TPRM: From value preservation to value creation

In today’s global business environment, no organization is an island. To compete in this interconnected landscape, you need a strong ecosystem—and an effective third party risk management (TPRM) function that’s not only capable of managing the downside of third-party risk, but strategically leveraging its upside as well.

In Deloitte’s Extended enterprise risk management global survey 2018, 70% of global respondents indicated the risks inherent in managing their third parties have increased by some extent—if not significantly—over the last year. As such, a growing number are now building a new business case for TPRM investment—a business case that focuses less on TPRM’s power to eliminate risk and meet compliance requirements, and more on how the function can ultimately improve organizational efficiencies, reduce costs, and potentially enhance their brands.

A new view
Our survey revealed that the conversation is shifting from how TPRM can preserve value toward how it can create value. Some of the key factors driving the business case for investment in TPRM include: cost reduction (48%); improved ability to respond flexibly to market uncertainty (26%); greater access to innovative/disruptive technology solutions (19%); and ability to increase confidence in the organizational brand (18%).

That’s not to say TPRM’s capacity to reduce regulatory exposure, address internal compliance requirements, and minimize third-party related incidents are no longer top priorities. In Canada, a globally-regulated industry like the financial services sector will likely continue to have a traditional regulatory compliance mandate as the leading factor for adopting TPRM. To comply with GDPR, for example, financial services organizations have no choice but to put these kinds of enhanced programs in place.

That said, there are signs that organizations in less regulated industries are refocusing their TPRM efforts to enhance business value. In Canada’s energy and resources sector, for instance, a rising number of companies are leveraging TPRM to reduce health and safety incidents with suppliers and optimize third-party spending at the same time.

Seizing the upside
Transforming your TPRM focus starts with a change in mindset—a mindset built less on managing the downside of risk and more on uncovering new ways to extract value from your third-party relationships. One way to achieve this could be by listing various business case drivers for TPRM investment and establishing tangible performance measures to monitor them.

For example, when using cost reduction as a business case driver, it can prove helpful to set a specific target—such as “Reduce five percent of total procurement spend through efficiencies in managing third-party suppliers” or “Reduce insurance premium by eight percent compared to previous year from better movement of goods between third-party locations.”

A positive spin
As companies continue to adapt to a swiftly-shifting business climate, they will inevitably encounter new risks—and new opportunities. What we’re quickly learning, at least in the case of third-party relationships, is that these two factors don’t have to be mutually exclusive. To defend your organization from the former while benefiting from the latter, however, you’ll need to view your TPRM function in a new light.