Managing third parties in a high-risk environment

Three key findings surrounding third-party management

Every year, Deloitte issues their “Extended Enterprise,” or “Third-Party Risk,” survey across all geographies and industries. The survey brought to light several conclusions about third-party management, including those around the cost of failure, vision transformation, and increased focus.

1. The cost of failure

The financial impact of a failure by a third party or subcontractor has at least doubled over the past five years. There is a rise in cost and frequency and an uptick in high-impact third-party risk incidents. The aftermath of such incidents varied; respondents believe they dealt severe blows to customer service, financial position, regulatory compliance, and/or reputation. There was an even steeper increase in the number of organizations who considered these incidents high-impact—from last year’s 11 percent to a striking 17 percent of respondents.

2. A vision for transformation

Many organizations are developing longer-term visions for EERM transformation, involving holistic management of third parties, enabled by a centralized intelligence repository built on cutting-edge technology. Most organizations rely on several technology solutions; it is not surprising that 61 percent of organizations don’t believe they seamlessly integrate with one another. While another 34 percent think their technology’s reporting capability is inadequate for making critical business decisions about third parties.

Companies that are thriving were three times more likely to have high visibility into their Tier 1 and 2 suppliers.

3. The need for wider focus

Senior executives are extending their focus beyond risk to include a broader view of third-party management. Companies realize this cannot occur in silos as it has in the past. While 48 percent of companies’ central functions are still fixating solely on risk management activities, a growing 52 percent are broadening their functions to include contract, performance, financial, relationship, or data management. The use of emerging cloud-based technologies like Coupa is creating actionable intelligence and enabling the widening focus from EERM to EEM by creating real-time ongoing monitoring capability. As a result, 45 percent of our survey respondents said they use or plan to use cloud-based platforms for EERM.

COVID-19 Impact in managing third parties

COVID-19 has reinforced the need to invest in good governance and risk management of third parties and attained leadership attention. Some organizations may be driven to a period of reflection to fully evaluate their TPRM frameworks, build lessons learned into their vision, and embed solutions over the years that follow. While there isn’t a “standout” technology solution that has differentiated itself as the “go-to” solution for TPRM, the opportunity still exists for the major ERP, P2P, and risk management platform vendors to upgrade the functionality and coverage solutions across the three tiers described.