Which of the following best describes the primary purpose of a third-party risk management (TPRM) program in a compliance context?
-
A
To negotiate lower contract prices with vendors
-
B
To identify, assess, and mitigate risks posed by external parties that have access to company data, systems, or operations
-
C
To eliminate the use of all external vendors wherever possible
-
D
To transfer all liability for compliance failures to third-party vendors