Home / Resources / ISACA Journal / Issues / 2026 / Volume 3 / The Value Proposition of TPRM in the Financial Sector

The Value Proposition of TPRM in the Financial Sector

Graphic displaying "Online Exclusive" with a padlock icon, highlighting enhanced security measures for online services.
Author: Ashish Kumawat, PH.D, CISA, CRISC
Date Published: 10 June 2026
Read Time: 14 minutes

Cybersecurity leaders are often asked about the need for third-party risk management (TPRM). More than half of financial institutions manage approximately 300 vendors or more. Yet vendor coverage in TPRM remains low: Many enterprises lack the resources to assess all vendors, leaving tier 2 and 3 (i.e., medium- and low-risk) relationships unmonitored...

 

Members, login to keep reading.

Not a member but want to read more?
Explore ISACA member benefits today.

Additional resources

Mary Carmichael
Blog Post
Five Questions Risk Professionals Will Need to Answer in 2026

Resilience to disruptions, navigating technology supply chains, harnessing AI, dealing with tight budgets and delivering on changing expectations from business leaders are among the challenges facing risk professionals in 2026.

7 January 2026
Risk Starter Kit
Tool
IT Risk Starter Kit | Digital | English

ISACA created the IT Risk Starter Kit to help users develop an IT Risk Program at their organization. Through detailed templates and guides you’ll be able to...
Risk IT Framework
Framework
Risk IT Framework, 2nd Edition | Print | English

The Risk IT Framework is designed to assist in developing, implementing or enhancing the practice of risk management by: Connecting the business context with the specific I&T assets. Shifting the focus to activities over which the enterprise has significant control, such as actively directing and managing risk, while minimizing the focus on the conditions over which an enterprise has little control (threat actors).