Third-party risk management is essentially a data gathering task (onboarding, questionnaires and 3rd party data sources) followed by a data analysis task (risk rating evaluation algorithm with some human intervention), followed by a mitigation plan and follow up post contract signature.
Gen AI could probably help with the first 3 quite easily but the main risk I see is not getting accurate, vetted data on which to base this critical exercise.
What do you think is the best method for the collection of data?
I'm fed up with a form-based approach, but the data aggregators/data feeds aren't providing high enough data quality levels yet to move away from reliance on forms.
It's a combination of both to be sure... I don't think you get out of needing to send a form to suppliers for, at minimum, validation. As scrappers and DBs (see Tealbook), we can imagine a future where we send the supplier his profile / risk questionnaire 100% completed and they just review and sign off.
It will certainly add value during initial risk assessment and, later on, ongoing risk profile enrichment through third party data providers for a specific industry. This will eliminate periodic risk reviews and will make it more of an ongoing process that would deliver alerts or notifications to specified stakeholders. Linking this capability to contract repository and ability to automatically cross-reference between the risk profile and contract will bring a whole new set of insights and recommended actions to mitigate the risk like clause recommendations or even drafts. Exciting stuff...
Third-party risk management is essentially a data gathering task (onboarding, questionnaires and 3rd party data sources) followed by a data analysis task (risk rating evaluation algorithm with some human intervention), followed by a mitigation plan and follow up post contract signature.
Gen AI could probably help with the first 3 quite easily but the main risk I see is not getting accurate, vetted data on which to base this critical exercise.
Data is everything with the Gen AI piece.
What do you think is the best method for the collection of data?
I'm fed up with a form-based approach, but the data aggregators/data feeds aren't providing high enough data quality levels yet to move away from reliance on forms.
This is a golden procurement tech opportunity.
It's a combination of both to be sure... I don't think you get out of needing to send a form to suppliers for, at minimum, validation. As scrappers and DBs (see Tealbook), we can imagine a future where we send the supplier his profile / risk questionnaire 100% completed and they just review and sign off.
It will certainly add value during initial risk assessment and, later on, ongoing risk profile enrichment through third party data providers for a specific industry. This will eliminate periodic risk reviews and will make it more of an ongoing process that would deliver alerts or notifications to specified stakeholders. Linking this capability to contract repository and ability to automatically cross-reference between the risk profile and contract will bring a whole new set of insights and recommended actions to mitigate the risk like clause recommendations or even drafts. Exciting stuff...