Third party errors have hit the operational flow of over eight in ten businesses (84 per cent), according to a pole of executive risk committees.
Impacts include operational disruptions, financial or reputational loss and increased scrutiny from regulars – sometimes leading to regulatory action (34 per cent), according to the researcher Gartner.
On the rise
The use of third parties for vital business operations is on the rise. But the researcher found that many businesses have become more dependent on such suppliers for services that perform core business operations – thereby increasing the risk of loss.
In response, organisations have increased their use of enterprise risk management (ERM) since 2016 to mitigate these new risks. “Just doing more isn’t enough because the characteristics of third-party risk undermine the effectiveness of a typical ERM setup,” Chris Matlock, vice president, research in the Gartner legal, risk and compliance practice, said.
That is because ERM struggle to elevate the right issues because it does not focus on a management set of issues. “ERM leaders are not clearly defining which issues must be acted on first, and they are not typically preparing their audiences well to take tangible steps on the issues they surface,” the report said.
The researcher suggests taking three measures to combat such losses.
First, since third-party risks are high-volume and varied, they can be hard to identify. Risk managers should focus on identifying and understanding the ones that affect the whole enterprise.
Second, risk managers must work with risk owners throughout the business to create a holistic view of those risks. “In practice, this means facilitating direct thought-partnership between risk co-owners with ERM adding expertise and aligning actions, as opposed to ERM acting as a central co-ordinator of all risk information and mitigation,” the report said.
Finally, risk managers should narrow the focus on third-party emerging risks so that they track only those issues that are critical to the business.
IRM offers the supply chain risk management certificate for those planning to skill up in this area. See our website for more information.