EY refere-se à organização global e pode se referir a uma ou mais das firmas-membro da Ernst & Young Global Limited, cada uma das quais é uma entidade legal separada. A Ernst & Young Global Limited, uma empresa britânica limitada por garantia, não presta serviços a clientes.
Como a EY pode ajudar
As companies focus on their own resilience, the resilience of their third-parties is a high priority. Companies are building resiliency by maintaining an integrated resiliency plan, conducting internal resiliency testing and performing scenario analysis, exit strategies, contingency plans and business continuity plans. Organizations also use risk tiering to zero in on critical third-parties and separate them for additional monitoring activities.
Most organizations surveyed ask more than 100 questions on their control assessments, and nearly half (48%) of organizations have exit strategies or contingency plans for high-risk third-parties. However, that means that more than half are unprepared.
“Having a strong third-party program can support resiliency, but it needs to be intentional,” Giarrusso said. “Make sure that you’re identifying those third-parties that are supporting critical business processes and then have plans in place — whether it’s contingency or exit strategies — for those third-parties in the event of a business disruption.”
Organizations are seeking smarter ways to understand risk by using external resources and embedding technology, automation and external data into their risk reporting process, Kelly said, noting that 63% of organizations plan to integrate external data providers and automation to better manage inherent risk assessments in the next two to three years.