Approximately 86% of respondents supply information security functions with TPRM-related data as part of their TPRM programs. However, the level of integration drops dramatically across other key stakeholders surveyed, including procurement (71%), operational risk/enterprise risk (65%), compliance line of business (57%), legal/general counsel (52%) and technology/operations (51%).
Functional integration within the TPRM program offers a tremendous opportunity to further integrate taxonomies, improve data quality and prevent unnecessary data replication, driving an improved third-party inventory. This in turn would reduce fatigue on third-party business and control functions as they respond to fewer duplicative data requests.
Improved alignment would also expedite direct and indirect spend decision-making throughout the third-party life cycle. This would offer much-needed transparency to help reduce third-party proliferation in key areas like IT and cyber and within key business processes that rely heavily on large volumes of third parties, such as claims, loan origination, part suppliers and raw material suppliers.
The difficult path to integration
Unfortunately, the path to integration presents several roadblocks. Different functions may be using different tools or technologies to collect data, and 27% to 34% of respondents either do not have dedicated technology or remain unaware of the ecosystem of available tools to enable their programs. There’s no one-size-fits-all solution for enabling technology; however, organizations need to consider how to manage the full, integrated life cycle while weighing the benefits of a larger enterprise tool or a smaller, dedicated TPRM tool.