Global third-party risk management survey 2023

Navigating the headwinds

Enhancing agility to regain momentum

The results of this survey reiterate TPRM’s potential to power organisational performance. Firms with higher TPRM maturity are more agile in navigating the external environment.

Navigating the headwinds

Our findings showed that organisations with higher TPRM maturity were more resilient and more agile to adapt to challenges in an ever‑changing external environment. The best organisations have shown that a comprehensive framework (risks interconnected, real-time monitoring in place, well sighted stakeholders) react quicker to the impacts of any adverse events.

These enhanced capabilities are reflected in the way they navigate the headwinds in the macroeconomic environment and ensure that their third parties act in a sustainable and socially responsible manner, while remaining resilient at the same time. They are also focused on building trust within their third-party ecosystem. Respondents believe these objectives are best achieved by using evolving technologies to be more efficient and effective in managing third-party relationships.

2023 key themes

Navigating headwinds: balancing expectations and capability

Navigating headwinds: balancing expectations and capability

Overall respondent sentiment on organisational TPRM practices continues to be positive in terms of its ability to successfully navigate various headwinds. This is particularly true in organisations that continue to enhance their capability and agility to meet evolving (and ever-increasing) expectations.
Read more
The pivotal role of third parties in meeting sustainability commitments

The pivotal role of third parties in meeting sustainability commitments

Organisational cultures are becoming more supportive in understanding and managing ESG risks and opportunities related to third parties. Despite a slight improvement over the last year, many organisations still need to increase the level of coordinated synergies between sustainability and resilience initiatives.
Read more
Embedding resilience in the extended enterprise

Embedding resilience in the extended enterprise

Embedding robust resilience practices across the extended enterprise remains a significant priority, as organisations shift from a just-in-time to just-in-case approach. Resilience can be enhanced through better integration between business strategy, risk with a more centralised and coordinated approach that can be made possible using technology innovatively.
Read more
Enhancing trust in supply chain partners and other third parties

Enhancing trust in supply chain partners and other third parties

Astute organisations with more mature TPRM practices aspire to strengthen trust with third parties through transparency, reliability, capability, and humanity. This shifts the governance focus from administering questionnaires (and other such routine tasks) to more collaborative conversations around innovation, strategic growth, and enhanced performance.
Read more
Digital transformation for operational excellence

Digital transformation for operational excellence

Ever-changing interconnected risks encourage organisations to pursue digital transformation to achieve operational excellence in TPRM. This includes revisiting fundamental third-party management processes by harnessing the power of internal and external data. This can also ensure an optimal mix of assurance and risk oversight with smarter segmentation in due diligence and monitoring activity.
Read more
Key findings

Key findings

Explore our key findings from the survey, which help us understand how organisations are transforming and augmenting their capabilities to be able to address uncertainties.
Read more

Key findings

The current business and macroeconomic environment has reconfirmed TPRM's potential in powering organisational performance. However, this is more achievable in organisations with relatively mature TPRM mechanisms.

However, higher investment priority is needed to revisit existing TPRM frameworks/methodologies. This is to ensure these organisations remain environmentally fit-for-purpose.

In this section of the report, we recommend tangible actions such as the above that will be help organisations determine and develop the appropriate level of capability to balance the growing expectations and challenges.

image

Over the last year we tracked the progress made by respondents in ensuring that organisations and their third parties act responsibly and sustainably, reinforced by a stronger organisational resolve.

Organisational cultures that support ESG initiatives are driven by emerging regulations and legislation, growing customer expectations, and tangible benefits that other stakeholders acknowledge.

The increasing use of quantitative methods has been the most significant change since last year. It’s starting to enable organisations to move to a more robust qualitative/data -driven approach. However, data quality remains a concern.

Further opportunities exist to embed sustainability into the supply chain while considering its broader impact on resilience and vice versa. Taking advantage of the synergies between the two offers the potential for long-term optimisation. Although many studies show that a stronger focus on ESG creates more resilient organisations, the two can conflict. Organisations may need to trade off and find a second supplier who may not be as ESG-focused as their primary supplier and enhance resilience by reducing concentration.

Read more

Respondents are focused on being more resilient in their extended enterprise as an organisational priority. They recognise that supply chain and other third-party management have so far focused more on efficiency (just-in-time) rather than resilience (just-in-case). Many organisations have been slow to shift gears at a time when the business and macroeconomic environment has changed. A higher degree of centralised control in the governance of third-party ecosystems, better coordination and the need to invest in real-time data-driven insights to thrive amid disruption can help organisations become more resilient.

Elevating resilience to a strategic priority requires focus and investment at the board and C-suite levels. Our survey shows how personal optimism in achieving this transformation drops sharply in organisations where there are low levels of investment.

Another top priority is enhanced transparency, traceability, and trackability across third-party relationships and subcontractors. This helps organisations become more agile and better prepared to navigate unfamiliar or challenging situations.

Building or enhancing trust in third-party relationships is becoming an increasingly significant consideration. This is especially true for critical suppliers and other third-party relationships. More organisations recognise the correlation between trust, financial performance, and resilience. Our previous research on this emerging interrelationship identified four key factors that build and enhance trust: capability, reliability, transparency, and humanity.

Our 2023 survey results suggest that only a few firms are prioritising all these factors when trying to enhance the level of trust around third-party relationships and provide them with more flexibility on oversight.

Overall, further work needs to be done by many organisations to enhance trust as this topic continues to evolve.

There have been significant shifts around the enhanced use of TPRM tools and technologies. The challenging times we live in require the development of capability through smarter, real-time, and agile approaches underpinned by the innovative use of technology. This will help organisations to continue to be "brilliant at the basics" by intelligently refreshing the fundamental TPRM processes required for better decision-making related to third parties, while ensuring appropriate actions to risk management.

