Third-party risk management (TPRM) is more important than ever before
As the economic recovery picks up speed, third-party risk management (TPRM) is more important than ever before. Faced with supply chain disruption, cyber threats and growing inflationary pressure, global businesses are assessing their operational resilience and reviewing their dependence on third and fourth parties.
KPMG International's new research - which surveyed 1,263 senior TPRM professionals across six sectors and 16 countries worldwide - reveals that TPRM is a strategic priority for 85 percent of businesses, up from 77 percent before the outbreak of the pandemic. Nonetheless, the outlook for TPRM presents no shortage of challenges.
Our findings demonstrate the need for TPRM leaders to make a step change in their operating models and their approach to third-party risk. This need will likely only grow as supply chains and ecosystems continue to expand and the risk presented by fourth parties creates further complexity. Strong leadership and the ability to talk the language of the business — reflecting the priorities that business partners themselves set for third parties — is key.
Our recommendations, which we set out in Section 3 of the report, are designed to support a business environment in which TPRM remains high on the boardroom and management agenda throughout the pandemic recovery. Recognizing the need for action, while cognizant that there is no quick fix to the challenges faced by TPRM executives, we outline depending on your program's maturity a number of focus areas you can explore to drive enhancements to your program.
Five themes that stand out
- Third-party incidents are disrupting the business and damaging reputation
- Businesses underestimate the need for a sounds TPRM program, resulting in insufficient budgets
- Technology is not yet fulfilling its promise
- The challenge of limited resources is here to stay
- Most businesses struggle to maintain a fit-for-purpose TRPM operating model