How to manage Third-Party Risk Management Performance: Hackett Group
The Hackett Group highlights third-party risk management (TPRM) as a critical capability for supply chains around the world.
Of the organisational challenges third-party risk management facing procurement teams, Hackett says reactive risk management is the most common.
“Reactive risk management for compliance purposes is the most common organisational challenge of third-party risk management, indicating that many procurement teams are falling short on opportunities to predict and anticipate risk events,” Hackett says.
The results of Third-Party Risk Management Performance Study provide perspectives for both manufacturing and services-based organisations. It follows a performance study of third-party risk management across a wide demographic of companies.
Survey respondents also cited concerns including an overly complex process, too many stakeholders, and lack of funds and resources.
Some are starting anew to address catastrophic risk events. For others, it’s been enough to boost the existing risk management program with fresh ideas and better risk mitigation strategies.
Risk – a commonplace topic
“Regardless of how drastically the approach to risk management has changed, risk has become a commonplace topic at all levels of the business – up to the board level,” Hackett says.
The results from the TPRM performance study offer insights on prioritisation of risk events, mitigation strategies, technology and tools and data and information management. Risks are segmented into eight categories.
Topics covered include:
- key categories and types of supply risk that need to be actively monitored and addressed
- the top TPRM challenges facing organisations today
- critical risk factors in both manufacturing and services organizations
- the primary risk mitigation strategies and practices currently in use today
- quantifying the value of third-party risk management
- current and future plans for risk management tools and technology
Risk management tools – has Microsoft had its day?
The study found Microsoft Office suite is used by 92% and 83% of manufacturing and services organisations, but these numbers are expected to decrease by half within two to three years.
Many survey respondents cited they use these tools in combination with others like financial risk content providers, ERP solutions and spend management suites. Tools like niche risk software and GRC software are expected to increase,” the report says.
How is data used to manage risk
Of the data used for third-party risk management, financial data and compliance information are the most critical types of data used. But Hackett says risk programs should rely on a much broader set of data sources to best address supply risk.
“Even the least important data sources (news feeds and supplier stakeholder surveys) were reported as having high or medium importance by more than 69% of respondents,” Hackett said.
Get your copy of the TPRM performance study.