During uncertain times, leaders need to weigh up both the short-term and long-term benefits and risks of keeping in-house control over operations versus outsourcing. A common response, following the COVID-19 pandemic, has been to begin moving more critical or high-risk services, such as customer-facing services, to near- or on-shore outsource providers, or bring them in-house completely.
The EY Global Third-Party Risk Management Survey 2019-20 revealed that 18% of third parties in scope for a TPRM program or function were classified as critical. This varied by industry – higher percentages were in the non-financial services industries, with advanced manufacturing and mobility being the highest at 37%. These could increase further as organizations review classifications.
Evaluating the use of third parties across operations, and the significance of those operations to the organization, will reveal varying risks. Understanding the organization’s interconnected supply chain and leveraging nth parties to support operations, production and provide services allow organizations to find alternate providers, align reserve inventory planning and strengthen contract language.
These activities and resulting consequences can decrease risk in the post pandemic world.
2. TPRM framework and operating model evaluation
Next, third-party risk leaders should revisit their organization’s TPRM framework and operating model with a renewed focus on cost reduction and increased risk management. This allows them to use the recently learned lessons to review the effectiveness of the TPRM function and minimize future risks to third-party operations.
In particular, a re-evaluation of an organization’s risk methodology, with a focus on resilience, provides an effective way for leaders to address future risk concerns and integrate with enterprise-wide risk initiatives.
Cost reduction can be achieved through new approaches or resource models. Risk leaders are now realizing that a proactive, centralized approach can better manage third-party risks in a way that delivers the growth, confidence and trust needed to strengthen the business.
The recent EY TPRM survey revealed that 50% of organization respondents operate a centralized TPRM program, while 39% operate a hybrid model of centralized and decentralized operations. Outsourcing TPRM to a managed services provider is another approach gaining traction: 45% of surveyed organizations expect to adopt this approach over the next two to three years, while 56% plan to use more market utilities/exchanges.
A shift to larger volumes of remote assessments and the resulting organizational requirements should also be considered in operating model evaluations as work force models evolve and future operating models are assessed.
A centralized approach can deliver confidence and trust50%
of organization respondents operate a centralized TPRM program.
Outsourcing TPRM to a managed services provider is gaining traction45%
of surveyed organizations expect to adopt this approach over the next two to three years.
3. Adoption of technology and data
Technology and data are not new drivers of efficient and leading TPRM programs; however, their importance will be heightened in the post pandemic world as workforce models and supplier interactions evolve.
Real-time and on-demand data enable TPRM leaders to make more informed decisions, which is a necessity with the current and future global uncertainties. The integration of dedicated TPRM platforms or modules connected to enterprise risk systems provides alignment across the organization and to external suppliers. This further enables real-time and accurate data to drive better TPRM decisions.
However, many organizations have been slow to adopt a dedicated technology platform. The EY TPRM survey indicated that 43% of respondents do not have a dedicated TPRM technology platform and more than 86% use a manual process or reconciliation to enable reporting.
Slow adoption of a dedicated technology platform43%
of respondents do not have a dedicated TPRM technology platform.
Risk leaders may wish to rethink this, as the use of new technologies such as machine learning and data analytics can enhance automation and continuous monitoring to lower costs and improve overall operations. These are also necessities in a post pandemic world.
Reimagining the TPRM function
By capitalizing on this time of uncertainty and recognizing and reflecting on learnings from the pandemic, TPRM leaders can reimagine the TPRM function’s integration across the organization and overall interaction with third parties.
A strategic review of third parties, a renewed look at TPRM framework and operating model, and adoption of data and technology are key considerations for TPRM leaders to transform their functions and help future-proof in a post pandemic world.
Third-party risk leaders have an opportunity to reimagine their TPRM functions’ connection with the organization and with third parties. There are three key areas on which leaders must focus: a strategic review of third parties, an evaluation of the TPRM framework and operating model, and the adoption of technology and data.