The Intelligent Edge for Strategic Procurement : Third Party Risk Management
By Lee Kirschbaum
Senior Vice President Product , Marketing , and Alliances , Opus
A simple definition of the word “ procure ” is “ to obtain by particular care or effort .”
Ask any strategic procurement leader , and he or she is likely to agree : particular care or effort is exactly what it takes to manage suppliers in today ’ s challenging financial and regulatory climate . Business is increasingly interconnected , with unprecedented levels of global trade and capital flows . The potential for corruption and data breaches escalates daily . Regulations like the General Data Protection Regulation ( GDPR ) demand compliance , and financial viability is an ongoing concern . And there ’ s the constant need to reduce risk and maximize value across suppliers .
Underlying all these challenges is the intense reliance on third parties , such as traditional suppliers , vendors and contract manufacturers , agents , brokers , distributors , resellers , franchisees , affiliates and more . Far beyond the remit of traditional procurement , companies today depend on hundreds , often thousands , of third parties to complete core business functions , delivering 60 % or more of a typical company ’ s revenue .
Third parties are a major engine of growth , yet also pose major risks :
• 56 % of businesses experienced a third-party data breach in 2017
• 60 %+ of all data breaches are third-party related
• 75 % of all anti-corruption enforcement actions are due to third parties
To drive value and performance while optimizing costs , strategic procurement professionals must not just manage spend and onboard third parties , but also have a plan to address these risks — from bribery and corruption to performance to information security to financial health to reputational risk and beyond — across all their third parties .
It ’ s a tall order , yet ultimately a company — and by extension procurement — is responsible for the actions of its third parties . That ’ s why forward-looking strategic procurement teams are taking their supplier and third-party risk management seriously . Through systems and processes to actively monitor third parties , strategic procurement can lower costs , drive value and improve overall performance .
Third Party Management : A Risk-Based Approach
Third party risk management helps answer a few seemingly simple yet critical questions : who am I doing business with , what risks do they pose and how do I successfully manage those risks ?
It ’ s the process by which organizations select , onboard and monitor their external relationships with third parties for risk . New risks emerge regularly , so it ’ s also important that businesses and procurement teams keep a constant eye on their third parties .
Companies and procurement teams without a program in place for monitoring third parties for risk expose their organizations to significant regulatory , financial and reputational repercussions . They ’ re also at a significant disadvantage when it comes to growth opportunities .
Effective third-party risk management programs establish a comprehensive view of all third parties and manage each based on risk levels . This includes maintaining an inventory of all third parties and keeping track of documentation , such as contractual agreements , workflows , risk audits and assessments . The goal is to identify potential threats before they occur .
Start by determining the most pressing sources of risk and then direct the bulk of your effort toward mitigating those risks , beginning with these fundamental questions :
• Who are your third parties ?
• What services do they provide ?
• Which introduce the most risk and are most important , what are their specific risks , and how can any risks be mitigated ?
Once you have identified your company ’ s risks , another risk management best practice is to develop an up-to date , realtime inventory of all your company ’ s third parties .
The inventory details the nature of each relationship and its risks , such as third parties with access to sensitive information who are sharing your data with their own contractors . The inventory must also be monitored — risk isn ’ t static , and neither are your relationships .
Identifying all relationships across your organization , gathering necessary information on each and effectively assessing their risks can be extremely time-consuming and complicated if done manually . An automated technologybased approach , such as that provided by Opus , allows your business to free up its resources so that you can focus on what you do best .
Nothing worth doing in life comes without risk . It ’ s how you manage your risks that can make or break your business . By making third-party risk a business priority , strategic procurement teams can drive value from third parties , reduce risk and safely guide their organizations into new areas .