I should have clarified myself more. I speaking of credit risk, interest rate risk, liquidity risk, price risk, transaction risk, compliance risk, strategic risk, and reputation risk. From what I have read each risk must be identified, measured, monitored and controled. I am assuming, if I understand it correctly, your 3P risk would be identified into one or more of the above risks, then measured, monitored and controled. But don't take my word on it since I am having trouble implementing my own program. That is why I need something to give me more direction. Such as matrix, questionaire for management, what all goes into the manual (how far do you break it down?) Individual products or is it a general area? Also different regulations would have different areas of their own risks. Financial Privacy is a good example of this. You have the insurance part, you have the sharing of information part, etc.
Any input is greatly appreciated.
Opinions and requests are mine not my employer.