Third Party Governance & Risk Management
Addressing the challenges of decentralisation
Decentralisation in large global organisations is increasingly becoming a dominant trend. At the same time, third parties continue to become a critical part of these organisations’ extended enterprise, creating a potential challenge to managing the related risks in a holistic and unified manner.
Addressing the challenge
To address these challenges, the overall responsibility for establishing a third party governance and risk management strategy and framework should lie in the corporate centre, led by the Board or C-suite (rather than by teams at the operational level) and feature consistently on the Board agenda with a high level of priority.
Specific issues that must be addressed include:
- Establish robust governance structures to manage third party risk through the entire organisation
- Create clear accountability on ownership of activities for TPGRM at the group level and across the decentralised business units
- Create awareness and engage key stakeholders related to third party risk at the group and local entity level
- Allocate activity ownership around TPGRM to appropriate individuals at the group and local levels with decision-making authority
- Implement appropriate tools and technologies across centralised and decentralised operations
- Articulate robust and achievable processes to manage third party risk throughout the decentralised organisation
- Resource the governance structures, supported by the establishment of a common culture, to enable communication and training
Our report looks at how global organisations are addressing the challenges they face in managing third party risk, as they increasingly decentralise across their operating units and entities.
For many organisations, their third party ecosystem, or ‘extended enterprise’, is an important source of business value and strategic advantage. However, as the reliance on third parties continues to grow, so do the associated risks, bringing potential reputational damage and regulatory action.
Our experienced teams work with clients to develop governance frameworks which effectively identify and manage all forms of third party risks, looking at both process and technology solutions to deliver value and meet contractual obligations.