EY refers to the global organization, and may refer to one or more, of the member firms of Ernst & Young Global Limited, each of which is a separate legal entity. Ernst & Young Global Limited, a UK company limited by guarantee, does not provide services to clients.
How EY can Help
-
Utilizing technology, EY teams can help you make better-informed decisions faster about third parties. We examine risk from every angle and provide you with the insights you need to identify the partners that will create better long-term value for your business.
Read more
As companies focus on their own resilience, the resilience of their third-parties is a high priority. Companies are building resiliency by maintaining an integrated resiliency plan, conducting internal resiliency testing and performing scenario analysis, exit strategies, contingency plans and business continuity plans. Organizations also use risk tiering to zero in on critical third-parties and separate them for additional monitoring activities.
Most organizations surveyed ask more than 100 questions on their control assessments, and nearly half (48%) of organizations have exit strategies or contingency plans for high-risk third-parties. However, that means that more than half are unprepared.
“Having a strong third-party program can support resiliency, but it needs to be intentional,” Giarrusso said. “Make sure that you’re identifying those third-parties that are supporting critical business processes and then have plans in place — whether it’s contingency or exit strategies — for those third-parties in the event of a business disruption.”
Organizations are seeking smarter ways to understand risk by using external resources and embedding technology, automation and external data into their risk reporting process, Kelly said, noting that 63% of organizations plan to integrate external data providers and automation to better manage inherent risk assessments in the next two to three years.