Posted: 24 Aug. 2020 4 min. read

A Wider Scope for EERM: The Ever-Growing Need for Integrated Third-Party Management in Life Science Organizations

Supply and distribution chains are becoming more complex. As a result, there are a number of challenges that life science and healthcare organizations must efficiently and effectively manage. Even the seemingly simple task of understanding third-party suppliers and their contracts is made more difficult by the multiplicity of systems, data quality, and existing processes across global organizations. While this is nothing new for procurement and third-party risk management (TPRM) professionals, the challenge of developing a solution for the best way to approach integrated third-party management (TPM) remains. 

But why should life science organizations prioritize an investment in managing the risks and challenges associated with third parties? There are clear benefits to streamlining efforts and having a single source of data on third parties – in fact, the Deloitte Extended Enterprise Risk Management Global Survey 2020 found that 89% of respondents had invested in Tier 1 TPRM Technology (ERP platforms, etc.) as part of their aspiration to create this “single source of the truth” for third party data.

By taking a wider focus with this data and using it to gain visibility into third-party relationships not only for TPRM, but TPM in general, life sciences organizations can leverage technology to assist with integrated end-to-end lifecycle management of third parties. This capability can dramatically improve the overall effectiveness of the extended enterprise ecosystem and put life science organizations at a competitive advantage, because they will be able to respond in a more agile way to the market’s needs. In fact, many organizations are already adopting this wider scope: According the Deloitte survey cited above, 30% of respondents said their TPRM programs have begun to include third-party contract management, 26% include performance management, and 24% financial management. This is indicative of how organizations have been faced with a need to manage third parties across these and a range of additional topics to satisfy regulators, investors and consumers, including:

Third-party identity: Understanding who the first-tier third parties are and maintaining up-to-date information on entities and their corporate details.

Financial and transactional processes: Understanding the systems that manage the end-to-end transactional processes with third parties.

Contract management: Gaining visibility into existing contracts in place, and ensuring they help to achieve synergies through identifying where a contract for your requirements already exists.  Also, managing variations and linking master agreements with child agreements.

Performance management: Managing the delivery of services and supplier governance in a way that ensures value for money and that supply chains are delivering on their strategic objectives.

Risk data: Gaining comfort that third parties are not exposing the buying organization to unseen reputational, commercial and regulatory risks, and mitigating those risks.

Supply chain mapping: Understanding the entire supply chain beyond the first tier back to the source, to enable better ethical and sustainable decision making, as well as to build a resilient supply chain, and to ensure pharmaceutical and medical products are moved safely from end-to-end throughout the value chain.

There are many different uses for third-party data. In the previously mentioned Deloitte EERM survey, 56% of life sciences respondents indicated they are extending TPRM capabilities to broader TPM functions, such as the ones cited above. And there are countless niche technologies that have sprung up to fit use cases. This market is extremely active and there are new ‘best in class’ technologies being introduced all the time. Tech companies are in fierce competition to step up and provide solutions to deal with the challenges presented by global supply chains.

It is extremely challenging to achieve the benefits given the web of technology and process solutions available. The skillsets required to implement and operate systems that bring the whole picture together – painting a true, value-added picture of the third party ecosystem - are varied, and it is difficult to replace legacy processes and technologies. As an example, most P2P systems do not have strong technical or process integration with third party risk-management platforms, if any at all. As a result, the level of non-compliance, inefficiency, and duplication across the sector has been significant, where people simply do not know if their vendors are approved for certain types of activity. In particular, this has been the case in life sciences, where the level of regulations regarding third-party relationships make it more complex, difficult and expensive to switch systems.

Purchasing organizations have had to make difficult decisions as they refine their approach to using third-party suppliers. They have been forced to choose between the purchase of a large number of ‘best in class’ niche solutions, or the purchase of consolidated solutions that do not provide the same level of quality and functionality. The picture is further complicated in the life sciences sector due to quality validation requirements that come into play for solutions that fall under regulations in the sector (e.g. outsourced manufacturing, distribution, pharmacovigilance).

As mentioned earlier, there is a growing demand in the market for a “single source of the truth” on third-party data. The large ERP and P2P system organizations have been seeking to develop solutions that can address the full suite of requirements for managing third parties, while others are looking to provide analytics capabilities that encompass multiple systems and provide users with a holistic view of the landscape.

Regardless of whether the selected approach is to utilize multiple specialized applications or a single system, the solution will need to deliver efficiency, quality improvements and cost-saving benefits, across multiple elements of both TPRM and TPM, to be considered successful.

Organizations are increasingly asking how improved visibility across all areas of third-party management can be achieved, and looking both internally and externally to develop centers of excellence that can monitor and manage several different disciplines. And it is clear that there is a real desire to solve this challenge. Aspiration for improvement across TPRM and TPM is here to stay; building resilient and transparent supply chains is more important than ever. There is no doubt that technology providers will continue to push forward and look to better integrate their solutions and enable customers to achieve this goal. While pockets of the industry are making significant progress, there is still a long way to go for organizations and technology providers until they are successful across the sector.

Return to the Responsible Business home page to discover more insights from our leaders.

Key contact

Ross Anson

Ross Anson

Director | Risk Advisory

Ross has worked in Deloitte’s EERM team for over ten years. He has worked with numerous global pharmaceutical and life sciences companies as Deloitte’s engagement lead in supporting the design and implementation of TPRM frameworks, becoming Deloitte’s leading global expert in this subject matter for the sector. Throughout that period Ross has not just led the development of TPRM frameworks, but has led third party compliance programmes in the sector, and overseen the development of ABAC oversight toolkits and frameworks. He has also driven the development of an industry community model, enabling clients to share in third party information collection and assessment. Ross has also been a leading player in developing Deloitte’s TPRM Managed Service capability, which provides a one stop shop for global, cross risk domain TPRM assessments, monitoring and remediation. This provides clients with an affordable and efficient means of executing TPRM.