AuditBoard TPRM
Designing a 0-1 product experience focused around third-party risk within an established platform serving the audit, risk, and compliance market.
Role
Sr. Product Designer
2022—2023
Team
Jay Yu, Head of Design
Michelle Tu, Product Designer
AuditBoard TPRM
Designing a 0-1 product experience focused around third-party risk within an established platform serving the audit, risk, and compliance market.
Role
Sr. Product Designer
2022—2023
Team
Jay Yu, Head of Design
Michelle Tu, Product Designer
AuditBoard TPRM
Designing a 0-1 product experience focused around third-party risk within an established platform serving the audit, risk, and compliance market.
Role
Sr. Product Designer
2022—2023
Team
Jay Yu, Head of Design
Michelle Tu, Product Designer
AuditBoard TPRM
Designing a 0-1 product experience focused around third-party risk within an established platform serving the audit, risk, and compliance market.
Role
Sr. Product Designer
2022—2023
Team
Jay Yu, Head of Design
Michelle Tu, Product Designer
Overview
Third-party risk management—just a fancy way to say: “We don’t want your problems to be OUR problems”
Overview
Third-party risk management—just a fancy way to say: “We don’t want your problems to be OUR problems”
Overview
Third-party risk management—just a fancy way to say: “We don’t want your problems to be OUR problems”
01
Highly Manual Vendor Onboarding
Time consuming processes centered around spreadsheets and e-mail communication.
01
Highly Manual Vendor Onboarding
Time consuming processes centered around spreadsheets and e-mail communication.
01
Highly Manual Vendor Onboarding
Time consuming processes centered around spreadsheets and e-mail communication.
02
Increasing IT & Security Risk in Third Parties
An acceleration in remote work and SaaS opens
02
Increasing IT & Security Risk in Third Parties
An acceleration in remote work and SaaS opens
02
Increasing IT & Security Risk in Third Parties
An acceleration in remote work and SaaS opens
03
Manual Risk Tracking & Mitigation
Headcount & Expense Planning, Collaboration, Business Plan
03
Manual Risk Tracking & Mitigation
Headcount & Expense Planning, Collaboration, Business Plan
03
Manual Risk Tracking & Mitigation
Headcount & Expense Planning, Collaboration, Business Plan
AuditBoard had recognized through the feedback from its customers and the trend of the market that the risk market had been expanding, with third-party risk starting to materialize as a true point of friction for businesses.
AuditBoard had recognized through the feedback from its customers and the trend of the market that the risk market had been expanding, with third-party risk starting to materialize as a true point of friction for businesses.
AuditBoard had recognized through the feedback from its customers and the trend of the market that the risk market had been expanding, with third-party risk starting to materialize as a true point of friction for businesses.
With the pandemic accelerating the rise of remote work, businesses were forced to operate with a mounting list of software services to be able to operate. This led us to our attempt at appealing to that market in the enterprise space.
With the pandemic accelerating the rise of remote work, businesses were forced to operate with a mounting list of software services to be able to operate. This led us to our attempt at appealing to that market in the enterprise space.
With the pandemic accelerating the rise of remote work, businesses were forced to operate with a mounting list of software services to be able to operate. This led us to our attempt at appealing to that market in the enterprise space.
Overview
Third-party risk management—just a fancy way to say: “We don’t want your problems to be OUR problems”
01
Highly Manual Vendor Onboarding
Time consuming processes centered around spreadsheets and e-mail communication.
02
Increasing IT & Security Risk in Third Parties
An acceleration in remote work and SaaS opens
03
Manual Risk Tracking & Mitigation
Headcount & Expense Planning, Collaboration, Business Plan
AuditBoard had recognized through the feedback from its customers and the trend of the market that the risk market had been expanding, with third-party risk starting to materialize as a true point of friction for businesses.
With the pandemic accelerating the rise of remote work, businesses were forced to operate with a mounting list of software services to be able to operate. This led us to our attempt at appealing to that market in the enterprise space.
