#442 – HOW TO MANAGE THIRD PARTY RISKS – BILL POMFRET PH.D.

Featured

Posted on by
Reply

The Third-Party Risk Management landscape has changed dramatically over the last decade. The 2008 financial collapse illustrated that even our strongest industries and institutions were at risk. We started to see more regulations for not only the physical handling of data but also cloud-based and digital data management. This really brought third-party risk management to the forefront of organizational leadership.

Over the years, the vendor risk management industry has grown and morphed to tackle the increasingly complex issue of cybersecurity along with constantly changing international regulations. We’ve also seen a rise in the Chief Information Security Officer position – what once was another role/function for the IT department is now a team of experts in most established organizations. One thing we know for sure is that these challenges are only going to get more complicated, and a strong vendor risk management program is essential for the longevity of an organization.

So, what is next for third-party risk management? How do we evolve as federal involvement increase and we see major breaches and hacks on a regular basis? There are few essential elements to a successful third-party risk management program.  It’s a Program, not a Project.

Organizational leadership must stop thinking of risk management as a one-time (or once a year) project. It’s an ongoing program that requires ongoing monitoring. Your vendors’ practices, your business, and the requirements of your industry are constantly changing. Your third-party risk management program should reflect that. This is why tools like RiskRecon which continuously monitor vendor data are essential on top of assessment solutions like Privat to validate security controls. Risk management can be overwhelming, confusing, and time-consuming so it’s tempting to knock it out in a month and then forget about it, but really this should be a constant movement within the organization. Starting with your vendors with the most data touchpoints down to the smallest vendors who have far less access to your company’s information, every vendor should be continuously assessed.

Strengthening Relationships

We all know that a strong relationship goes a long way in any business environment. This is especially true of your vendor relationships. To get your security assessments completed in a timely manner so you can effectively assess your risk, you need buy-in from your vendors. With SPI Inc., we took the time to develop an easy-to-use platform for vendors to quickly complete their assessments and save their answers for future use.

Over the next few years, vendors are going to be responsible for sharing their processes for handling data to more and more of their clients. By establishing a strong relationship early on, you can set yourself up for success and help your vendors at the same time.

Comprehensive Risk Management

The future of third-party risk management is going to be about connecting the dots and having a truly comprehensive program. A good TPRM will include collecting security questionnaires that ask important questions about how a vendor is handling your data. Based on those questionnaires, you assign the vendor a risk rating and leadership uses that information to make decisions about whom to share data with. But how can you check the vendor’s responses? How can you be certain that their answers are accurate? That’s where Safety Projects partnership with Risk Management Inc. comes in – to bridge the gap between security questionnaires and continuous data monitoring. Regardless of what platform you use, it’s critical to have a “due diligence” process in place. Having a comprehensive, scalable TPRM will no longer be an option as data regulation becomes a top priority for governments across the globe and breaches become more commonplace.

McKinsey reported what managing third-party risk in a growing technological climate should include Segmentation and organization of vendors.

  • Rules-based due diligence (and evidence of third-party due diligence)
  • Post-contract compliance management and transparency
  • Clear guidelines for governance and escalations
  • Comprehensive technology and modern tools

These elements are true today and we would argue that you should be able to find all these elements in a single platform. Safety Projects International Inc. expanding partnership with Risk Management Inc. speaks to the future of TPRM and provides one of the most comprehensive risk management programs in the industry today. Check out our Webinar on Strategy & Risk for and Dr. Bill Pomfret, CEO of Safety Projects International Inc, who will discuss where third-party risk management is going in the next few years.

Bio:Dr. Bill Pomfret of Safety Projects International Inc who has a training platform, said, “It’s important to clarify that deskless workers aren’t after any old training. Summoning teams to a white-walled room to digest endless slides no longer cuts it. Mobile learning is quickly becoming the most accessible way to get training out to those in the field or working remotely. For training to be a successful retention and recruitment tool, it needs to be an experience learner will enjoy and be in sync with today’s digital habits.”

#442 – FEDERAL ERM SURVEY – JAMES KLINE PH.D.

