The results of our third-party risk management (TPRM) survey are timely with increased dependence on third parties in the COVID-19 pandemic.
The rapidly evolving threat around the COVID-19 virus is raising concerns about the resilience of enterprises globally. One potentially overlooked vulnerability? The increasing dependence on third parties. The interconnectedness of today’s business environment and the use of external vendors – from supply chains to the delivery of critical business services – poses a risk of disruption that can result in significant revenue loss.
The EY TPRM survey covers a broad range of organizations, including advanced manufacturing and mobility, financial services, banking and capital markets, consumer, health, insurance, life sciences, power and utilities, technology, media and entertainment, and telecommunications.
The results, examined in this article, identify some notable trends in the following five areas, and further discussed in our report, Building trust with your third parties in a technology-driven and disruptive world (pdf) :
- Operating model and governance
- Automation, technology and reporting
- Fourth parties, data breaches and resiliency
- Risk expansion and frameworks
- Emerging focus areas
These trends include a gradual movement toward centralization of risk in parallel with increased use of consortia/market utilities to expand the coverage and depth of due diligence. While technologies such as artificial intelligence (AI) are increasing in use, organizations should define their own specific reporting framework and requirements before automating risk-related processes.
There are also heightened expectations from stakeholders and a growing awareness of the risks presented by entering new ventures and markets with respect to partners, joint ventures, collaborators, fourth parties and other relationship structures. These fourth parties remain a blind spot for the vast majority of organizations.