Tactical Impact
Design culture building by driving inspiration, challenging the status quo, and expanding core library
Tactical Impact
Design culture building by driving inspiration, challenging the status quo, and expanding core library
Tactical Impact
Design culture building by driving inspiration, challenging the status quo, and expanding core library
V 1.0
V 2.0
V 3.0
V 1.0
V 2.0
V 3.0
V 1.0
V 2.0
V 3.0
Consistently pushing vision designs for TPRM to discover, learn, and socialize.
Recognizing the tremendous gap in knowledge of the risk & compliance space, I continuously built end-to-end flows to leverage in conversation with SMEs and utilized crit sessions to educate and socialize learnings with the team. I also used these designs as opportunities to test the viability new components in the CoreX library.
Consistently pushing vision designs for TPRM to discover, learn, and socialize.
Recognizing the tremendous gap in knowledge of the risk & compliance space, I continuously built end-to-end flows to leverage in conversation with SMEs and utilized crit sessions to educate and socialize learnings with the team. I also used these designs as opportunities to test the viability new components in the CoreX library.
Consistently pushing vision designs for TPRM to discover, learn, and socialize.
Recognizing the tremendous gap in knowledge of the risk & compliance space, I continuously built end-to-end flows to leverage in conversation with SMEs and utilized crit sessions to educate and socialize learnings with the team. I also used these designs as opportunities to test the viability new components in the CoreX library.
Multi-Select
Single-Select
Free-Response
Multi-Select
Single-Select
Free-Response
Multi-Select
Single-Select
Free-Response
Identified DS gaps and leading conversations for solutions
While gaps in our design system were not a new concept, I recognized these moments as opportunities and created conversations and concepts to help push for the implementation of answers to fill those gaps.
Identified DS gaps and leading conversations for solutions
While gaps in our design system were not a new concept, I recognized these moments as opportunities and created conversations and concepts to help push for the implementation of answers to fill those gaps.
Identified DS gaps and leading conversations for solutions
While gaps in our design system were not a new concept, I recognized these moments as opportunities and created conversations and concepts to help push for the implementation of answers to fill those gaps.
Actively pushed testing & implementation of new DS patterns
Recognizing the opportunity we had within TPRM (as more of a 0-1 product in the org), we constantly pushed to implement the latest DS components into the product, adding to the extensive library of tools to be used across all other products.
Actively pushed testing & implementation of new DS patterns
Recognizing the opportunity we had within TPRM (as more of a 0-1 product in the org), we constantly pushed to implement the latest DS components into the product, adding to the extensive library of tools to be used across all other products.
Actively pushed testing & implementation of new DS patterns
Recognizing the opportunity we had within TPRM (as more of a 0-1 product in the org), we constantly pushed to implement the latest DS components into the product, adding to the extensive library of tools to be used across all other products.
Tactical Impact
Design culture building by driving inspiration, challenging the status quo, and expanding core library
V 1.0
V 2.0
V 3.0
Consistently pushing vision designs for TPRM to discover, learn, and socialize.
Recognizing the tremendous gap in knowledge of the risk & compliance space, I continuously built end-to-end flows to leverage in conversation with SMEs and utilized crit sessions to educate and socialize learnings with the team. I also used these designs as opportunities to test the viability new components in the CoreX library.
Multi-Select
Single-Select
Free-Response
Identified DS gaps and leading conversations for solutions
While gaps in our design system were not a new concept, I recognized these moments as opportunities and created conversations and concepts to help push for the implementation of answers to fill those gaps.
Actively pushed testing & implementation of new DS patterns
Recognizing the opportunity we had within TPRM (as more of a 0-1 product in the org), we constantly pushed to implement the latest DS components into the product, adding to the extensive library of tools to be used across all other products.
