Therefore, to adapt and thrive in this new risk landscape, businesses must align their policies with consumer expectations — and that includes third parties who handle data. Organizations have a chance to build trust with consumers, but their reputation could be easily damaged if third parties do not properly secure data.
Addressing the expanding risk universe through centralization, functional integration and automation
Faced with this expanding risk universe and regulatory requirements, TPRM programs are increasing their scrutiny of third parties while striving to recognize how various risks are interconnected. But trying to do more in this arena often runs into the roadblock of reduced resources, so organizations seeking cost and process efficiencies will need to consider how their TPRM program can work more closely with other functions and teams, such as procurement, finance, privacy and compliance.
According to our TPRM survey, only 50% of companies currently have centralized TPRM programs, with 39% embedding separate programs within each business function. Decentralized functions increase the cost of conducting risk management activities while also increasing the fatigue of third parties as they answer multiple assessment questionnaires. For example, our survey shows that the typical post-contract risk assessment questionnaire has nearly 200 questions, and more than 30% of organizations have over 1,000 suppliers to assess, increasing time and costs across the board.