Nearly seven in 10 Canadian companies have had at least one significant supply chain disruption, monetary loss or reputational damage as a direct result of a third party within the last three years, and more than one third have had three or more such disruptions, according to KPMG in Canada's Third-Party Risk Management Outlook 2022 report, entitled From Awareness to Action: Elevating Third-Party Risk.
Drawing on responses from 100 senior third-party risk management (TPRM) professionals across Canada, the report assesses how organizations are approaching third-party risk in today's increasingly challenging and connected business environment.
While outsourcing and partnering have long proven to help drive efficiencies, expand capabilities and grow businesses, leaders across the country say they urgently need to make a step change in their TPRM operating models and their approach to managing third party risks.
"The pandemic has been a real wake-up call for Canadian organizations," says Jérôme Thirion, KPMG partner and national leader of Supply Chain Management. "We are constantly hearing from our clients about vendors who have been unable to deliver, or about problems with counterfeiting, overbilling, data breaches and other issues with third parties. This has put a huge strain on their ability to meet their customers' needs, and it is highlighting a dire need for companies to strengthen their TPRM programs."
Nearly two-thirds (65 per cent) of survey respondents believe it was "pure luck" that they avoided a major third-party incident during the pandemic, and 81 per cent say they urgently need to make TPRM more consistent across their enterprise.
"It is clear that TPRM should remain high on the executive and board agendas" says Edouard Bertin-Mourot, KPMG partner in Risk Consulting. "We still see TPRM addressed in pockets of the business, whilst third party risks are enterprise-wide matters and should be managed accordingly. An overarching TPRM operating model allows companies to get that risk-based, transversal and aggregated view of third-party risk exposures, necessary to better de-risk their business and build greater operational resilience."
Of course, covering the wide range of risks requires a specific skill set, and 65 per cent of organizations say they do not have sufficient in-house capabilities to manage all their third-party risks. "Companies need to increase their TPRM budgets and invest in both technology and training programs," says Kareem Sadek, KPMG partner in Risk Consulting and Blockchain Services co-leader. "It's also critical to leverage technology to improve visibility into risks, which will help them be far more responsive to potential disruptions."
The report presents five key steps Canadian organizations should take to enhance their TPRM programs and further strengthen their risk resilience:
- Elevate TPRM to the C-suite: Continuously engage the company's leadership on the third-party risk landscape, driving the appropriate attention and budget to TPRM.
- Build an overarching TPRM operating model: Establish a formal TPRM operating model with the adequate resources (people and technology) to enable holistic and continuous risk management and monitoring.
- Establish 360-degree visibility: Gain full visibility of all of third parties and the material risks that come with them.
- Prepare for material scenarios: Perform regular and detailed scenario planning to become more risk resilient.
- Collaborate within the industry: Consider a "coopetition" model to share information on vendors and develop a single, valuable viewpoint within an industry and ultimately optimize resource allocation to TPRM.
About KPMG in Canada
KPMG LLP, a limited liability partnership, is a full-service Audit, Tax and Advisory firm owned and operated by Canadians. For over 150 years, our professionals have provided consulting, accounting, auditing, and tax services to Canadians, inspiring confidence, empowering change, and driving innovation. Guided by our core values of Integrity, Excellence, Courage, Together, For Better, KPMG employs more than 10,000 people in over 40 locations across Canada, serving private- and public-sector clients. KPMG is consistently ranked one of Canada's top employers and one of the best places to work in the country.
The firm is established under the laws of Ontario and is a member of KPMG's global organization of independent member firms affiliated with KPMG International, a private English company limited by guarantee. Each KPMG firm is a legally distinct and separate entity and describes itself as such. For more information, see kpmg.com/ca.
For media inquiries:
National Communications and Media Relations
KPMG in Canada
Viewpoints from KPMG’s leaders and subject matter experts. | Points de vue des leaders et professionnels de KPMG.
Viewpoints from KPMG’s leaders. | Points de vue des leaders de KPMG.