Be responsible and effective: strike a balance.

A desire to be a responsible business that effectively manages social and environmental issues and responsibilities throughout its supply chain, is one of the key reasons companies invest in third-party risk management (TPRM). Deloitte’s fifth annual extended enterprise risk management (EERM) global survey report highlights six key themes, alongside the impact of COVID-10 on managing third-party risk and our predictions for 2020-21. This is the first time Ireland has participated in this global EERM survey. Below is a summary of the key findings from Irish respondents:

1. Based on the responses received Irish organisations typically engage with a smaller number of third parties that their international peers.

• 59% of Irish respondents believe they are effectively managing their third parties at the moment.
• However international trends indicate that Irish companies will engage with a larger number of third parties resulting in a more complex third party ecosystems.
• As the third party eco system becomes larger and more complex, this will require further investment to ensure that third party risk continues to be managed effectively.

2. Co-ordination of TPRM is a challenge with diverse budget, and responsibilities, across respondents. This is reflected in the following: 

• 34% of Irish respondents expressed concern about limited coordination amongst internal stakeholders due to divisional / functional silos.
• 58% of respondents advised that a priority for the coming 1-2 years will be to deliver enhancements to in-house coordination with risk domain owners, business unit leaders, functional heads, legal teams, internal audit etc.

3. Respondents appear to be highly cognisant of the potential impact of an adverse third party event:

• 63% believe that this would lead to at least a 5% drop in share value.
• 14% of respondents indicated that an adverse third party event could cost their organisation over $1B.

4. Respondents indicated that the biggest challenge to effectively managing their third parties were: 

• 25% indicated that monitoring or assurance processes are not driven by risk profiles of third-parties.
  
• 18% indicated a lack of detailed knowledge of third-party contract terms and related data.

5. Respondents indicated that the top third party risk management priorities in the next two to three years were:

• Nearly half of respondents believe enhanced monitoring of third-parties (e.g. real-time ongoing monitoring, risk sensing, etc) using emerging technologies such as robotics automation, cognitive processes etc.
• 39% believe in building stronger resilience to disruption and uncertainty from third-parties.

6. When considering how to improve third party risk management processes, respondents indicated that major improvements were required in the following areas:

• A third believe that, real-time information, risk metrics and reporting (including risk-based outcomes / remediation actions, for example off-boarding third-parties). 
• 18% believe they need to improve tools and technology for managing third-parties and related risks.
  
• 11% indicated that major improvements were required in relation to third-party risk management business processes.
• 11% of respondents indicated, the right "tone at the top" promoting a well-coordinated appropriate risk culture.

Download the EERM Third-party risk management global survey 2020 here.

*66 Irish respondents of a Global total of 1145.