Connect with us

Hi, what are you looking for?

Business

Evaluating business severity: Predictions for third-party risk management

It’s all about supplier resilience now, and that means looking at risks from the beginning to the end of the vendor relationship.

Oil demand could outstrip supply next year, the IEA says
Oil demand could outstrip supply next year, the IEA says - Copyright GETTY IMAGES NORTH AMERICA/AFP/File David Ryder
Oil demand could outstrip supply next year, the IEA says - Copyright GETTY IMAGES NORTH AMERICA/AFP/File David Ryder

An important consideration for businesses is with developing robust third-party risk management (TPRM) strategies. These relate to the ongoing evaluation process for organizations that want to manage the risks that occurs with using vendors and outsourcing services and products.

From lessons learned in 2022’s third-party breaches, to supplier disruptions and new regulations, Alastair Parr, SVP of Global Products & Delivery, and Brad Hibbert, COO and CSO, at Prevalent, Inc. have presented three predictions to guide organizations in their 2023 third-party risk management (TPRM) strategies.

The Old “Annual and Manual” Approach to TPRM Will Become an Exception Rather Than the Norm

According to Parr: “Given the continual onslaught of third-party vendor and supplier-originated security incidents (for example, the ransomware attack at Kojima Industries that stopped production at Toyota), organizations are trying to better predict disruptions and mitigate them when they do happen. As if this wasn’t challenging enough, increasing regulatory pressures in the areas of data protection and supplier due diligence are requiring these same organizations to more regularly assess the business resilience of their vendors and suppliers.”

What does this mean?

Parr adds: “Organizations have to be more proactive, continuous, and agile in assessing their third-party vendor and supplier resilience, ditching manual methods once and for all. Threats, regulatory requirements and legislation won’t allow the bare minimum third-party vendor and supplier due diligence reviews anymore.”

Parr continues: “Simply put, TPRM can’t be an annual, manual check-the-box exercise.

To accommodate this shift, expect TPRM offerings to deliver better machine learning (ML)-based automations and analytics and stronger correlation against prior assessment findings. This evolution will help organizations more easily spot and respond to incidents and more efficiently gauge vendor and supplier resilience on an ongoing basis.”

Prediction #2: Third-Party Risk Management Will Evolve Into Third-Party Lifecycle Management

With the lifecycle approach, Hibbert explains: “It’s all about supplier resilience now, and that means looking at risks from the beginning to the end of the vendor relationship.”

In terms of how to approach this, Hibbert recommends: “Looking at risks at a single point in the supplier relationship, for example only at the time of onboarding, is the wrong approach. Risks continually present themselves throughout a supplier relationship long after the contract is signed. Yet, according to a recent TPRM trends report, fewer than half of companies are tracking third-party risks as the relationship progresses through maturity.”

Drawing on example, Hibbert explains: “In 2023, organizations will begin to look at third-party risks as a lifecycle with uniquely-tracked and managed risks during sourcing and selection, onboarding and contracting, ongoing management, and offboarding. This evolution will be driven by the need for better program oversight as professionals seek to capture information from colleagues adjacent to them in areas such as procurement, legal, compliance, audit, and risk. To facilitate this, data must become more accessible across teams and processes consolidated around a consistent set of workflows.”

Prediction #3: Geographic and Political Insights Will Become Increasingly Accessible in TPRM Solutions

In terms of the global situation, Parr finds: “If there was anything that the Russian invasion of Ukraine taught us, it’s the need to consider geo-political concerns in making supplier decisions. This is inherently a non-IT risk.”

This makes the task of accurately assessing the global situation more challenging. Parr indicates: “It is notoriously difficult to identify the regional sites of a third party supplier that may be impacted by a geographic event such as adverse weather or geo-political issues. While the head office is commonly identified during the contracting phase, the regional sites such as manufacturing plants are often not readily available.”

Further with the Russian situation, Parr considers: “Considering the ramifications of the Russian invasion of Ukraine, in 2023 organizations will seek to capture more geographic information so they can report immediately to executives once a major event hits the media, identify potential challenges in the supply chain quickly and efficiently, and adjust accordingly. Supplier risk management solutions will help facilitate the collection and analysis of this information through passive scanning and the creation of a comprehensive supplier profile.”

Avatar photo
Written By

Dr. Tim Sandle is Digital Journal's Editor-at-Large for science news. Tim specializes in science, technology, environmental, business, and health journalism. He is additionally a practising microbiologist; and an author. He is also interested in history, politics and current affairs.

You may also like:

World

Immigration is a symptom of a much deeper worldwide problem.

Business

Saudi Aramco President & CEO Amin Nasser speaks during the CERAWeek oil summit in Houston, Texas - Copyright AFP Mark FelixPointing to the still...

Business

Traveling in NY is already costly, but it just got worse: transit authorities have approved a controversial $15 toll, set to take effect in...

Business

The US central bank should either scale back or delay its interest rate cuts in response to "disappointing" inflation data.