Third-party risk management (TPRM) consulting services

Third parties help businesses drive efficiency and cost savings, but they also pose complex, ever-evolving risks. The EY team can help strengthen TPRM programs or functions, systems and technologies, assess third parties’ controls, and manage the risk of your third-party population.

What EY can do for you

In today’s rapidly changing Transformative Age, organizations that need to do more with less are turning to third parties to stay competitive. However, third parties introduce a host of risks, including cyber, privacy, digital, brand and regulatory.

Our third-party risk management (TPRM) offerings help organizations understand and manage the risk exposure that emerges from their relationships with external organizations. We help organizations make strategic investments and hone their focus to effectively manage third-party risk. We also assist in assessing risks and developing technology-enhanced TPRM programs to enable scalable and sustainable TPRM functions.

Our full suite of services to help transform, implement and manage third-party risk management efforts, include:

EY Third-party  risk management infograph
  • Transformation services

    Diagnose, develop and enhance your program or function around:

    • Governance and oversight
    • Policies and standards
    • Third-party inventory
    • Risk approach and models
    • TPRM processes and assessment frameworks
    • Technology, automation and reporting
  • Third-Party Risk as a Service (TPRaaS)

    Manage third-party risk processes across the relationship life cycle on our technology platform, to provide:

    • Pre-developed risk models, review criteria, issue administration and reporting
    • Risk profiling/third-party inventory
    • End-to-end third-party oversight and governance
    • Global onsite and remote-control assessment execution across all risk domains (e. g., cyber, resiliency, financial health and regulatory compliance)
    • Ongoing monitoring
  • Risk profiling and assessment execution

    Profile third parties and assess their risk and controls leveraging your technology/framework or ours, covering

    • Service risk profiling
    • Global onsite and remote-control assessment execution across all risk domains (e.g., cyber, resiliency, financial health and regulatory compliance)
    • Issue administration, analytics and reporting
  • Market utility

    Build and operate market utilities by:

    • Designing, building and deploying a market utility methodology, operating platform and underlying operations
    • Delivering day-to-day market utility operations that include
      • Triaging of requests from utility members
      • Performing end-to-end remote and onsite assessment execution
      • Supporting assessment escalations
      • Delivering on-demand reporting


Through our holistic approach, we provide enhanced, robust frameworks for assessing and managing third-party risk across the organization. We help develop and implement appropriate TPRM strategies based on each organization’s specific needs and circumstances. And we help improve your visibility into risks posed by third parties to support better decision-making.

Our team is committed to assist you in:

  • Developing and enhancing your TPRM program or function
  • Assessing your third parties’ risks of controls
  • Implementing and integrating systems and technologies
  • Managing the risk of your third-party relationships across their life cycle

By doing this, we can help you protect your business while fully benefitting from partnerships.

Contact us

Like what you’ve seen? Get in touch to learn more.