2 minute read 4 Oct 2019
Businessman builds a tower

Transform your third parties’ risk into a competitive advantage

Authors

Carol Murphy

Ernst & Young — Ireland (EY Ireland) Advisory Partner and Risk Transformation Lead

IT strategy and transformation adviser. Effective programme and project management skills.

Ivan O'Brien

Ernst & Young – Ireland (EY Ireland) Head of Risk Services

Involved in risk and control matters. Reviews information security programmes and projects. ​

2 minute read 4 Oct 2019

The organisations that succeed in this new transformative age, are those that successfully create value from risk across their business.

Third-party partnerships are an example of taking an upside risk to deliver strategic value while also being responsible for protecting against downside risks and monitoring outside risks introduced by a related entity.

In the last few years, media headlines have been filled with revelations of cyberattacks and security breaches, regulatory fines, legal actions against top-level executives and reputational damage caused by third-party vulnerabilities. These revelations have shocked senior executives and consumers alike. And they’ve prompted boards and audit committees to pay closer attention.

Organisations may be able to outsource responsibilities for various functions, but not the accountability. The C-suite is ultimately accountable for the actions of third parties. Further, the expectation from shareholders and regulators is that boards must know exactly what the company is doing across the globe, which third parties are acting on its behalf and what they are authorised to do. Organisations are increasingly exposed should any inappropriate or criminal behaviour take place that jeopardises the interests of the organisation and its stakeholders.

Given its highly regulated environment, the financial services industry has been at the forefront of Third-Party Risk Management (TPRM). We decided to look beyond financial services and toward other industries that need to introduce or substantively improve their TPRM capabilities. The results of the global survey suggest that many organisations are taking meaningful steps to get ahead of third-party threats. Yet, for the most part, TPRM remains in its infancy for these organisations.

We explore how organisations can improve their TPRM posture by taking stock of their current governance structure, identifying and inventorying third-party risk, developing an approach for assessing risk, testing and improving the policies and procedures they have in place, and making certain they have the right capabilities and procedures in place to measure and report their progress.

For more information, download the full report.

Summary

Third-party partnerships offer companies the opportunity for greater agility by reducing production or delivery time, while also lowering costs. As companies seize that opportunity they also open the door to a host of new risks.

About this article

Authors

Carol Murphy

Ernst & Young — Ireland (EY Ireland) Advisory Partner and Risk Transformation Lead

IT strategy and transformation adviser. Effective programme and project management skills.

Ivan O'Brien

Ernst & Young – Ireland (EY Ireland) Head of Risk Services

Involved in risk and control matters. Reviews information security programmes and projects. ​