kurztitel

The language of the web session will be English.