When it comes to third-party risk management, organisations are redefining their approaches, with a focus on talent and strengthening the role of executive leadership on third-party risk management teams, said Deloitte recently when releasing results of a survey.
According to the firm’s third-party risk management (TPRM) survey of more than 1,300 TPRM leaders spanning 40 countries, 83% of respondents (83%) remain optimistic or neutral about managing third-party relationships moving forward.
Survey highlights
Navigating headwinds: Balancing expectations and capability
- When asked to identify the top headwinds impacting their third-party relationships, respondents highlighted geopolitical challenges (61%), inflationary trends (46%) and concerns about their ability to meet increasing environmental, social, and governance (ESG) expectations (40%).
- Despite these challenges, most leaders indicated that they feel optimistic or neutral about managing third-party relationships moving forward.
- Nearly two-thirds (63%) of respondents say their top focus area for investment is revisiting and refreshing the overall third-party management risk methodology used in the organization.
- Nearly half (48%) acknowledge they need to strengthen the role of executive leadership in managing and governing third-party relationships.
- While enhancing third-party risk management frameworks with technology will continue to be a focus, getting the right skills and talent into the program to leverage that technology has emerged as a newer and more immediate priority this year.
The pivotal role of third parties in meeting sustainability commitments
- The extended enterprise, with its complex third-party and subcontractor relationships, should be a key consideration as organizations increasingly focus on social purpose and sustainability.
- More than half (56%) of respondents believe their organisational culture has become much more supportive in understanding and managing ESG risks and opportunities in their third-party ecosystem, with greater adoption of quantitative scoring and assessments amid data quality concerns.
- However, to continue to improve focus on sustainability matters and other areas of ESG, companies will likely need to advance data tracking in their third-party relationships.
- Nearly one-third of respondents say internally or externally generated data on these topics is ‘low’ or ‘very low’ quality.
Embedding resilience in the extended enterprise
- The management of supply chains and other third-party relationships has evolved with a focus on efficiency (just in time) rather than resilience (just in case).
- But as the business and macro-economic environment evolves, there is a need for a higher degree of centralized control in the governance of third-party ecosystems, better coordination internally and externally, and the need to invest in real-time data-driven insights to thrive amid disruption and uncertainty.
- Fortunately, more leaders are prioritizing resilience in their third-party ecosystems—two in five (40%) respondents say resilience is already a priority, while about half (51%) say they have become more focused on integrating business strategy and risk management.
- However, only one-quarter (27%) believe their organisational budgets have increased to keep pace with the increasing complexities of third-party risk management.
Enhancing trust in supply chain partners and other third parties
- Technology investments can play a vital role in protecting third-party relationships from cyber and information security risks, which nearly two-thirds of respondents (62%) ranked as the top third-party risk.
- This focus is part of a broader initiative to bolster trust between companies and their third parties, the approach to which varies by the relationship. Newer third parties may require a “track and react” strategy, while existing third-party relationships may only need efficient oversight.
- Moreover, as many global leaders embrace “nearshoring,” the study shows nearly half of respondents (45%) currently procure as locally as possible, due to higher levels of trust with those closer by and lower costs.
- Still, around one-third (34%) say their procurement is more globally centralized, indicating that decoupling is not as widespread as previously suggested.
