- About Us
- Request Demo
In third-party risk, issues around data – data security and data privacy – often hold center court. In the wake of the recent onslaught of cyber attacks and data breaches, as well as the enhanced and new regulatory efforts to contain them, third party risk managers can often find themselves spending a lot of time talking about data.
But are they focusing on one aspect of the businesses’ data, at the expense of improving their own? Today, third-party risk management (TPRM) executives are being asked to help shape their corporate data strategies, while their approach to their own risk data can be painfully out-of-date.
Two recent surveys show that while vendor risk issues may be a high priority for organizations’ finance teams, the way data is used within the risk management discipline falls considerably behind how other parts of the business may be using data to help deliver on the firm’s strategic goals.
Survey says: Vendor risk the top issue
Third party risk is now a top concern in companies. A Dun & Bradstreet report, The (R)evolution of Risk Management, released in August 2018, surveyed finance team leaders at North American and UK companies. The survey found that monitoring risks within the customer, supplier, or partner base ranked as the #1 risk facing finance leaders today.
According to the survey, 38% of finance leaders believe this a “high” risk. For context, the second highest issue was forecasting or predicting risk, while the third was growing profitability. The fact that third-party risk has surpassed these other, very deep concerns demonstrates just how far the topic of TPRM has come over the past few years.
This message was reinforced by a second D&B survey result. The top two industry external threat risks cited by survey participants were a decline in customer viability and supply chain disruption. More than 65% of finance leaders rating these as “moderate” or “high” risks.
Data silos not helping risk management
However, the other major finding of the D&B survey was that the way organizations manage their risk data is sub-optimal. According to the results, more than 60% of data used in risk management is siloed. In addition, only 20% of finance leaders reported that they had the ability to share data in an integrated fashion to manage enterprise risk.
The survey concludes, “There may be a relationship between the industry-wide concerns of customer viability and supplier viability with the top risks facing finance leaders internally, such as monitoring and forecasting risk. These results indicate that understanding risks and opportunities is a primary barrier to effective risk management within most companies, whereas scaling and adapting to the risks themselves are of lesser concern. Ineffective or inadequate use of data, analytics, or emerging technologies is a possible indication for the high level of risk associated with generating insights on risks and opportunities.”
In short, risk management teams – including those in the TPRM discipline – are failing to make use of technology – either at a basic or a more advanced level – to help detect both risk and opportunity.
Going deeper into the data problem
The results of the Dun & Bradstreet survey are echoed in the recent survey by Aravo, which looked specifically at TPRM maturity in organizations. The results reveal that TPRM data practices have a good deal of evolving to do – it is little wonder that vendor risk is such a concern for organizations. For example:
Survey respondents said these issues hampered their ability to gain a full picture of their organization’s third-party risks, to work with TPRM data effectively, and to deliver insights to key stakeholders such as the board and business unit leadership.
Yet, TPRM managers see the opportunity that data – harnessed within the right technology approach – can create. When respondents were asked “What do you think will be the greatest opportunities ahead for third party risk management in your organization in the next 12 months,” the most popular response was gaining insight and intelligence. Many indicated that it would be a marriage of technology and data that would deliver this – for example, through better data management, the running of the data through analytics, and advanced reporting of the data.
Improving the data picture
The good news is that path to overcoming the data challenges that TPRM teams face is clear and well-trodden. There is no need to reinvent the wheel. And the value that the development of a consistent approach to managing TPRM data will bring to an organization is enormous. Key practices in managing TPRM program data include:
These practices are essential fundamental approaches to managing TPRM data correctly. It’s highly likely that other areas of the organization, working with business-facing data, have already implemented these methodologies. Given the high level of concern that organizations have about the threat posed by vendors, to the ability of the business to achieve its strategic goals, there has never been a better time to press the case for investment in improving the way TPRM data is managed internally. The benefits – improved risk insights, as well as greater awareness of potential opportunities – hold not only operational, but considerable strategic value as well.