How does a company identify and reduce risk related to the use of third parties like vendors, suppliers, partners, contractors, or other service providers?

This was one of the key topics in the webinar “Forsyningsrisikoer i 2022” hosted by KPMG on 26th of April. The panel, consisting of Celia Brekkan, Erik Arvnes and Sébastien Fix from KPMG, as well as Professor Marianne Jahre from BI Norwegian Business School and Lund University, discussed how businesses can approach the broad topic of third-party risk management (TPRM). 

Mitigate disruption with risk based Third Party Risk Management?

Supply chain risk management is as relevant as ever, with supply chain disruptions fueled by the pandemic and the war in Ukraine rendering businesses truly feeling the impact of the globalization.

For any company, TPRM is all about developing robust supply chains and preparing for any possible disruption by the company’s business partners and suppliers to avoid any regulatory or reputational damage. 

In 2022, KPMG conducted a global TPRM study showing that 38 % of the participants had experienced more than three significant disruptions to their supply chain over the last three years due to third parties, resulting in monetary losses or reputational damage.

Even businesses with more complex supply chains and numerous technologies available underestimate the scope for a TPRM program and a TPRM operating model. The burden of TPRM is often placed on the procurement department alone, hence limiting the access to resources, technologies, and budget. To cover the entirety of a TPRM program, other aspects such as corruption, human rights, compliance, and environmental damage should also be taken into consideration, thus making TPRM an enterprise-critical role.

The KPMG TPRM study also shows that 59 % of the respondents are frustrated by the lack of visibility their technology provides concerning third-party risk, beyond the oftentimes manual annual assessment. In order to move towards a more automated and real-time data gathering from 3rd parties, some new technologies must be adopted. Finally, integrations against other applications and processes are a prominent challenge; the right TPRM technology must provide visibility for everyone both within the business but also outwards towards the entire supply chain.

People, processes, and technology is key

The key for any business is to involve early the right people to define the best suited solution for their specific business. TPRM requires a holistic approach across disciplines and technologies within a company, involving all stakeholders along the way. The technology design should have a lean onboarding and monitoring, as well as being user-friendly and practical. By choosing a scalable technology, in which modules may be added, it can be designed to fit the business’ size and ambitions while simultaneously making it easier to justify the investment in smaller increments.

However, while it is important to choose the right technology for your business, it is also important that the TPRM not only has a technological focus. When creating strategies, businesses should also leverage the existing ecosystem with the third parties by working together to define a unique TPRM program that fits the business.

In conclusion, KPMG has defined some simple steps for a business looking to get started with TPRM program and improve its preparedness related to supply chain risks.

  1. Create an overall picture of the supply chain, both upstream and downstream, in normal times.
  2. Build on previous experiences to create an understanding of what risks the business is exposed to, and possible effects any of these risks would have on the business.
  3. Combine this knowledge to prioritize the key elements of the TPRM program and create some basic strategies.


Want to know more?

This article is related to the 4th webinar in the 2022 Procurement and Supply Chain webinar series, consisting of 11 webinars, created by KPMG Operations. Follow KPMG Norway for more updates on the webinar series and visit for more information and recordings of the previous webinars.

Celia Brekkan

Celia Brekkan

Partner, KPMG Operations

+47 97698124