Our latest research shows how organizations with more mature Third Party Risk Management (TPRM) have augmented their current capabilities to help them adopt innovative or adaptive responses to the challenges (headwinds) in an ever-changing external environment. They are also more agile in navigating the growing complexity, speed, and ripple effect of new interconnected risks.
Our survey's results prove TPRM's potential to power organizational performance. Organizations with higher TPRM maturity are more resilient and adaptable to an ever-changing external environment due to their agility and capability to navigate the growing complexity and ripple effect of newer and interconnected risks.
This agility, resulting from enhanced capabilities, is reflected in the way they navigate the headwinds in the macroeconomic environment and ensure that their third parties act in a sustainable and socially responsible manner, while remaining resilient at the same time. They are also focused on building trust within their third-party ecosystem. Respondents believe these objectives are best achieved by using evolving technologies to be more efficient and effective in managing third-party relationships.
The current business and macroeconomic environment has reconfirmed TPRM's potential in powering organizational performance. However, this is more achievable in organizations with relatively mature TPRM mechanisms.
However, higher investment priority is needed to revisit existing TPRM frameworks/methodologies. This is to ensure these organizations remain environmentally fit-for-purpose.
In this section of the report, we recommend tangible actions such as the above that will be help organizations determine and develop the appropriate level of capability to balance the growing expectations and challenges.
Over the last year we tracked the progress made by respondents in ensuring that organizations and their third parties act responsibly and sustainably, reinforced by a stronger organizational resolve. Organizational cultures that support ESG initiatives are driven by emerging regulations and legislation, growing customer expectations, and tangible benefits that other stakeholders acknowledge.
The increasing use of quantitative methods has been the most significant change since last year. It's starting to enable organizations move to a more robust quantitative/data-driven approach. However, data quality remains a concern.
Further opportunities exist to embed sustainability into the supply chain while considering its broader impact on resilience and vice versa. Taking advantage of the synergies between the two offers the potential for long-term optimization. Although many studies show that a stronger focus on ESG creates more resilient organizations, the two can conflict. Organizations may need to trade off and find a second supplier who may not be as ESG-focused as their primary supplier and enhance resilience by reducing concentration.
Respondents are focused on being more resilient in their extended enterprise as an organizational priority. They recognize that supply chain and other third-party management have so far focused more on efficiency (just-in-time) rather than resilience (just-in-case). Many organizations have been slow to shift gears at a time when the business and macroeconomic environment has changed. A higher degree of centralized control in the governance of third-party ecosystems, better coordination and the need to invest in real-time data-driven insights to thrive amid disruption can help organizations become more resilient.
Elevating resilience to a strategic priority requires focus and investment at the board and C-suite levels. Our survey shows how personal optimism in achieving this transformation drops sharply in organizations where there are low levels of investment.
Another top priority is enhanced transparency, traceability, and trackability across third-party relationships and subcontractors. This helps organizations become more agile and better prepared to navigate unfamiliar or challenging situations.
Building or enhancing trust in third-party relationships is becoming an increasingly significant consideration. This is especially true for critical suppliers and other third-party relationships. More organizations recognise the correlation between trust, financial performance, and resilience. Our previous research on this emerging interrelationship identified four key factors that build and enhance trust: capability, reliability, transparency, and humanity.
Our 2023 survey results suggest that only a few firms are prioritizing all these factors when trying to enhance the level of trust around third-party relationships and provide them with more flexibility on oversight.
Overall, further work needs to be done by many organizations to enhance trust as this topic continues to evolve.
There have been significant shifts around the enhanced use of TPRM tools and technologies. The challenging times we live in require the development of capability through smarter, real-time, and agile approaches underpinned by the innovative use of technology. This will help organizations to continue to be "brilliant at the basics" by intelligently refreshing the fundamental TPRM processes required for better decision-making related to third parties, while ensuring appropriate actions to risk management.
Our survey data indicates that the adoption of smarter, digital TPRM mechanisms remains slower than expected in real-time due diligence and monitoring of specific third-party segments.
Accelerating this process must start by breaking down organizational silos to promote inter-connected thinking and acknowledge the high cost of doing nothing. Organizations that don't keep pace through ongoing digital transformation will fall behind the evolving definition of good practice.
Deloitte’s seventh annual third party risk management (TPRM) survey showed a greater level of awareness and focus on ESG in the extended enterprise, as organizations focus on more sustainable and resilient supply chains.