Check out Responsible Cyber website : Cybersecurity and Risk Management.
In a world where businesses thrive on interconnected networks, third-party relationships are both a lifeline and a liability. The EY 2023 Global Third-Party Risk Management (TPRM) Survey reveals the growing recognition among organizations of the need to navigate these complex relationships with precision, diligence, and foresight. With nine in ten respondents actively investing in their TPRM programs, the survey shines a spotlight on the tools, strategies, and trends shaping the future of third-party risk management.
Centralized Risk Management: A Game-Changer
Centralization is not just a buzzword; it’s becoming a necessity for organizations seeking to manage third-party risks effectively. According to EY’s survey, a striking 90% of organizations are moving toward a centralized approach. Why? Because the benefits are undeniable. Centralized systems offer better communication, faster control assessments, and a more accurate understanding of risk. Companies with centralized models report nearly double the efficiency in managing third parties compared to those with hybrid systems.
Financial services lead the charge, with 62% adopting centralized TPRM structures, significantly outperforming non-financial sectors. This shift enables organizations to identify, manage, and mitigate risks with greater agility and confidence. As Joseph Kelly, EY Oceania Third-Party Risk Leader, succinctly puts it: “The only way to completely zero out your third-party risk is to not work with third parties, but that’s not going to happen.”
The ESG Imperative
Environmental, Social, and Governance (ESG) factors are no longer optional in today’s risk assessments—they are central to a company’s reputation and compliance. The survey highlights that 54% of organizations now include ESG in their risk inventory reporting. Priorities range from regulatory compliance to meeting stakeholder expectations and demonstrating corporate responsibility.
However, challenges abound. While 23% of respondents indicated they would terminate relationships with suppliers that fail to meet ESG criteria, this is easier said than done. Coordinating ESG efforts across internal and third-party stakeholders remains a significant hurdle. Michael Giarrusso, EY Americas FSO Third-Party Risk Leader, underscores the importance of integrating ESG into third-party relationships, warning that a robust ESG program must encompass the entire network, not just internal operations.
Resilience Through Risk Tiering and Technology
In an era marked by cyber threats, supply chain disruptions, and evolving regulatory landscapes, resilience is no longer a luxury—it’s a lifeline. Organizations are increasingly relying on risk tiering to identify critical third parties and prioritize monitoring efforts. Yet, the survey reveals a concerning gap: over half of the respondents lack contingency or exit strategies for high-risk third parties.
Technology is stepping in to bridge this gap. From automation to external data integration, companies are embedding technological solutions into their TPRM frameworks. With 63% planning to adopt advanced external data and automation tools in the next two to three years, the future of TPRM is undeniably data-driven. As EY’s Scott McCowan emphasizes, these tools enable real-time monitoring and smarter decision-making, transforming third-party risk into a strategic enabler.
Seven Leading Practices for Robust TPRM
EY’s survey also distills key practices that organizations can adopt to enhance their TPRM programs:
- Define Objectives and Scope: Align TPRM initiatives with established operational resilience frameworks.
- Document and Maintain Third-Party Inventories: Ensure comprehensive and up-to-date records.
- Develop Policies and Procedures: Foster coordination between internal teams to reduce inefficiencies.
- Enhance Ongoing Monitoring: Move beyond initial due diligence to dynamic, continuous oversight.
- Establish Strong Governance: Clearly delineate roles and responsibilities within a global policy framework.
- Leverage Technology and Automation: Integrate tools that streamline workflows and enhance risk reporting.
- Improve Customer Experience: Simplify questionnaires and assessments to reduce friction in third-party interactions.
TPRM as a Strategic Advantage
The EY survey makes one thing clear: TPRM is no longer just a compliance exercise—it’s a competitive advantage. Companies that proactively manage their third-party ecosystems not only mitigate risks but also unlock new opportunities for growth and innovation. By centralizing risk management, embracing ESG principles, and harnessing technology, organizations can transform TPRM from a reactive necessity to a proactive, strategic tool.
As EY continues to lead the way in helping organizations navigate third-party risks, their insights provide a roadmap for building resilient, future-ready businesses. The question is no longer whether to invest in TPRM but how to make it a cornerstone of your organization’s strategy.