NEW YORK, NY, US, 16 October 2023 - Released today, Deloitte Global’s 2023 third-party risk management (TPRM) survey explores the growing complexity of TPRM as dependence on third-parties continues to grow. The report offers insights into how leaders can enhance their third-party relationships to reduce risk, improve agility and ultimately sustain momentum in an uncertain economic climate. Notably, around four in five respondents (83%) remain optimistic or neutral about managing third-party relationships moving forward, even with these challenges in mind.
Now in its eighth year, the global third-party risk management survey gathers insights from over 1,300 TPRM leaders spanning 40 countries. The report shows companies that invest appropriately in TPRM and have higher levels of TPRM maturity are better equipped to navigate current and future challenges.
“As the global landscape continues to rapidly change, there’s an opportunity for organisations to bolster their third-party relationships and tackle the most pressing risks to supply chains and other vendor dynamics,” says Kristian Park, Third-Party Risk Management leader, Deloitte Global. “While leaders are taking positive steps toward improving ESG initiatives and embracing technology in these partnerships, the data indicates companies and third parties can go further to capitalise on this opportunity to thrive and achieve long-term growth.”
When asked to identify the top headwinds impacting their third-party relationships, respondents highlighted geopolitical challenges (61%), inflationary trends (46%) and concerns about their ability to meet increasing environmental, social, and governance (ESG) expectations (40%). Despite these challenges, most leaders indicated that they feel optimistic or neutral about managing third-party relationships moving forward.
Nearly two-thirds (63%) of respondents say their top focus area for investment is revisiting and refreshing the overall TPRM methodology used in the organisation. And nearly half (48%) acknowledge they need to strengthen the role of executive leadership in managing and governing third-party relationships. While enhancing TPRM frameworks with technology will continue to be a focus, getting the right skills and talent into the programme to leverage that technology has emerged as a newer and more immediate priority this year.
The extended enterprise, with its complex third-party and subcontractor relationships, should be a key consideration as organisations increasingly focus on social purpose and sustainability. More than half (56%) of respondents believe their organisational culture has become much more supportive in understanding and managing ESG risks and opportunities in their third-party ecosystem, with greater adoption of quantitative scoring and assessments amid data quality concerns.
However, to continue to improve focus on sustainability matters and other areas of ESG, companies will likely need to advance data tracking in their third-party relationships: Nearly one-third of respondents say internally or externally generated data on these topics is ‘low’ or ‘very low’ quality.
The management of supply chains and other third-party relationships has evolved with a focus on efficiency (just in time) rather than resilience (just in case). But as the business and macro-economic environment evolves, there is a need for a higher degree of centralised control in the governance of third-party ecosystems, better coordination internally and externally, and the need to invest in real-time data-driven insights to thrive amid disruption and uncertainty.
Fortunately, more leaders are prioritising resilience in their third-party ecosystems—two in five (40%) respondents say resilience is already a priority, while about half (51%) say they have become more focused on integrating business strategy and risk management. However, only one-quarter (27%) believe their organisational budgets have increased to keep pace with the increasing complexities of TPRM.
Technology investments can play a vital role in protecting third-party relationships from cyber and information security risks, which nearly two-thirds of respondents (62%) ranked as the top third-party risk. This focus is part of a broader initiative to bolster trust between companies and their third parties, the approach to which varies by the relationship. Newer third parties may require a “track and react” strategy, while existing third-party relationships may only need efficient oversight.
Moreover, as many global leaders embrace “nearshoring,” the study shows nearly half of respondents (45%) currently procure as locally as possible, due to higher levels of trust with those closer by and lower costs. Still, around one-third (34%) say their procurement is more globally centralised, indicating that decoupling is not as widespread as previously suggested.
While new technologies look to enhance resilience, they will likely also maximise the value of third-party relationships, enabling organisations to segment and monitor their third-party population more effectively. Not all companies are taking advantage yet, with only half of respondents saying they formally segment their third-party population based on risk—and almost a third (32%) saying they do not do so at all.
Further, around three in five (62%) use digital monitoring techniques—but only for less than a quarter (25%) of their third-party population. Still, just over half (51%) believe the overall volume of third-party audit activity will increase as new technologies are expanded. As a result, boards and leadership should play a significant role in accelerating the adoption of technologies, such as artificial intelligence, to unlock successful third party management.
“To reduce risk, enhance trust, and maximise relationships, companies should increase transparency and agility with their third-party partners by leveraging emerging technologies and accelerating ESG initiatives, among other things,” adds Park. “Reimagining relationships with third parties can empower both entities to withstand increasingly complex challenges and build trust with their stakeholders to ultimately improve efficiency, effectiveness, and profitability.”
About Deloitte
“Deloitte,” “us,” “we” and “our” refer to one or more of Deloitte Touche Tohmatsu Limited (“DTTL”), its global network of member firms, and their related entities (collectively, the “Deloitte organization”). DTTL (also referred to as “Deloitte Global”) and each of its member firms and related entities are legally separate and independent entities, which cannot obligate or bind each other in respect of third parties. DTTL and each DTTL member firm and related entity is liable only for its own acts and omissions, and not those of each other. DTTL does not provide services to clients. Please see www.deloitte.com/about to learn more.
Deloitte provides industry-leading audit and assurance, tax and legal, consulting, financial advisory, and risk advisory services to nearly 90% of the Fortune Global 500® and thousands of private companies. Our professionals deliver measurable and lasting results that help reinforce public trust in capital markets, enable clients to transform and thrive, and lead the way toward a stronger economy, a more equitable society and a sustainable world. Building on its 175-plus year history, Deloitte spans more than 150 countries and territories. Learn how Deloitte’s approximately 415,000 people worldwide make an impact that matters at www.deloitte.com.
Press contact(s):