Featured

Posted on by
Reply

In 2023 the Federal Enterprise Risk Management and Guidehouse 9th Consecutive survey of 52 federal agencies was published. (1) The survey was conducted from July 24 to September 2023. Sixty-two percent of the respondents had some Risk Management Function. Seven percent had Finance, Budgeting and Accounting responsibility. In terms of position, nineteen percent were from the Senior Executive Service (SES). Eighty-four percent were non-SES. This piece looks at key survey questions and the responses. Where possible the 2023 and 2022 responses are shown side by side. Continue reading

#442 – INTENTIONAL SELF MANAGEMENT – GREG HUTCHINS

Featured

Posted on by
Reply

If you don’t design your own life plan, chances are you’ll fall into someone else’s plan. And guess what they have planned for you? Not much.
Jim Rohn – Author and Entrepreneur

Intentional Self-Management is the fundamental principle behind Working It and is really critical in COVID time. Intentional Self-Management is the art of taking responsibility and the science of taking control of your behavior, health, spirit, career, life, and work. Think about these key Intentional Self-Management questions: Continue reading

#441 – USING A DELTA PROGRAM TO MINIMIZE EARLY FIELD FAILURES – FRED SCHENKELBERG

Featured

Posted on by
Reply

Failures happen. Sometimes product failures happen quickly.

You just bought a new feature rich computer and discover it doesn’t work. Right out of the box, it will not power up. Conversations with the tech support and it’s a trip back to the store. Continue reading

#441 – FOCUS ON THE RIGHT NOW, NOT THE DISTANT FUTURE TO STAY MOTIVATED – KAITLEN WOOLLEY & PAUL STILLMAN

Featured

Posted on by
Reply

It’s a familiar start-of-the-year scene. You’ve committed to a healthier lifestyle and are determined that this time is going to be different. Your refrigerator is stocked with fruits and veggies, you’ve tossed out processed foods, and your workout routine is written in pen in your daily planner.

Yet, as you head out one morning, the tantalizing aroma of fresh doughnuts wafts through the air. How can you resist the call of this sugary treat and stick with your healthy choices?

Conventional wisdom, grounded in years of research, suggests that the best way to resist unhealthy choices is to think about the long-term consequences. For example, you could consider how the added sugar from eating too many doughnuts can lead to diabetes and obesity. Thinking about these long-term consequences, the argument goes, should help you avoid indulging right now and better stick to your goals.

However, in our combined 25 years of experience investigating people’s self-control behavior and motivation, we have learned that, in the heat of the moment, people often overlook distant outcomes, diminishing the effectiveness of strategies focused on the long term.

In response, we propose three approaches, backed by recent research, to help you stick to healthier habits.

To resist temptation, think short term

One strategy to avoid indulging is to consider the short-term consequences of unhealthy behavior. We tested this approach in seven studies with over 4,000 participants.

In one study, we invited university students to view one of two public service announcements detailing reasons to avoid energy drinks. One message emphasized long-term costs of drinking high-sugar energy drinks, such as diabetes and obesity. The other stressed short-term costs, such as anxiety and a sugar and caffeine crash.

Students then had a choice between receiving an energy drink or another attractive prize. Those who read about the short-term costs were 25% less likely to choose the energy drink than those who read about the long-term costs.

In another study with a similar setup, participants read about either the short-term costs of eating sugar, the long-term costs of eating sugar, or they did not read about any downsides. Everyone then had to choose a delivery of cookies or a tote bag. Those who read about the short-term costs were 30% less likely to choose the cookies than those who read about the long-term costs and 45% less likely than those who didn’t read about any detriments to sugar.

We found that emphasizing short-term costs can also help you avoid other temptations. For alcohol, think about how excessive drinking can lead to poor sleep and hangovers. For fast food, think about how it can make you feel bloated or give you indigestion.

In our studies, immediate effects were a stronger motivator than long-term consequences that could take decades to occur. The takeaway is simple: To avoid indulging, think short term.

Focus on the fun of healthy options

Avoiding unhealthy foods is one thing. On the flip side, can you nudge yourself toward consuming more healthy foods?

