By Heather Kadavy, AVP Third Party Risk Management & Information Security Officer for Union Bank & Trust Company
As a part of the Women in TPRM "Lead" workgroup, this blog series "Women Lead" allows us to learn from Women Leaders in the field of Third Party Risk Management.
Making our physical and digital-based companies a safer place in the future will require a shift to an inclusive approach to risk management, with input from more diverse backgrounds and perspectives. The reality is that third party risk management talent can come from a wide range of professionals, with different backgrounds, degrees, and experience. TPRM is not an IT function, it is not a Finance function, nor a Compliance function rather it is an Enterprise Risk function. We must remember that Risk Management is the responsibility of the entire organization and not of just one demographics views and opinions. TPRM truly is an enterprise focused looking glass, which brings together a variety of internal control lenses in order to see a complete picture. In order for an organization to make meaningful and sound decisions, business units must partner with subject matter experts from all risk areas [For Example: Financial, Operational, Information Security, Information Technology, Cyber Security, Strategic, Compliance, Legal, Reputational, etc.] in a collaborative effort to truly manage and address the risks that a third-party relationship brings to their organization. Furthermore, in our current landscape a “trust but validate” mindset through monitoring activities, as an ongoing process is the new norm, replacing the old compliance checklist approach. Women (and Men) become assets in the third-party risk management role when they learn that relationship building in addition to technology make for a more robust and effective risk management assessment program. In a study co-authored by a George Washington professor, Lynn Offermann found that while women tend to be more relationship-oriented than men and are more likely to stress collaboration and inclusion of all team members suggesting that gender diversity is important and that teams with a higher representation of women on top management teams can have a positive impact on organizational success. Research showed gender-balanced teams outperform both predominantly male and predominantly female teams. This is important to consider because leveraging both business unit personnel and subject matter experts when assessing the various internal control lenses will assist in breaking down silo approach to risk management when dealing with the growing complexity of threat landscapes, higher reliance on third parties to support our critical functions, the digital transformation we are all experiencing and the increasing regulatory scrutiny that all industries are facing. So, when it comes to TPRM, seek the highest level of gender balanced team collaboration between business units (1st Line of Defense) and risk subject matter experts (2nd Line of Defense) across your organizations to truly be effective in third party risk management practices. Remember – Together Everyone Achieves More! It Takes a TEAM!
Heather Kadavy, CERP, CBVM, CFSSP
Heather Kadavy worked at Union Bank and Trust Company for nearly 34 years with a career focus on Operational Risk Management. As her Bank’s Board of Directors designee, she has managed and evolved several major programs including Third Party Risk Management, Information Security, Physical Security, Safety, Business Recovery, Model Risk Management, and Enterprise Risk Management. She developed and implemented training programs for thousands of employees, had oversight of over a thousand third party relationships, due diligence reviews and contract management activities.
Heather has been married for over 20 years to her husband, Patrick, and has a daughter and son both attending the University of Nebraska-Lincoln. In her spare time, Heather enjoys spending time with friends and family, volunteering, doing puzzles, and baking. She is an avid Vikings football and Lakers basketball fan.