In the latest installment of our Spotlight on Success series, Naomi Porter (Senior Governance Risk and Compliance Analyst) and Myles Gold (GRC Manager) at Open Dealer Exchange share how they use AuditBoard to complete their risk program with a comprehensive approach to TPRM. Headquartered in Michigan, Open Dealer Exchange is a technology hub providing integrated F&I solutions for automotive dealerships.
Hear how Open Dealer Exchange moved to the future of TPRM with a one-stop solution to send out questionnaires, track third-party responses, and store approvals, follow-ups, and risk assessments.
- Added a layer of internal accountability with a system to conduct assessments and handle follow-ups
- Reduced the need for multiple meetings, so they can start the assessment process faster than ever before
- Doubled the number of assessments they were able to complete, while easily reviewing what third parties they needed to reach out to
Tell us a little about Open Dealer Exchange and some of the challenges you faced in your previous manual environment.
Myles Gold (GRC Manager): “We pass a lot of data through our network. This means we handle a lot of sensitive personal information (PI), so a lot of our work revolves around auditing the customers receiving this PI. We want to make sure these third parties have strong security controls in place to protect our data.”
Naomi Porter (Senior Governance Risk and Compliance Analyst): “Prior to implementing AuditBoard, we utilized SharePoint for third-party risk management documentation. We used Microsoft Word to perform the review, then tracked our third parties in a list in Excel. This was not only disorganized, but it was also time-consuming to gather sign-offs from stakeholders. We would have multiple meetings to gather information about third parties, with no effective mechanism to track follow-up requests.”
How has AuditBoard improved your processes?
Myles Gold (GRC Manager): “We really just wanted one solution that could send out the questionnaires, track third-party responses, get notified when assessments are complete, allow a place to store risk assessments, store approvals, and follow-ups, and just report on the status of all of our assessments. It was honestly a tall order. There are lots of things we needed, but AuditBoard was able to meet all those expectations and allowed us to move to the future of TPRM.”
Naomi Porter (Senior Governance Risk and Compliance Analyst): “Without AuditBoard, we couldn’t keep up with demand. Using the inherent risk questionnaire has saved us a significant amount of time. It reduced our need to have multiple different meetings to gather initial third-party information. It allows us to begin the assessment process faster than before. AuditBoard makes a night-and-day difference compared to the manual process that we had before. It’s made my job much simpler, and we can easily review which third parties we need to reach out to. This has also added a layer of internal accountability that we didn’t previously have.”
Myles Gold (GRC Manager): “Without TPRM, your risk program is not complete. You need to know all your risks–inside and outside the organization. You can’t just ignore the external ones since they’re all interconnected.” Naomi Porter (Senior Governance Risk and Compliance Analyst): “With AuditBoard, we doubled the number of assessments we’re able to complete. We went from thirty to sixty, and the number keeps growing. The fact that we can keep up with that demand speaks to how helpful AuditBoard has been for us.”