2021 Retirement Plan Limitations
On October 26, 2020, the Internal Revenue Service announced the cost-of-living adjustments (COLA) that will take effect January 1, 2021 (IRS Notice 2020-79). ...
Vendors are a common element in today’s business environment. Outsourcing services and processes to vendors provides flexibility, convenience and cost savings. However, these outsourcing arrangements don’t come without increased risk. Data breaches stemming from third parties have been increasing year over year. When identities are stolen or sensitive information is made public, your customers won’t care that is was the vendor’s fault. Regulators and examiners alike are also taking note, and it can be seen in recent legislation and guidance related to managing third parties. According to the Federal Deposit and Insurance Corporation’s (FDIC) Guidance For Managing Third-Party Risk, “An institution's board of directors and senior management are ultimately responsible for managing activities conducted through third-party relationships, and identifying and controlling the risks arising from such relationships, to the same extent as if the activity were handled within the institution.” While services can be outsourced, the risk cannot.
Why is this important? Many organizations continue to outsource critical activities and fail to recognize the risks that arise from those relationships. Whether it is outsourcing certain information technology operations, sensitive data processing and storage, or simple marketing, legal or HR services, sensitive/proprietary information is often shared with third parties without first assessing the security controls within that organization. To that end, third-party risk management is critical when it comes to managing risk across the enterprise. To achieve assurance over activities performed by third parties, organizations should implement sound third-party risk management practices.
When it comes to guidance, there are plenty of great options available. There are many compliance-based guides that may be applicable based on the industry you are in. For example, with our clients in the banking world, the FDIC guidance mentioned earlier comes to mind. At Schneider Downs we are a member firm of the Shared Assessments Program, which provides widely adopted vendor risk management tools and resources for enterprise organizations to evaluate and measure vendor risk. These tools are industry agnostic and provide third-party risk management best practices regardless of the industry you may be in.
No matter what framework or guidance you plan to adopt, some of the key recommendations remain.
In addition to the aforementioned activities, organizations should assign responsibilities for third-party management to appropriate members of the organization with sufficient knowledge of the enterprise risk management process and nature of third-party relationships. Standardized documentation and reporting procedures should be implemented to ensure that third-party management activities are appropriately being performed and reported on. Lastly, organizations should perform independent reviews of their third-party management programs to ensure that third-party risk management activities are appropriately aligned with their enterprise-wide risk program, that they meet industry recommended best practices and that they effectively manage the risk posed by third parties.
Contact us if you have questions implementing a third-party risk management strategy and visit our Internal Audit page to learn about services that Schneider Downs offers.
On October 26, 2020, the Internal Revenue Service announced the cost-of-living adjustments (COLA) that will take effect January 1, 2021 (IRS Notice 2020-79). ...
Schneider Downs continues to track the evolving landscape of federal financial programs offered in the wake of the business disruption caused by the coronavirus ...
We’d love to hear from you. Drop us a note, and we’ll respond to you as quickly as possible.
Ask us
One PPG Place, Suite 1700
Pittsburgh, PA 15222
contactsd@schneiderdowns.com
p:412.261.3644
f:412.261.4876
65 East State Street, Suite 2000
Columbus, OH 43215
contactsd@schneiderdowns.com
p:614.621.4060
f:614.621.4062
1660 International Drive, Suite 600
McLean, VA 22102
contactsd@schneiderdowns.com
p:571.380.9003