blue crystal

Services

Third-Party Risk Management (TPRM)

Third-party decisions and managing risk

Organizations have long relied on third parties for specialty services, competitive advantage, operational efficiency, and cost savings. But as organizations expand third-party ecosystems to execute core activities that are critical to operations, business models, and value propositions, they’re also creating risks for the extended enterprise.

Growing risk to the extended enterprise

Organizations have long relied on third parties for specialty services, competitive advantage, operational efficiency, and cost savings. But as organizations expand third-party ecosystems to execute core activities that are critical to operations, business models, and value propositions, they’re also creating risks for the extended enterprise.

As one example, the sheer number of relationships can often explode as organizations rapidly adopt new operating models and outsource more core and noncore functions to third parties—cloud service providers are one prominent example.

And, organizations are rethinking the nature of work, workforces, and workplaces as talent gaps appear and automation, analytics, and artificial intelligence (AI) increasingly enhance traditionally human-performed jobs. Third parties can play a part in many of those changes.

Back to top

city lights

Does your organization:

  • Lack risks potentially posed by your relationships with many types of third parties?
  • Want greater visibility into third-party performance and risks?
  • Need to improve operational costs, process efficiencies, and organizational agility associated with your third-party relationships—all while gaining greater control over related risks?
  • Want to be confident that third parties are compliant with your organizations’ policies, as well as their own—based on government regulations and industry requirements?

If you answered "yes" to any of those questions, your organization may need a third-party risk management solution—and it may need to rethink third-party risk.

Back to top

Third-party risk management

Why rethink third-party risk?

As third-party ecosystems continue to expand exponentially, important questions are being asked by boards of directors and other stakeholders regarding the risk to the extended enterprise, including:

  • Where are the highest concentrations of risk across the portfolio of third-party relationships?
  • How is risk being detected, monitored, and measured?
  • What is being done about third-party risk?

For large organizations that may have tens of thousands of third-party relationships, this can create a gap in extended enterprise risk management. The potential for, and implications of, third-party-related incidents and disruptions can be far-reaching if not properly identified, assessed, managed, and monitored. And unless organizations change the way they govern third-party risk across their interconnected ecosystem, their business may be disrupted.

Back to top

fingerprint

Why choose Deloitte’s Third-Party Risk Management (TPRM) solution?

Whether your organization has a large, well-established third-party program, is in the early stages of development, or is anywhere in between, Deloitte’s TPRM solution can improve the health of your program.

Our solution streamlines the third-party risk management process through standardization, scalability, and efficiencies—from third-party risk identification to assessment and selection to input through contract development, as well as ongoing monitoring, including:

  • Third-party screening
  • Background checks
  • Third-party questionnaires
  • On-site inspections
  • Monitoring and reporting

Deloitte’s TPRM solution provides relevant insights along with risk assessment results to help you make a more informed decision about contracting with a third party so that you are armed with strategies for managing and mitigating potential risk.

From cybersecurity to antibribery, our solution is flexible and responsive to the various risk domains that are most important to your organization. We offer:

  • A broad-based view of risks and third parties through a central global repository with an executive dashboard and benchmarks against industry standards
  • Standardized processes, applied consistently across all markets and organizations, for third-party risk sensing, scoring, and monitoring
  • Extensive and reliable insights for risk-assessed decision-making, supported by continuous monitoring and near real-time data for integration with functions such as procurement, risk, compliance, IT, and others
  • An intelligent technology platform that automates processes and aggregates risk data about your third parties to provide risk intelligence
  • Access to subject-matter knowledge from Deloitte professionals with deep cyber and third-party risk domain experience

Back to top

earth

Get in touch

Dan Kinsella

Dan Kinsella

Omaha Managing Partner

Dan is the managing partner of the Omaha office and serves as the US and Americas extended-enterprise and third-party assurance leader in Deloitte & Touche LLP. He combines business and technology exp... More

Suzanne Denton

Suzanne Denton

Managing Director | Deloitte & Touche LLP

Suzanne is a managing director and leads solution design and service integration for Deloitte’s Third-party Risk Management (TPRM) managed service. She has more than 20 years of experience in financia... More

Kevin Gallagher

Kevin Gallagher

Managing Director | Risk & Financial Advisory

Kevin is a Cyber Risk managing director in Deloitte Risk and Financial Advisory with Deloitte & Touche LLP, focusing on IT Risk Management Services. He has nearly 15 years of experience consulting wit... More