The Situation
“Mind your own business.” How many times did you hear that growing up? It’s solid advice to heed on the schoolyard, but then it gets… complicated. In the global economy, you can’t turn a blind eye to anything that might put your customers, your employees, or your reputation at risk. Minding your own business has to include a healthy interest in other people’s business, too.
Most large companies rely on third parties for solutions ranging from core services to hosted technology solutions—but these much-needed solutions also introduce risks. That’s what our client, a large global financial institution, was struggling with. To align with global industry and regulatory standards, it needed to address multiple categories of risk such as cybersecurity, data privacy, business continuity, financial viability, and bribery and corruption prevention.
And it all had to be done at the same time—for a significant number of vendors.
The company looked to Deloitte to help design and implement a third-party risk management (TPRM) program that could offer greater visibility into its complex vendor ecosystem. The program needed to be efficient and effective, and to enable all the company’s business lines to take a single-minded approach to third-party risk. But delivering this expansive view would take time—and that was something our client couldn’t spare.
Companies aren't walled in anymore. And neither is risk.
The Solve
Getting a TPRM program up and running—quickly—could have been a daunting task, but our client didn’t have to go it alone. Deloitte’s Operate Services became an extension of the company’s team, bringing a hybrid approach to managed services. Our Hybrid Operate solution pairs human intelligence with advanced technology to manage risk, solve complex issues, and empower growth possibilities.
The human piece weaved human interaction into risk assessment of each supplier in line with the domains of the TPRM program. Deloitte personnel—some located at the client’s facilities and some working remotely—had real conversations with vendors about their services. They confirmed there was evidence to support the information the vendors shared, and the process has also been designed to enable visits to vendor sites when warranted. The Deloitte team was able to look at known issues with each vendor’s controls and offer their insights into potential impacts and recommended solutions.
On the technology side, we connected our client with Deloitte’s TPRM operate platform to provide assessment completion, continuous monitoring, and risk sensing. This offered the company a new and more efficient way to manage its third-party relationships and third-party risks. The TPRM operate platform could serve as a singular hub for a number of functions, including communications with vendors, workflow, stakeholder interactions, and risk reporting, and it could provide a broad view of risks and performances across the extended enterprise.
Best people. Best technology. The best solutions have both.
The Impact
Deloitte’s TPRM managed service gives our client a scalable program that provides:
- An integrated view of risk versus visibility into only one risk at a time.
- Potential to bring third-party collaborations to market faster.
- Enhanced TPRM transparency through workflow and reporting features.
- Better connectivity to vendors, resulting in improved performance.
- A range of TPRM data solutions, including lower-cost options such as news monitoring.
- The ability to respond to regulations and audit requirements in a more agile way.
Additionally, the client’s vendors were able to provide feedback that addressed their issues with the TPRM program, resulting in greater confidence in the company’s approach to TPRM on both sides.
Thanks to the broad view of supplier risks the new TPRM program provides, now the company can worry less about what others may be doing. And with Deloitte’s Operate Services, our client is able to keep the focus on growing its business, rather than minding it.
Minding your own business? We can help with that.