Research that one of us (Kaitlin) conducted with behavioral scientist Ayelet Fishbach found that prompting people to focus on the good taste – rather than the health benefits – of foods such as apples and carrots increased consumption in the lab and the real world. These findings were independently replicated in an intervention at five university dining halls that used food labels focused on either tastiness or healthfulness.

This strategy can also promote other healthy behaviors, such as exercise. In one study, Kaitlin asked gymgoers to choose a weightlifting workout from a list of similarly difficult routines. The participants who were instructed to select a fun exercise completed more reps than those told to pick an exercise most useful for their long-term fitness goals.

Immediate rewards that result from pursuing long-term goals improve your experience right now, although they often go unnoticed. For this reason, focusing on the immediate versus delayed benefits of behaviors such as healthy eating and exercise can increase intrinsic motivation, making a behavior feel like its own reward and resulting in the immersed-in-an-activity feeling called “flow.”

Timing the reward sweet spot

Starting healthy behaviors is one important piece of the puzzle; another is sticking with these behaviors over time. One strategy for persistence is to use rewards to stay committed.

Research led by marketing professor Marissa Sharif, along with Kaitlin, involving over 5,000 people across eight experiments found that small, regular rewards were more effective for cultivating long-term commitment to healthy behavior such as exercising and flossing than were large, occasional rewards. Think watching 20 minutes of a guilty pleasure TV show each day you work out, rather than waiting to the end of the week to watch 80 minutes of TV to reward yourself for those four workouts.

But there’s a twist: Rewarding yourself too early may backfire. It seems rewards are most effective when people have to work to unlock them, after which they become regular. In other words, putting in initial effort while not being rewarded, followed by small, continual perks, is the most effective way to structure rewards.

In a study on exercise, Marissa and Kaitlin followed exercisers as they engaged in four initial workouts that came with no rewards. Then a work-to-unlock-rewards group began to receive small, continual rewards for each subsequent workout. They ended up persisting longer and completing more workouts than people in a lump-sum group who received a larger, occasional reward for every four workouts they finished.

A similar effect was evident in a 12-day study on tooth flossing. People in the work-to-unlock-rewards group – three days of flossing without rewards followed by daily rewards – flossed for more days than those who received continual rewards right way. Those who had to commit extra effort to unlock the rewards flossed 15% more days.

These studies suggest people can strategically incorporate rewards – with a short initial period without any rewards – into their routine to help them stick with healthy behaviors over time.

Resistance, enjoyment and persistence

Our research highlights three effective strategies to help you achieve your goals: prioritizing short-term consequences to resist temptation, finding enjoyment in long-term choices, and continually rewarding yourself for sustained persistence.

What’s great about these strategies is that you can adapt them to any personal goal you hold. For instance, if you’re finding it hard to swap social media for a book, consider reflecting on negative short-term consequences of endless scrolling. Or if carving out time for relaxation feels like a challenge, focus on the immediate benefits of engaging in meditative exercises.

By incorporating these evidence-based approaches, you can empower yourself to follow through on your long-term goals.

BIOS:

Professor Kaitlin Woolley is an associate professor of marketing at Cornell University. Professor Woolley studies consumer motivation and goal pursuit, with a focus on understanding what consumers value when pursuing their goals and how to use this to increase goal persistence. She also researches the influence of goal conflict on consumer choice, and the role food consumption plays in social connection. Woolley’s research has been published in journals and book chapters, including Journal of Consumer Research and Journal of Personality and Social Psychology. It has been featured in outlets such as the Wall Street Journal, the New York Times, Harvard Business Review, NPR, and Psychology Today.

At Cornell, Professor Woolley teaches the core marketing course and the consumer behavior course. Woolley earned a bachelor’s degree magna cum laude in psychology from Cornell University. She earned an MBA from the University of Chicago Booth School of Business. Her PhD is in behavioral science from the University of Chicago Booth School of Business.

Dr. Stillman’s research examines how cognition and motivation interact to produce behavior. In particular, by investigating the cognitive underpinnings of goal-pursuit, I hope to advance understanding of self-regulation – how people manage complex goal arrays. In doing so, I hope to provide insight as to why people behave in ways that are counter to their goals, as well as identify ways to boost functional self-regulation.