Blogpost

Supply Chain Risk Management: Guiding Robust Third & Nth Party Governance

Shared Assessments newest TPRM professional resource is Supply Chain Risk Management: Guiding Robust Third & Nth Party Governance. The inter-related nature of complex supply chains is changing how managing risk in third party relationships is conducted. The implications of the impacts that Nth parties can exert on an outsourcer lead to an urgent need to better understand what improvements can be made in risk management analytics, responses, and related processes.

To monitor across the supply chain, organizations should gauge related risks. Considerations around risks impacting the ability of outsourcers operating in different industries and jurisdictions to deliver their goods and services must be mapped, managed, and mitigated. That analysis will include:

  • Due diligence information gathering that includes processes for compiling, analyzing, and monitoring interdependencies posed by third, fourth, and Nth parties.
  • Concentration risk.
  • Single-source tangible product materials and parts.
  • Digital ecosystem components that may be difficult or impossible to replace.
  • Regulatory requirements for outsourcers to identify issues and work to correct certain types of shortcomings throughout their supply chains.[1]

 

Risk managers have been actively building solutions as they attempt to assess preparedness internally and externally across supply chains. This paper provides best practices and related step-function improvements in strategy and techniques for controls and monitoring that organizations can employ. The paper also provides a professional’s takeaway detailing risk areas, control objectives, and best practice considerations for context, operational resilience, communications and incident response, assessments, and monitoring.

This resource, the third in the Shared Assessments Global TPRM Best Practices Committee’s 2024 paper series, represents the work of the project team of SMEs who stepped forward to update this guide. The best practice solutions that have evolved over the past two decades are brought together and refined by this group, which last year focused on ransomware preparedness, reputational risk, and onsite assessment best practices. The Global TPRM Best Practices Committee, open to members and non-members, currently has more than 260 registered individuals from 185 organizations spanning 15 time zones.

If you would like to join, we’d love to have you. You can learn about our other committees here.

The full paper can be downloaded here.

 

[1] Corporate Sustainability Due Diligence Directive. 2024.