Strategic Impact
Understanding the nature of third-party risk and socializing the jobs-to-be-done helped us solve the right problem
Strategic Impact
Understanding the nature of third-party risk and socializing the jobs-to-be-done helped us solve the right problem
Strategic Impact
Understanding the nature of third-party risk and socializing the jobs-to-be-done helped us solve the right problem
Initially, we recognized there had been a gap between questionnaire review & mediation. There was no way to assign third-party users as collaborators, keep track of remediation plans and exceptions, and no actionable steps after reviews.
Initially, we recognized there had been a gap between questionnaire review & mediation. There was no way to assign third-party users as collaborators, keep track of remediation plans and exceptions, and no actionable steps after reviews.
Initially, we recognized there had been a gap between questionnaire review & mediation. There was no way to assign third-party users as collaborators, keep track of remediation plans and exceptions, and no actionable steps after reviews.
Our users had been solving these needs through a combination of Excel and the existing “Issues” module within AuditBoard. Initially, we had planned to simply update the Issues module to contextually fit TPRM’s workflow.
Our users had been solving these needs through a combination of Excel and the existing “Issues” module within AuditBoard. Initially, we had planned to simply update the Issues module to contextually fit TPRM’s workflow.
The FP&A user had mainly three jobs they were trying to accomplish, and while Mosaic definitely filled the gap in some areas, it didn’t meet parity in others.
Coming from Excel, it was even more painful in certain areas of the app.
Components in production hacked together for TPRM’s MVP
Through regular discovery conversations with customers, we identified that there was a fundamental key piece missing in their existing workflows. Because we had “solved” their initial needs through altered components from different parts of AuditBoard for TPRM’s initial launch, the feedback didn’t account for the true nature of the job.
Components in production hacked together for TPRM’s MVP
Through regular discovery conversations with customers, we identified that there was a fundamental key piece missing in their existing workflows. Because we had “solved” their initial needs through altered components from different parts of AuditBoard for TPRM’s initial launch, the feedback didn’t account for the true nature of the job.
Components in production hacked together for TPRM’s MVP
Through regular discovery conversations with customers, we identified that there was a fundamental key piece missing in their existing workflows. Because we had “solved” their initial needs through altered components from different parts of AuditBoard for TPRM’s initial launch, the feedback didn’t account for the true nature of the job.
End-to-end vision prototype to validate identified problems
After we had built enough confidence in our learnings, I built an end-to-end narrative prototype highlighting our hypothesized job-to-be-done: Our users were looking to create transparency and accountability in the vendor review process with stakeholders, seeking to create actionable responses to risk findings.
End-to-end vision prototype to validate identified problems
After we had built enough confidence in our learnings, I built an end-to-end narrative prototype highlighting our hypothesized job-to-be-done: Our users were looking to create transparency and accountability in the vendor review process with stakeholders, seeking to create actionable responses to risk findings.
End-to-end vision prototype to validate identified problems
After we had built enough confidence in our learnings, I built an end-to-end narrative prototype highlighting our hypothesized job-to-be-done: Our users were looking to create transparency and accountability in the vendor review process with stakeholders, seeking to create actionable responses to risk findings.
Once our hypothesis was validated, we built our MVP based on our continued conversations with customers.
The result was to build a combination of a spin-off Risk object, the “Remediation Plan” workflow in RiskOversight (another product), and minor usability updates.
Strategic Impact
Understanding the nature of third-party risk and socializing the jobs-to-be-done helped us solve the right problem
Initially, we recognized there had been a gap between questionnaire review & mediation. There was no way to assign third-party users as collaborators, keep track of remediation plans and exceptions, and no actionable steps after reviews.
Our users had been solving these needs through a combination of Excel and the existing “Issues” module within AuditBoard. Initially, we had planned to simply update the Issues module to contextually fit TPRM’s workflow.
Components in production hacked together for TPRM’s MVP
Through regular discovery conversations with customers, we identified that there was a fundamental key piece missing in their existing workflows. Because we had “solved” their initial needs through altered components from different parts of AuditBoard for TPRM’s initial launch, the feedback didn’t account for the true nature of the job.
