Selected Use Cases

Now you can finally address the most stubborn challenges throughout the entire life cycle of third-party risk management with Artificial Intelligence. Here are a few of the popular use cases Mirato supports today.

Reduce the time, cost, and manual effort while improving accuracy and process integrity. Mirato can automatically validate the responses within Due Diligence Questionnaires (DDQs) by analyzing and correlating all the related evidence, documentation (including unstructured data), and data feeds about the third party/service. Mirato then generates insights (hits, misses, and additional information) on how well the controls are satisfied by those answers and the supporting evidence from multiple sources in a fraction of the time it takes currently. This proactively finds the needles from the haystack and focuses the attention of valuable and costly analysts and SMEs on the issues they need to address before they read or review anything. Machine-provided Insights enable better human decisions. Mirato provides a more consistent, objective, systematic review and analysis with an automated audit trail and reporting and increased process integrity.

Mirato automatically exposes the interrelated and cascading effects caused by any single point of failure. This includes understanding which third parties, business units, geos, engagement types, service lines, and relationship managers are affected. Mirato also surfaces hidden fourth parties within the information you already collect and can produce a detailed map of fourth-party and concentration risk, which is difficult, if not impossible, for most firms to create today. This visualization can be modified and updated in real-time through various filters and attributes instead of requiring weeks of manual research, cross-referencing, and consolidation between systems and data typically needed to produce a “fixed point in time” view.

Mirato can also “pre-fill” as many answers as possible to scoped DDQs for a third party/service by analyzing and correlating the documentation, available data feeds, and other sources of information before sending the DDQ out to the third party. The partially pre-completed DDQ then goes to the third party to validate what Mirato has answered, and the third party completes the remaining unanswered questions. This results in a significant reduction in time and manual effort for the third party, SMEs, and analysts, faster onboarding, shorter time to value from the service, reduced friction with the third party and line of business, and fewer steps and workflow required from existing TPRM platforms.

Currently, risk assessment experts must read through hundreds of pages before they can start assessing risk. This is especially costly, time-consuming, and painful for IT / InfoSec risk SMEs, who are highly trained, expensive, often understaffed, and overloaded. As a result, most firms are unable to manage all levels of Infosec-related risk and focus on the “high” risk relationships at the expense of some of the “middles” or “lows.” Additionally, with assessment backlogs common, the quality of work from even highly experienced and capable assessors is often compromised to complete more assessments faster.

Mirato’s AI-powered pre-assessment eliminates the weeks now spent reading documents and instead presents these highly valuable SMES with a list of which controls are supported by evidence and which are not. Without reading a single page.

Mirato continuously monitors and correlates all documents and data sources used for risk, due diligence, and performance to generate real-time alerts and automatic residual risk score updates 24/7/365. Cycle times for expiration and refreshment of the many different third-party provided documents vary greatly. Reviewing and correlating their relevance as they are updated exceeds most programs’ resource capabilities and is often not done at all. Mirato can monitor all changes within new documents as they arrive, providing real-time alerts for any issue of concern. For subscription data services, Mirato constantly digests and correlates not only the metadata but also the detailed information in the unstructured reports they provide to increase the value of these services. This enables firms that cannot consume the data they purchased to finally do so and add more data sources without requiring additional headcount or training. This is simply not possible under current time and resource limitations.

Mirato enables rapid and thorough reassessment of an existing third party or the entire inventory for a new attribute or change in criteria. For new zero-day threats, regulatory mandates, risk tolerance adjustments, and updates to scoring methodology, Mirato can reexamine all existing evidence and data against the new criteria previously not used for onboarding, periodic reassessment, or continuous monitoring. SMEs and analysts have traditionally had to start over and “re-do” the entire assessment process when a new variable has been introduced. This is painful, tedious, frustrating, and challenging for an individual service or third party. It is virtually impossible across hundreds or thousands of third parties without waiting to “cycle” them in as contracts renew. This capability can be essential to promptly manage critical cyber, data privacy, or other potentially crippling threats to minimize damage and exposure.

Connect and explore how we can support your use cases today.