Third Party Risk Management

Archer Third Party Risk Management employs a series of risk assessment questionnaires for third parties, enabling your organization to assess their internal controls and collect relevant supporting documentation for further analysis. Questionnaire results are factored into a determination of the residual risk of each engagement being delivered by the third party.

Residual risk is assessed across several risk categories: compliance/litigation, financial, information security, reputation, resiliency, strategic, sustainability, and fourth-party risk. Risk results are depicted for each engagement and rolled up to the corresponding third party to obtain an overall view of the third party’s “aggregate” risk to your organization. Risk assessment findings can be automatically captured and managed as exceptions, and remediation plans can be established, assigned to accountable individuals, and monitored to resolution.

For the key features and benefits of this use case, see the Data Sheet on the Archer Community: https://community.rsa.com/docs/DOC-40093

Third Party Risk Management is a use case in the Third Party Governance solution area. The following sections describe the use cases that Third Party Risk Management requires as a prerequisite, which use cases you can upgrade to as your third party governance program matures, and which use cases in other solution areas you can integrate for additional business context and functionality.

Prerequisite and next use cases

This following diagram shows how this use case fits into the overall Third Party Governance solution area.

Prereq, current, next use cases

Third Party Catalog

Third Party Risk Management

Third Party Engagements
  • Document your third parties, subsidiaries, and sub-subsidiaries
  • Track third party engagements
  • Manage the contract life cycle
  • Assess the third party’s internal control environment
  • Collect relevant supporting documentation for further analysis
  • Determine the organization’s residual risk across several risk categories
  • Catalog third party products and services and map engagements to your business processes they support

  • Request third party products and services, and evaluate and manage requests

  • Perform inherent risk assessments on engagements across seven different risk categories and roll up results to an overall third party risk profile.

  • Capture and analyze significant fourth party relationships

  • Analyze the financial viability of each third party

  • Catalog master services agreements associated with engagements

  • Perform contract risk assessments

  • Capture the third party’s proof of insurance and evaluate the adequacy of the insurance

Third Party Governance

  • Define and document performance metrics for third parties
  • Track all contractual service level agreement (SLA) metrics
  • Capture performance metric data and report on performance of individual engagements

Related use cases in other solution areas

The following table shows the use cases in other solution areas you can integrate for additional business context and functionality.

Application Name

Primary Purpose(s) of the Relationship

Use Case Name

Incidents

View any incidents related to your third parties.

Incident Management

Loss Events

View any loss events related to third party engagements.

Loss Event Management

The following additional resources are available for this use case:

The following additional resource is available for the Third Party Governance solution area: Third Party Governance Solution Brief.

Get started