Managing third parties in a high-risk environment

Learn more about the cost of failure, vision transformation, and increased focus in third-party risk management (TPRM).

The stakes are higher than ever in managing third parties, making the effects of this management vital for organizations. Explore new learnings and challenges on the rise and the importance of visibility into the three tiers of third-party risks.

Three key findings surrounding third-party management

Every year, Deloitte issues their “Extended Enterprise,” or “Third-Party Risk,” survey across all geographies and industries. The survey brought to light several conclusions about third-party management, including those around the cost of failure, vision transformation, and increased focus.

1. The cost of failure

The financial impact of a failure by a third party or subcontractor has at least doubled over the past five years. There is a rise in cost and frequency and an uptick in high-impact third-party risk incidents. The aftermath of such incidents varied; respondents believe they dealt severe blows to customer service, financial position, regulatory compliance, and/or reputation. There was an even steeper increase in the number of organizations who considered these incidents high-impact—from last year’s 11 percent to a striking 17 percent of respondents.

2. A vision for transformation

Many organizations are developing longer-term visions for EERM transformation, involving holistic management of third parties, enabled by a centralized intelligence repository built on cutting-edge technology. Most organizations rely on several technology solutions; it is not surprising that 61 percent of organizations don’t believe they seamlessly integrate with one another. While another 34 percent think their technology’s reporting capability is inadequate for making critical business decisions about third parties.

Deloitte has separated the levels by which companies manage their third-party risk into three tiers:

  • Tier 1 being ERP or other backbone systems acting as the foundation for EERM activities.
  • Tier 2 as either generic risk management platforms that can also be used for TPRM or specific packages tailored to the organization’s third-party management requirements.
  • Tier 3 comprising other niche packages for specific EERM processes or risks that provide feeds from risk domains.



Companies that are thriving were three times more likely to have high visibility into their Tier 1 and 2 suppliers.

3. The need for wider focus

Senior executives are extending their focus beyond risk to include a broader view of third-party management. Companies realize this cannot occur in silos as it has in the past. While 48 percent of companies’ central functions are still fixating solely on risk management activities, a growing 52 percent are broadening their functions to include contract, performance, financial, relationship, or data management. The use of emerging cloud-based technologies like Coupa is creating actionable intelligence and enabling the widening focus from EERM to EEM by creating real-time ongoing monitoring capability. As a result, 45 percent of our survey respondents said they use or plan to use cloud-based platforms for EERM.

COVID-19 Impact in managing third parties

COVID-19 has reinforced the need to invest in good governance and risk management of third parties and attained leadership attention. Some organizations may be driven to a period of reflection to fully evaluate their TPRM frameworks, build lessons learned into their vision, and embed solutions over the years that follow. While there isn’t a “standout” technology solution that has differentiated itself as the “go-to” solution for TPRM, the opportunity still exists for the major ERP, P2P, and risk management platform vendors to upgrade the functionality and coverage solutions across the three tiers described.

The Deloitte and Coupa alliance

For more than a decade, Deloitte and Coupa have worked with enterprises across the globe to transform their procurement operations and unleash growth and value. Conceived and refined through years of implementations, our methodology leverages design thinking and accelerators to drive the timeline, capture value, minimize risk, and bring your category management strategy to life.

Get in touch today to begin your TPRM transformation journey

  Yes         No

Contact our team

Fullwidth SCC. Do not delete! This box/component contains JavaScript that is needed on this page. This message will not be visible when page is activated.

Insert Custom CSS fragment. Do not delete! This box/component contains code needed on this page. This message will not be visible when page is activated.

Did you find this useful?