Insights

Fresh thinking and actionable insights that address critical issues your organization faces.

Learn more

Resources

Services

KPMG's multi-disciplinary approach and deep, practical industry knowledge help clients meet challenges and respond to opportunities.

Services to meet your business goals

Technology Alliances

KPMG has market-leading alliances with many of the world's leading software and services vendors.

View all Alliances

Industries

Helping clients meet their business challenges begins with an in-depth understanding of the industries in which they work. That’s why KPMG LLP established its industry-driven structure. In fact, KPMG LLP was the first of the Big Four firms to organize itself along the same industry lines as clients.

How We Work

We bring together passionate problem-solvers, innovative technologies, and full-service capabilities to create opportunity with every insight.

Learn more

Careers & Culture

What is culture? Culture is how we do things around here. It is the combination of a predominant mindset, actions (both big and small) that we all commit to every day, and the underlying processes, programs and systems supporting how work gets done.

Learn more
Relevant Results
Sorry, there are no results matching your search.
Autocomplete suggestions are available. Use up and down arrows to review and enter to select.
See more results

Exploring third-party risk management for internal audit leaders

KPMG Ask the Experts Insights

Download PDF
Share

With organizations increasingly dependent on external parties, robust third-party risk management (TPRM) programs are essential. As risk management and compliance evolves to increase coverage of third-parties, internal auditors are experiencing a significant shift to focus on TPRM. This shift requires auditors to be well-resourced and equipped to provide valuable recommendations, while balancing risk mitigation with efficiency, using a coordinated three lines of defense model for comprehensive oversight.

In the recent webcast, Ask the Experts: Exploring third-party risk management in the age of automation and GenAI, industry leaders shared valuable insights on the transformative role of TPRM and IA’s opportunity to shine. The discussion emphasized adopting a risk-based approach, leveraging technology for due diligence, and fostering collaboration between internal audit and stakeholders.

Key Insights

1

TPRM is gaining importance and regulatory scrutiny across industries.

2

TPRM programs are evolving from manual processes to more automated, technology-enabled solutions.

3

TPRM ownership is often distributed, requiring a hub-and-spoke model with central governance and oversight.

4

AI is transforming TPRM through efficient due diligence, smart questionnaires, and data integration.

5

Proper TPRM resourcing isn’t limited to staffing, and includes technology, data and the right third-party resources.

5 things IA professionals need to do now

1

Adopt a risk-based approach to TPRM and tier third parties based on risk profile.

2

Align TPRM with the organization's ERM framework and integrate it with other risk management programs, such as information security, compliance, and privacy.

3

Work with legal to mitigate identified third-party risks through proper contract language (e.g. audit provisions), and leverage technology enablement for risk-based due diligence reviews. In addition, exercise audit rights in a risk-based fashion.

4

Trust instincts, challenge risks, and provide recommendations that identify efficiencies and support the bottom line.

5

Be a trusted advisor, help the business move at its speed while mitigating risks, and secure leadership buy-in for TPRM audit program.

What’s on the mind of IA professionals

Statistics are based on polling data from our September 2024 Ask the Experts webcast. To see the full audience polling results, download our infographic here.

48%

of respondents stated that the percent of their audit plan focused on TPRM was less 10%. An additional 38% responded it was between 11-25% of the plan.

80%

of respondents said their TPRM audit program was basic or nonexistent, indicating a significant need for improvement.

41%

of professionals reported that their focus area in their TPRM audit program is cyber and information security. The second highest focus was reg. comp. at 19%.

71%

of professionals don’t feel that they are properly resourced, with the minimum staff and proper tools/data to support their TPRM audit program.

Dive into our thinking:

Exploring third-party risk management for internal audit leaders

Download PDF

Explore more

Insight
Webcast Replay Webcast Upcoming Listen Now

Ten Ways to Optimize Your TPRM Program

Prioritizing key risks to enhance operational resilience

Read more
Insight
Webcast Replay Webcast Upcoming Listen Now

Regulatory Insights

The thought leader hub for timely insight on risk and regulatory developments

Read more
Insight
Webcast Replay Webcast Upcoming Listen Now

The future of Internal Audit

Manage disruption while building stakeholder trust

Read more

Meet our team

Image of Michael A. Smith
Michael A. Smith
Partner, Advisory, and U.S. Internal Audit Solution Leader, KPMG US
Read bio
Image of Joy St John
Joy St John
Advisory Managing Director, FS Risk, Regulatory & Compliance, KPMG US
Read bio
Image of Daniel W. Click
Daniel W. Click
Partner, Advisory, Forensic, KPMG US
Read bio
Image of Michael A. Smith
Michael A. Smith
Partner, Advisory, and U.S. Internal Audit Solution Leader, KPMG US
Read bio
Image of Joy St John
Joy St John
Advisory Managing Director, FS Risk, Regulatory & Compliance, KPMG US
Read bio
Image of Daniel W. Click
Daniel W. Click
Partner, Advisory, Forensic, KPMG US
Read bio

KPMG. Make the Difference.


Some or all of the services described herein may not be permissible for KPMG audit clients and their affiliates or related entities.

The information contained herein is of a general nature and is not intended to address the circumstances of any particular individual or entity. Although we endeavor to provide accurate and timely information, there can be no guarantee that such information is accurate as of the date it is received or that it will continue to be accurate in the future. No one should act upon such information without appropriate professional advice after a thorough examination of the particular situation. KPMG LLP does not provide legal services.

The information contained herein is not intended to be “written advice concerning one or more Federal tax matters” subject to the requirements of section 10.37(a)(2) of Treasury Department Circular 230.

© 2025 KPMG LLP, a Delaware limited liability partnership and a member firm of the KPMG global organization of independent member firms affiliated with KPMG International Limited, a private English company limited by guarantee. All rights reserved.

For more detail about the structure of the KPMG global organization please visit https://home.kpmg/governance.

Thank you!

Thank you for contacting KPMG. We will respond to you as soon as possible.

Contact KPMG

Use this form to submit general inquiries to KPMG. We will respond to you as soon as possible.

By submitting, you agree that KPMG LLP may process any personal information you provide pursuant to KPMG LLP's Privacy Statement.

An error occurred. Please contact customer support.

Job seekers

Visit our careers section or search our jobs database.

Search now!

Submit RFP

Use the RFP submission form to detail the services KPMG can help assist you with.

Submit

Office locations

View locations

International hotline

You can confidentially report concerns to the KPMG International hotline

Learn more

Press contacts

Do you need to speak with our Press Office? Here's how to get in touch.

Contact

Headline