If the people who keep you in business go under, what happens to you?
This is the single most important question that risk management leaders must answer with regard to their third parties and supply chain partners considering today’s COVID-19 pandemic crisis. And yet, only 10% of leaders and decision-makers are extremely confident in their third-party risk management programs and only 50% are satisfied with their current solution. What does this add up to? Insufficient programs and a lack of preparedness to handle the unknown.
In partnership with Prevalent, Shared Assessments conducted a survey of senior risk decision-makers in February 2020 to study current third-party risk trends, challenges and initiatives impacting organizations today. The goal of the study was to provide a state-of-the-market on third-party risk with actionable recommendations that organizations can take to grow and mature their programs. This blog summarizes what we learned from the study and what you can do to better equip your third-party risk management program for resiliency.
Findings from the study suggest that:
The third-party risk management market is at an inflection point. Users aren’t assessing enough of their top their vendors. They lack resources and budget to fund it correctly. Third-party risk is broken, and supply chains are at risk. What is the path forward? Read the recommendations below.
Recommendations
Growing and maturing an adaptable and agile third-party risk management program doesn’t have to be a complex and time-consuming process. Here are five (5) recommendations to jump start your vendor risk activities:
#1 – Develop a Programmatic Process
A programmatic process should help your team progressively:
The outcomes of such a standardized and repeatable methodology? Download the full report to find out.
#2 – Build a Cross-Functional Team
Given the complexity, no one person can likely figure all that out, so internal and external collaboration is key to not just identifying risk but mitigating it too.
#3 – Be Comprehensive without Being Complex
There are solutions available on the market that offer a library of pre-defined questions that map back to any number of regulatory or industry frameworks. This lets you avoid the duplication of effort and patchwork of requirements you would get if you tried to assess against each framework individually. It’s also much easier to prove compliance when it’s one question that covers many requirements at once.
#4 – Maintain Options for Assessment Collection and Analysis for Agility
Don’t pigeon-hole yourself into a single rigid option for collecting and analyzing surveys from your third parties. You can assess all of your top-tier vendors (and therefore overcome the challenge that respondents to this survey had) in one of multiple ways:
#5 – Complement Your Decision-Making with Risk-Based Intelligence
Making decisions in silos with a limited dataset will not enable your team to be effective vendor risk managers. Instead, seek out solutions that are founded on an open platform with integrations to multiple business and risk solutions. A solid solution will offer:
How Do You Stack Up?
Existing tools and IRM solutions aren’t enough to overcome third-party risk management challenges. Only a comprehensive model that offers a programmatic process to maturity with options to manage costs and reporting for compliance will provide a solid foundation for risk management teams to adapt over time.
How does your third-party risk management program stack up compared to the respondents to our survey?
Please register or log in to complete the checkout process. You will be redirected to the checkout page after logging in.
By downloading this software, you acknowledge that you may be invited to provide usability feedback to help improve its functionality. Feedback does not guarantee changes or compensation.