Organisations are increasingly reliant on third-party suppliers to deliver business-critical products and services to their clients and customers. They are also finding that failures by third-parties can rapidly tarnish their reputations and have significant downstream operational and cost implications.
As organisations address their concerns around these issues, it is evident that they need a clear strategy for the selection, approval and management of third-parties. As there are a myriad of stakeholders involved, from the business as well as the procurement and risk oversight functions, developing and implementing this strategy continues to be highly challenging.
As businesses adjust to new operating conditions, in the wake of the disruption caused by global events and economic uncertainty, many will reassess the risk profile of their third-parties and re-evaluate their own resilience. As businesses do so, the need for a robust and sustainable Third Party Risk Management (TPRM) program will be more important than ever before.
Third party risk management is a strategic priority
We conducted a survey of 1,100 senior TPRM executives from major businesses across 14 countries and jurisdictions and six industries resulting in the following key findings:
- More than three in four (77 percent) say TPRM is a strategic priority for their business given a business' reputation is directly linked to performance of its third parties.
- Three quarters (74 percent) admit that they urgently need to make TPRM more consistent across the enterprise. Many organisations are not prepared for the complexity that comes from assessing multiple risks in a cohesive manner across business lines and regions.
- Half of businesses (50 percent) do not have sufficient capabilities in-house to manage all the third-party risks they face. Organisations can achieve both efficiency and effectiveness by taking a risk-based approach to assessing and monitoring third-party products and services that present the highest risk to the organisation.
- Data and technology are improving TPRM teams' performance, yet still, only a quarter of businesses are using technologies to improve either the workflow automation or monitoring of third parties. However, technology is the most favored investment (61 percent) that respondents will make when new funding is made available.
- It's time to sustainably scale the program. Three in four (76 percent) of respondents overall indicate that funding is available or growing to evolve and strengthen their TPRM programs.
How should a business transform its TPRM program, to ensure it is optimised across the four pillars of governance, process, infrastructure and data?
In our view, there are four key steps that businesses should take: