Description
Why Focus on 3rd Party Risks
Companies should treat third‑party risk management (TPRM) as a strategic priority because in today’s interconnected business environment, your vulnerabilities are often the sum of your partners’ vulnerabilities.
Outsourcing and vendor partnerships bring efficiency, scale, and expertise — but they also open the door to risks you don’t directly control
🔐 1. Protecting Sensitive Data & Cybersecurity
- Vendors often have access to confidential data, intellectual property, or personal identifiable information (PII).
- A breach at a supplier can be as damaging as one inside your own network — think supply chain attacks and ransomware infiltration.
- Regulators increasingly hold companies accountable for vendor security practices, not just their own.
⚙️ 2. Ensuring Operational Continuity
- If a critical supplier fails — due to financial instability, natural disasters, or poor internal controls — your operations can grind to a halt.
- Service Level Agreements (SLAs) and contingency planning (e.g., backup vendors) are essential to avoid costly downtime.
📜 3. Meeting Regulatory & Compliance Obligations
- Laws and standards (e.g., data protection, ESG, anti-bribery, ISO 37301 compliance) increasingly require due diligence on third parties.
- Non‑compliance can lead to fines, sanctions, and reputational damage, even if the violation happens outside your direct control.
🌍 4. Managing Broader Risk Categories
- Geopolitical risk: Political instability in a vendor’s country can disrupt supply chains.
- ESG risk: Poor environmental or labor practices by suppliers can harm your brand.
- Reputational risk: Public backlash from a partner’s misconduct can spill over to you.
📊 5. Building Resilient, Trustworthy Partnerships
- A robust TPRM program builds mutual trust with vendors and stakeholders.
- It enables faster, better‑informed decisions about who to work with and how to manage them over time
✅ Bottom line: You can outsource the work, but you can’t outsource the liability.
Strong third‑party risk management isn’t just a compliance checkbox — it’s a competitive advantage that safeguards your operations, reputation, and long‑term growth.
Duration
1-Day Program
Learning Objectives
At the end of the training, participants are expected to:
- Know how to identify third party risks and approach to Third Party Risk Management.
- Be familiar with components, requirements and approaches to Vendor Risk Management
Target Audience
- Procurement Personnel
- Compliance Personnel
- Legal Personnel
- Internal Auditors
- 3rd Party Account Managers
Program Structure and Outline
The Program is delivered using a combination of instructor-led lectures, case study and exercises on practical implementation of the concepts discussed within the training. The topics presented below define the areas of focus under the program:
Time: 8:30am to 12:00pm
Third Party Risk Management Overview
- Who is Considered a 3rd Party?
- Framework: What is 3rd Party Risk Management?
- Global Trends towards 3rd Party Engagements
- Workshop 1: Assessing current 3rd party challenges
Vendor Risk Management
- Definition
- Review of the applicable controls of BSP Circular 808
- Importance of Vendor Risk Management
- Vendor Breach Background
- Strategies for Vendor Risk Management
- Workshop 2: 3rd party Strategic Risk Planning (Enterprise Risk)
Time: 1:15pm to 5:00pm
3rd Party Risk Management Process
- 3rd Party Risk Profiling
- Workshop 3: Identifying 3rd Party Risks
- Ongoing Monitoring & Control Effectiveness
- Risk Appetite and Risk Tolerancing
Elements of the 4 RM’s
- Risk Measurement
- Risk Management
- Risk Monitoring
- Response Management
Resource Speaker:
Mr. Kama Neson Ganeson
PMP, PMI-RMP, CGOV, CORS, CCP, CSAP, CLA BCMC & ISMS 2026
Schedule:
May 11, 2026 (Monday) 9:00 AM – 5:00 PM
Training Fee per Participant:
Member Institution – Php3,920.00
Non-Member Institution – Php5,040.00
*VAT inclusive