Our survey data indicates that the adoption of smarter, digital TPRM mechanisms remains slower than expected in real-time due diligence and monitoring of specific third-party segments.

Accelerating this process must start by breaking down organisational silos to promote inter-connected thinking and acknowledge the high cost of doing nothing. Organisations that don't keep pace through ongoing digital transformation will fall behind the evolving definition of good practice.

The current business and macroeconomic environment has reconfirmed TPRM's potential in powering organisational performance. However, this is more achievable in organisations with relatively mature TPRM mechanisms.

However, higher investment priority is needed to revisit existing TPRM frameworks/methodologies. This is to ensure these organisations remain environmentally fit-for-purpose.

In this section of the report, we recommend tangible actions such as the above that will be help organisations determine and develop the appropriate level of capability to balance the growing expectations and challenges.

image

Over the last year we tracked the progress made by respondents in ensuring that organisations and their third parties act responsibly and sustainably, reinforced by a stronger organisational resolve.

Organisational cultures that support ESG initiatives are driven by emerging regulations and legislation, growing customer expectations, and tangible benefits that other stakeholders acknowledge.

The increasing use of quantitative methods has been the most significant change since last year. It’s starting to enable organisations to move to a more robust qualitative/data -driven approach. However, data quality remains a concern.

Further opportunities exist to embed sustainability into the supply chain while considering its broader impact on resilience and vice versa. Taking advantage of the synergies between the two offers the potential for long-term optimisation. Although many studies show that a stronger focus on ESG creates more resilient organisations, the two can conflict. Organisations may need to trade off and find a second supplier who may not be as ESG-focused as their primary supplier and enhance resilience by reducing concentration.

Read more

Respondents are focused on being more resilient in their extended enterprise as an organisational priority. They recognise that supply chain and other third-party management have so far focused more on efficiency (just-in-time) rather than resilience (just-in-case). Many organisations have been slow to shift gears at a time when the business and macroeconomic environment has changed. A higher degree of centralised control in the governance of third-party ecosystems, better coordination and the need to invest in real-time data-driven insights to thrive amid disruption can help organisations become more resilient.

Elevating resilience to a strategic priority requires focus and investment at the board and C-suite levels. Our survey shows how personal optimism in achieving this transformation drops sharply in organisations where there are low levels of investment.

Another top priority is enhanced transparency, traceability, and trackability across third-party relationships and subcontractors. This helps organisations become more agile and better prepared to navigate unfamiliar or challenging situations.

Building or enhancing trust in third-party relationships is becoming an increasingly significant consideration. This is especially true for critical suppliers and other third-party relationships. More organisations recognise the correlation between trust, financial performance, and resilience. Our previous research on this emerging interrelationship identified four key factors that build and enhance trust: capability, reliability, transparency, and humanity.

Our 2023 survey results suggest that only a few firms are prioritising all these factors when trying to enhance the level of trust around third-party relationships and provide them with more flexibility on oversight.

Overall, further work needs to be done by many organisations to enhance trust as this topic continues to evolve.

There have been significant shifts around the enhanced use of TPRM tools and technologies. The challenging times we live in require the development of capability through smarter, real-time, and agile approaches underpinned by the innovative use of technology. This will help organisations to continue to be "brilliant at the basics" by intelligently refreshing the fundamental TPRM processes required for better decision-making related to third parties, while ensuring appropriate actions to risk management.

Our survey data indicates that the adoption of smarter, digital TPRM mechanisms remains slower than expected in real-time due diligence and monitoring of specific third-party segments.

Accelerating this process must start by breaking down organisational silos to promote inter-connected thinking and acknowledge the high cost of doing nothing. Organisations that don't keep pace through ongoing digital transformation will fall behind the evolving definition of good practice.

Want to know more?

Read our report to discover the other latest trends in third party risk management.

Steffen Pietz

Steffen Pietz

Partner, Risk Advisory

Lukas Schneider

Lukas Schneider

Director, Risk Advisory

Previous third party risk management survey reports

Third party risk management survey 2022 – Emerging stronger

Deloitte’s seventh annual third party risk management (TPRM) survey showed a greater level of awareness and focus on ESG in the extended enterprise, as organisations focus on more sustainable and resilient supply chains.

Click here

Third party risk management survey 2021 – Gaining ground

Deloitte’s sixth annual third party risk management (TPRM) survey showed that the pandemic led many organisations to make digital advancements in their approach to TPRM.

Click here

Third party risk management survey 2020 – Be responsible and effective

Deloitte’s fifth annual third party risk management (TPRM) survey showed that for the first time in five years, a desire to be a responsible business that effectively manages environmental and social issues throughout its supply chain is a key reason companies invest in TPRM.

Click here

Third party risk management survey 2019 – All together now

Deloitte’s fourth annual third party risk management (TPRM) survey shows there is renewed focus on maturing TPRM practices within most organisations. This appears to be driven by a recognition of underinvestment in TPRM coupled with mistrust of the wider uncertain economic environment.

Click here

Third party risk management survey 2018 – Focusing on the climb ahead

Deloitte’s third annual third party risk management (TPRM) survey aims to capture improvements in maturity of TPRM frameworks with a specific focus on the business case and investments in TPRM.

Click here

Third party risk management survey 2017 – Overcoming the threats and uncertainty

Deloitte’s second annual third party risk management (TPRM) survey covers a number of issues that span the management of the extended enterprise and related risks in a rapidly changing environment.

Click here

Third party risk management survey 2016 – The threats are real

The survey results show that investment by organisations in third party risk management (TPRM) has increased year on year and that organisations are implementing or refining their TPRM processes and frameworks.

Click here