End-to-end vision prototype to validate identified problems
After we had built enough confidence in our learnings, I built an end-to-end narrative prototype highlighting our hypothesized job-to-be-done: Our users were looking to create transparency and accountability in the vendor review process with stakeholders, seeking to create actionable responses to risk findings.
Once our hypothesis was validated, we built our MVP based on our continued conversations with customers.
The result was to build a combination of a spin-off Risk object, the “Remediation Plan” workflow in RiskOversight (another product), and minor usability updates.
Product Impact
We grew TPRM’s ARR from $0 to $2M in the first year, while building regular channels of conversation with customers.
Product Impact
We grew TPRM’s ARR from $0 to $2M in the first year, while building regular channels of conversation with customers.
Product Impact
We grew TPRM’s ARR from $0 to $2M in the first year, while building regular channels of conversation with customers.
$2M
ARR in Year 1
From Q3’ 22 to Q3 ‘23
$2M
ARR in Year 1
From Q3’ 22 to Q3 ‘23
$2M
ARR in Year 1
From Q3’ 22 to Q3 ‘23
25+
Customer Partners
UXR partners established
25+
Customer Partners
UXR partners established
25+
Customer Partners
UXR partners established
In addition, TPRM was mentioned multiple times in results of UXR sentiment surveys conducted across the org as having deep understanding of user context, strong product vision, and customer empathy.
In addition, TPRM was mentioned multiple times in results of UXR sentiment surveys conducted across the org as having deep understanding of user context, strong product vision, and customer empathy.
In addition, TPRM was mentioned multiple times in results of UXR sentiment surveys conducted across the org as having deep understanding of user context, strong product vision, and customer empathy.
Product Impact
We grew TPRM’s ARR from $0 to $2M in the first year, while building regular channels of conversation with customers.
$2M
ARR in Year 1
From Q3’ 22 to Q3 ‘23
25+
Customer Partners
UXR partners established
In addition, TPRM was mentioned multiple times in results of UXR sentiment surveys conducted across the org as having deep understanding of user context, strong product vision, and customer empathy.
Retrospective
In deeply contextual spaces audit, risk, and compliance—humility and curiousity were the most powerful drivers.
Retrospective
In deeply contextual spaces audit, risk, and compliance—humility and curiousity were the most powerful drivers.
Retrospective
In deeply contextual spaces audit, risk, and compliance—humility and curiousity were the most powerful drivers.
Because of the nascent nature of TPRM’s team and my presence as a product designer, ego was immediately shoved out the door. As a result, collaboration, culture-building, and a desire to learn proved to be the integral in setting us apart.
Because of the nascent nature of TPRM’s team and my presence as a product designer, ego was immediately shoved out the door. As a result, collaboration, culture-building, and a desire to learn proved to be the integral in setting us apart.
Because of the nascent nature of TPRM’s team and my presence as a product designer, ego was immediately shoved out the door. As a result, collaboration, culture-building, and a desire to learn proved to be the integral in setting us apart.
After all the work that was done though, the thing that resonated most with me was the relationships that I had cultivated. In TPRM, engineering, product, and design were generally fully aligned... but more than that—we really liked each other!
After all the work that was done though, the thing that resonated most with me was the relationships that I had cultivated. In TPRM, engineering, product, and design were generally fully aligned... but more than that—we really liked each other!
After all the work that was done though, the thing that resonated most with me was the relationships that I had cultivated. In TPRM, engineering, product, and design were generally fully aligned... but more than that—we really liked each other!
Retrospective
In deeply contextual spaces audit, risk, and compliance—humility and curiousity were the most powerful drivers.
Because of the nascent nature of TPRM’s team and my presence as a product designer, ego was immediately shoved out the door. As a result, collaboration, culture-building, and a desire to learn proved to be the integral in setting us apart.
After all the work that was done though, the thing that resonated most with me was the relationships that I had cultivated. In TPRM, engineering, product, and design were generally fully aligned... but more than that—we really liked each other!