Third-party Governance and Risk Management
Overcoming the threats and uncertainty
Extended enterprise risk management global survey 2017
Third-party risk management in many organisation’s has continued to benefit from greater executive awareness; however significant changes in the external environment have slowed down progress in implementing holistic, integrated frameworks and risk management mechanisms over the last 12 months.
Despite this awareness, and some associated improvements in TPGRM, five key areas exist where further effort is required by most organisations:
- Dependency and vulnerability
Despite high dependency on third-parties, organisations are still not fully equipped to manage the risks in a holistic and coordinated manner, including those arising from external uncertainties.
- Relationship management
Understanding of third-parties is increasing but comprehensive, data-driven risk management and capability to predict emerging risks is still developing.
- Governance and risk management processes
Despite executive sponsorship there is still a long way to go to get processes and technology working effectively.
- Technology platforms
An integrated TPGRM technology platform that addresses the needs of every organisation has not emerged.
- Emerging delivery models
New delivery models are emerging (e.g. utility models, hubs) to better address the challenges of managing third-party risk
Our report looks at how global organisations are addressing the challenges they face in managing third party risk, as they face uncertainty in the external environment and develop various hybrid and innovative delivery models that enable the organisation to remain agile and competitive in the marketplace.
For many organisations, their third party ecosystem, or ‘extended enterprise’, is an important source of business value and strategic advantage. However, as the reliance on third parties continues to grow, so do the associated risks, bringing potential reputational damage and regulatory action.
Our experienced teams work with clients to develop governance frameworks which effectively identify and manage all forms of third party risks, looking at both process and technology solutions to deliver value and meet contractual obligations.