NEW YORK, NY, US, 16 October 2023 - Released today, Deloitte Global’s 2023 third-party risk management (TPRM) survey explores the growing complexity of TPRM as dependence on third-parties continues to grow. The report offers insights into how leaders can enhance their third-party relationships to reduce risk, improve agility and ultimately sustain momentum in an uncertain economic climate. Notably, around four in five respondents (83%) remain optimistic or neutral about managing third-party relationships moving forward, even with these challenges in mind.
Now in its eighth year, the global third-party risk management survey gathers insights from over 1,300 TPRM leaders spanning 40 countries. The report shows companies that invest appropriately in TPRM and have higher levels of TPRM maturity are better equipped to navigate current and future challenges.
“As the global landscape continues to rapidly change, there’s an opportunity for organizations to bolster their third-party relationships and tackle the most pressing risks to supply chains and other vendor dynamics,” says Kristian Park, Third-Party Risk Management leader, Deloitte Global. “While leaders are taking positive steps toward improving ESG initiatives and embracing technology in these partnerships, the data indicates companies and third parties can go further to capitalize on this opportunity to thrive and achieve long-term growth.”
When asked to identify the top headwinds impacting their third-party relationships, respondents highlighted geopolitical challenges (61%), inflationary trends (46%) and concerns about their ability to meet increasing environmental, social, and governance (ESG) expectations (40%). Despite these challenges, most leaders indicated that they feel optimistic or neutral about managing third-party relationships moving forward.
Nearly two-thirds (63%) of respondents say their top focus area for investment is revisiting and refreshing the overall TPRM methodology used in the organization. And nearly half (48%) acknowledge they need to strengthen the role of executive leadership in managing and governing third-party relationships. While enhancing TPRM frameworks with technology will continue to be a focus, getting the right skills and talent into the program to leverage that technology has emerged as a newer and more immediate priority this year.
The extended enterprise, with its complex third-party and subcontractor relationships, should be a key consideration as organizations increasingly focus on social purpose and sustainability. More than half (56%) of respondents believe their organizational culture has become much more supportive in understanding and managing ESG risks and opportunities in their third-party ecosystem, with greater adoption of quantitative scoring and assessments amid data quality concerns.
However, to continue to improve focus on sustainability matters and other areas of ESG, companies will likely need to advance data tracking in their third-party relationships: Nearly one-third of respondents say internally or externally generated data on these topics is ‘low’ or ‘very low’ quality.
The management of supply chains and other third-party relationships has evolved with a focus on efficiency (just in time) rather than resilience (just in case). But as the business and macro-economic environment evolves, there is a need for a higher degree of centralized control in the governance of third-party ecosystems, better coordination internally and externally, and the need to invest in real-time data-driven insights to thrive amid disruption and uncertainty.
Fortunately, more leaders are prioritizing resilience in their third-party ecosystems—two in five (40%) respondents say resilience is already a priority, while about half (51%) say they have become more focused on integrating business strategy and risk management. However, only one-quarter (27%) believe their organizational budgets have increased to keep pace with the increasing complexities of TPRM.
Technology investments can play a vital role in protecting third-party relationships from cyber and information security risks, which nearly two-thirds of respondents (62%) ranked as the top third-party risk. This focus is part of a broader initiative to bolster trust between companies and their third parties, the approach to which varies by the relationship. Newer third parties may require a “track and react” strategy, while existing third-party relationships may only need efficient oversight.
Moreover, as many global leaders embrace “nearshoring,” the study shows nearly half of respondents (45%) currently procure as locally as possible, due to higher levels of trust with those closer by and lower costs. Still, around one-third (34%) say their procurement is more globally centralized, indicating that decoupling is not as widespread as previously suggested.
While new technologies look to enhance resilience, they will likely also maximize the value of third-party relationships, enabling organizations to segment and monitor their third-party population more effectively. Not all companies are taking advantage yet, with only half of respondents saying they formally segment their third-party population based on risk—and almost a third (32%) saying they do not do so at all.
Further, around three in five (62%) use digital monitoring techniques—but only for less than a quarter (25%) of their third-party population. Still, just over half (51%) believe the overall volume of third-party audit activity will increase as new technologies are expanded. As a result, boards and leadership should play a significant role in accelerating the adoption of technologies, such as artificial intelligence, to unlock successful third party management.
“To reduce risk, enhance trust, and maximize relationships, companies should increase transparency and agility with their third-party partners by leveraging emerging technologies and accelerating ESG initiatives, among other things,” adds Park. “Reimagining relationships with third parties can empower both entities to withstand increasingly complex challenges and build trust with their stakeholders to ultimately improve efficiency, effectiveness, and profitability.”