As organizations’ dependence on third parties continues to grow, third-party risk management (TPRM) is becoming ever-more complex and important. Companies must navigate regulatory trends and requirements, data security and privacy concerns, and other operational and reputational risks when managing relationships with external vendors, suppliers, and other partners.
To help uncover and promote best practices – and enable organizations to identify trends and benchmark TPRM progress – Deloitte has published its global third-party risk management survey. Now in its eighth consecutive year, the report contains actionable insights from more than 1,300 TPRM leaders across 40 countries.
The full report, available on Deloitte.com and titled “Navigating the headwinds: Enhancing agility to regain momentum,” highlights the many ways leaders can enhance third-party relationships to reduce risk and ultimately bolster organizational resilience. Key findings are spotlighted below:
The TPRM journey isn’t always a “breeze”; headwinds – in the form of growing uncertainties and challenges in the macro-economic and business environment – often converge to impact TPRM practices and relationships. Organizations face the need to both identify and understand these challenges, so they can better manage their supply chain and other external relationships.
In this latest survey, TPRM leaders highlighted the top headwinds affecting their third-party relationships today, including:
In spite of strong headwinds, there was a pervasive optimism and sunny outlook among survey respondents when asked about their sentiment around managing third-party relationships going forward. One in three TPRM leaders (32%) describes themselves as “optimistic,” with 83% having either an “optimistic” or “neutral” outlook.
This positive outlook was even more pronounced in those organizations that continue to invest in TPRM capabilities. Ongoing investments in – and attention to – the people, processes, and technologies related to TPRM can help organizations better navigate the growing complexities and “ripple effects” of interrelated and emerging risks.
TPRM leaders also outlined the following areas of priority when it comes to addressing the challenges of TPRM today:
A combination of regulatory pressure, emerging legislation, executive attention, and customer and stakeholder expectations have put a spotlight on ESG. Indeed, Deloitte’s last three TPRM surveys have reflected the increasing emphasis from boards and the C-suite on social purpose as an integral element of integrated business strategies. The extended enterprise, with myriad third-party and subcontractor relationships, helps fulfill this mission.
And organizations are laying the groundwork for progress: In fact, nearly 6 in 10 TPRM leaders (56%) believe their organizational culture has become much more supportive in understanding and managing ESG risks and opportunities in their third-party ecosystem.
The top 3 ESG focal areas for organizations, in ensuring their third parties behave sustainably and responsibly, are:
These focal areas largely align with the priorities TPRM leaders identified in Deloitte’s last (2022) survey. However, product liability – identified as an ESG focal area by 59% of TPRM leaders in 2022 – dropped to 37% in 2023.
What’s more, data is key in understanding and evaluating ESG risks within third-party ecosystems. Survey results show that 1 in 4 TPRM leaders (25%) use quantitative scoring methods to assess such risks and supplement them with expert input and ESG tools: up from 18% in 2022.
But take heed of the common saying, “garbage in, garbage out.” Nearly one-third of respondents say the quality of external ESG data (such as from third parties and external agencies) is “low” or “very low”; a similar percentage felt the same about internally generated data. This highlights the need for better traceability, transparency, and data tracking across the supply chain, so that accurate, actionable, and complete insights can drive sound decision-making.
Additional advice, best practices, and considerations borne out of the survey data include:
There’s no single or static model for what TPRM excellence looks like. While the optimal state of TPRM is typically a moving target at organizations – not to mention, often unique to each business, and reflective of its risk appetite – the consequences of falling behind are amplified in complex and volatile environments. So, for forward-looking organizations, understanding and addressing the headwinds and priorities shaping TPRM are strategic priorities.
The survey also makes clear TPRM’s abundant potential in powering organizational performance. What’s more, organizations with more mature TPRM functions find themselves better able to navigate challenging and changing environments – responding adeptly and with agility. By enhancing trust and transparency in their extended enterprise, organizations can be more sustainable and resilient today, and ready to take on the challenges and imperatives of tomorrow.