“My dear, here we must run as fast as we can, just to stay in place. And if you wish to go anywhere you must run twice as fast as that.”
-Lewis Carol, Alice in Wonderland
As they assess today’s complex risk and regulatory environments, third party risk management (TPRM) practitioners may feel has if they’ve tumbled through the looking glass. Given the constantly changing and sometimes strange world of third party risk, most organizations must work diligently just to sustain the current performance and sophistication of their TPRM programs.
That’s one of a number of key insights from the 2019 Vendor Risk Management Benchmark Study, which is based on survey research and analyses jointly conducted by Protiviti and The Shared Assessment Program. The report’s findings indicate that:
This marks the fifth year that the Shared Assessments Program and Protiviti have collaborated on this research, which is based on the Shared Assessment Program’s proprietary Vendor Risk Management Maturity Model (VRMMM). For 2019 the program updated the VRMM with numerous enhancements, including the addition of 81 new detailed criteria. These additions made it possible for us to develop benchmarking capabilities in eleven new focus areas, including aspects of continuous monitoring, fourth party risk management, resource availability and optimization, privacy, virtual assessments, geolocation risks and more.
In addition to the three findings I mentioned above, our 2019 report also reveals that:
The report, which is available at no cost, is packed with information and insights related to all areas of vendor risk management. Reading through the results will help TPRM leaders and their teams get a firmer grasp of how their program compares to others in the same industry. Together with the Vendor Risk Management Maturity Model, on which the benchmark survey is based , the Benchmark Study is the perfect tool to determine and steer TPRM programs toward a custom maturity level that’s appropriate for every organization irrespective of the industry in which it operates.