Third Party Risk Management

An end-to-end managed service solution for your extended enterprise

A typical Fortune 500 organization may use more than 100,000 external third-parties (for example, vendors, suppliers, service providers, outsourcers, …) to meet its business objectives and stay competitive. With a significant reliance on an interconnected network of third-party relationships (typically known as the “extended enterprise”), there is increased exposure to a growing portfolio of risks, cost, performance, and regulatory pressure. Deloitte’s Third-party Risk Management (TPRM) managed service is a leading-edge solution that efficiently manages the risks associated with third-parties while driving cost and revenue recovery through TPRM operations.

Explore Content

The TPRM managed service: An optimized approach to enterprise risk management

The TPRM solution is an end-to-end managed service that streamlines the entire TPRM process, from third-party engagement/initiation and selection through contracting negotiations and ongoing monitoring. The TPRM managed service solution includes: 

  • Third-party screening: The use of advanced analytics and artificial intelligence (AI) to collect and examine data from the internet and proprietary databases to identify risk indicators.
  • Background checks: Comprehensive checks, including detailed research into companies, key individuals, and ultimate beneficial owners.
  • Third-party questionnaires: Collection and analysis of data from the third-party regarding its control environment (such as policy, process, and capability). Deloitte's questionnaires meet regulatory expectations. 
  • On-site inspections: On-site, detailed assessments of the third-party’s control environment. These inspections are performed by experienced professionals with risk domain expertise.
  • Monitoring: Ongoing analysis (using data analytics and AI) of various data sources to identify any emerging or new issues regarding in the third-party portfolio.

Underpinned by Deloitte’s Risk Management Solution

At Deloitte, our managed service is underpinned by our third party risk management software. Our risk management solution is an end-to-end technology platform that combines mobile data-collection, corporate and unit-level performance improvement tools, and mobile-optimized reporting and visual analytics dashboards in a powerful platform designed for insights and actions to manage risk across the vendor population. It is the interface into our managed services.

TPRM Benefits

Why should you choose Deloitte for your Extended Enterprise Risk Management?

Third-party management experience We have deep third-party risk management experience and have conducted hundreds of thousands assessments across various risk domains, geographies and industries.
Skilled and experienced resources We have over 400 dedicated and skilled resources committed to performing third-party assessments across the globe. All of our assessors have at least 4 years of cyber risk experience with relevant certifications.
Global presence We operate in over 60 countries with approximately over 21,000 qualified risk professionals that can be leveraged on need basis. This capability enables us to conduct onsite assessments in a cost effective manner and accommodate expedited business circumstances as well as local language nuances when conducting assessments.
Demonstrated delivery model Over the last 11+ years, we have developed processes and infrastructure to provide TPRM in managed services model. We have built processes and accelerators for intake, management, fieldwork, reporting and remediation tracking. Our processes have been streamlined learning from experiences in the trench and have been tested over time.
Integrated quality Quality is integral in our processes and a distinguishing factor among our competitors and this is backed by testimonials from our clients that consistently lean on us for high visibility and/or sensitive assessments.
Ability to scale rapidly We have ability to efficiently ramp up and ramp down the assessment team depending in the ebb and flow of assessment volume without additional costs to Client in hiring, onboarding and training or resources.

Proven Track Record in Vendor Risk Management

Ready to Get Started?

Deloitte’s starter pack is designed to help clients with accelerated onboarding, rapid access to assessments in a few key risk areas, and the ability to better understand the outputs of a managed service over a six-month period. This starter pack can provide you with a broad view of risk and risk attributes across your third-party base to enable discussion and action with your stakeholders.

The starter pack includes:

  • Six months of Deloitte’s TPRM service 
  • 100 automated background screens 
  • 25 third-party questionnaires covering antibribery and anticorruption, labor rights (or cyber) and data privacy 
  • 20 remote assessments covering antibribery and anticorruption, labor rights (or cyber) and data privacy 
  • 100 continuous monitoring entities in real time across the extended enterprise 
  • Access to proprietary technology and standardized dashboards
The starter pack

Be responsible and effective: Strike a balance

Extended enterprise risk management (EERM) Third party risk management global survey 2020

A desire to be a responsible business that effectively manages social and environmental issues and responsibilities throughout its supply chain, is – for the first time in five years – one of the key reasons companies invest in third-party risk management (TPRM). Deloitte’s fifth annual extended enterprise risk management (EERM) global survey report highlights six key themes, alongside the impact of COVID-19 on managing third-party risk and our predictions for 2020-21.

View Summary