The value and priority of well-designed and well-executed third-party risk management within organizations is continuing to grow and evolve. Regulations are becoming more encompassing across jurisdictions and covering more risk domains, and stakeholders are expecting more secure, ethical activities from the organizations they choose to do business with. Because of this, it is important to benchmark TPRM programs, see where process changes should be made, and determine priorities and next steps for improvements.
Aravo has partnered with CeFPro research to learn more about how organizations are navigating the complexities of third-party risk and how they’re staying ahead of an evolving regulatory landscape. Key areas we explore in the survey include:
The interviews and data give us important information into the state of programs today, namely their maturity, value within the organization, priorities, and technologies.
Ultimately, what Aravo is seeing this research is that there is more fragmentation across teams, data, and systems than expected within TPRM programs, even within the financial industry, which typically leads the way for governance, risk, and compliance best practices. This includes within overall strategy, across platforms and technologies being utilized, realized value to executives, as well as overall direction and future of the programs.
Data suggests that while respondents are managing individual projects, there is a lack of centralization in managing all the third parties they engage with (the extended enterprise) within a single, automated platform. True TPRM maturity cannot be gained with manual processes and fragmented solutions.
One of the top questions we asked respondents to answer was where they viewed the maturity of the TPRM programs in their organizations. About 50% labeled their programs as ‘Integrated: the organization has adopted centralized methodologies, templates, processes, governance and reporting’.
While this initial finding is very promising, there were questions that showed this might not be the case when it comes to truly understanding the strategic value of a TPRM program. A finding supports this are the tools being used to manage third-party risks. In one response, less than half are using “a purpose-built TPRM solution built to manage TPRM.” Approximately 75% are still using Office productivity solutions and internal communication hubs. These manual, decentralized programs hinder overall TPRM maturity.
While organizations surveyed (overall) have an understanding that they have gaps in their TPRM, and plan to grow their budgets and programs in the future, inconsistent responses showcase a lack of clarity, direction, and commitment to best shore up these gaps and exhibit TPRM as a value-add to executives and the organization.
For example, only 29.2% stated that they have clear, planned out direction for their TPRM program success. This is supplemented by the tools, resources, and processes being used. This is also seen in resources allocated to make this strategic TPRM direction happen, where only 32.7% of stated that they had both the budget and personnel to produce maximum TPRM results.
Overall, organizations who took part in this survey recognize they have gaps in their TPRM programs. While they’re working to define the priorities and next steps to make the strategic changes and investments needed to bridge these gaps, they’re not there yet.
There is positive progress being made, particularly in communicating the value of TPRM programs to executives. While only 28.7% of respondents stated their organization’s executives “consistently understand the strategic value of our TPRM program delivers to the business”, over 90% stated that there is communication in place in some regard.
While there is work to be done in understanding that TPRM is not a siloed process and centralized solutions are needed, results in our TPRM Survey with CeFPro show that TPRM maturity is being gained over time.
Growing TPRM maturity is not a one-step process, but rather a large-scale, strategic initiative made over time by implementing process efficiencies, best practices, and taking a holistic approach to managing these with a centralized, automated solution.
One of the best ways to address fragmentation within teams, processes, and technologies is to focus on centralizing programs into one purpose-built, scalable, and flexible TPRM solution. By centralizing this data, organizations can improve visibility, identify priorities, and make informed decisions that benefit their business.
TPRM solutions built to deliver insights and executive reporting while standing up to audits and regulatory scrutiny are proven to be of exceptional value to organizations no matter their size, industry, or maturity of their program.
As the challenges and risks represented by third-party relationships continue to scale and diversity, managing and mitigating risks with robust and purpose-built platforms is essential to long term strategic, operational, and financial success.
Share with Your Friends:
