TPRM Adoption
TPRM Adoption

New Trends Accelerating TPRM Adoption: An Analyst’s Perspective

Henry Umney |

Industry perceptions of a greater focus on Third-Party Risk Management (TPRM) post-2020 seem to be borne out by research published by Deloitte.

Its annual TPRM survey, published recently, highlights several key changes in how companies are reviewing how they manage their supply chain risk, as changing work practices expose companies and their extended enterprise to new risks and challenges.

Let’s explore the key findings.

Many organizations are still responding to the pandemic

While the need for effective TPRM was well understood before 2020, only 26% of respondents felt they had mature TPRM frameworks in place at that time.

Since early 2020, the pace of change has accelerated, albeit to varying degrees between different sectors. 45% of those who responded to their survey were still in the response phase, addressing the working impact of the pandemic as a business continuity issue, and using the same tools, processes, and procedures to manage their supply chain as they had before.

Infographic: Guidelines for Effective Vendor Onboarding

Mitigate risk while building strong vendor relationships.

Sectors including energy, resources, industry, life sciences and the consumer sector were on the back foot, comparatively speaking. The financial services, telecom, and government sectors have made more progress in normalizing the situation by understanding and reflecting on the lessons learnt.  And by implementing systems and processes that will help them enhance their TPRM now and in the future.

This is in part because governments have had to invest in supply chain resilience, as they have taken the lead in addressing the fallout of the pandemic. Telecoms have always closely managed a diverse global supply chain that drives production and innovation, while the financial services sector has a significant regulatory obligation in better assessing and managing its third-party suppliers.

Nevertheless, regardless of their current situation, over 50% of respondents were looking to invest more in their TPRM environment, to ensure their supply chain – so key to their success – continues to be an asset rather than a liability.

Risk intelligence is a key priority

The survey highlighted the need for streamlined TPRM monitoring, but also real-time management information to highlight risks involving components of the supply chain, for strategic decision-making, due diligence, and on-going risk monitoring.

Many organizations had TPRM processes in place prior to 2020, which met the need of the business at the time. Some are now seeking to revolutionize how they manage the issue, while others are looking to build on their previous successes.

However they were looking to tackle the issues, the biggest gap for many was the need for real-time third-party risk intelligence, which typically covers issues involving business interruptions, takeovers, production, and product quality issues and other operational or contractual criteria.

Digital risks are a top concern

The digitization of the supply chain has been ongoing for many years, but clearly the challenges of the last two years have accelerated this process, as different working patterns have emerged which look likely to remain for the foreseeable future. The survey highlighted the significance of digital risks in TPRM.

While changing work practices were a driver for this, the continued use of legacy applications and systems exposed suppliers to risks that their client would not tolerate in their own environment. There were also cultural issues involved in delivering digital services, encompassing new ways of working, as well as issues surrounding privacy, security, and conduct.

These capabilities are essential in delivering services to customers, and inconsistent application of best practice could expose their customers to issues that TPRM needs to identify and highlight.

Cost pressures are preventing insourcing

One response to the increased risk sensitivity of outsourcing is clearly to consider insourcing those business processes and activities most critical to the business.

While a closer operational relationship will address business risks?  The operational challenges of sourcing the right skills and experience locally, as well as the time and budget to build a replacement infrastructure, mean that insourcing processes and services beyond a small number is very challenging, if not impossible. The increase in costs, as well as the challenge of passing these costs onto the customer make significant insourcing impractical.

This picture was not uniform. Telecom companies were the most reluctant to consider insourcing, while financial services (driven in part by enhanced regulatory scrutiny) were more likely, as was the public sector.

Enterprise-strength Third-Party Risk Management

The insights from the Deloitte research are similar to the feedback we’ve been getting from our own customers. From our perspective, companies are looking to significantly enhance their TPRM capabilities, both to streamline their current operations but also to embrace new capabilities that can enhance the overall effectiveness of their TPRM efforts.

Real-time risk intelligence is proving to be of great interest, so that companies can understand where the next issue may emerge, whether it be for operational, technical, commercial, or contractual reasons. Similarly, toolsets that allow procurement and operational teams to proactively monitor the supply chain, down to their 4th and 5th levels, can provide valuable insight in ensuring performance against contract and specification.

There is a need for TPRM solutions that are easy to use and deploy, and that impose minimal overhead on the supply chain, while still providing enhanced visibility for both sides.

Mitratech offers a powerful array of solutions for TPRM, that are robust, proven, and easy to deploy, and in use with some of the most demanding companies in the world. They help companies better manage their risk and enhance their supply chain management. Learn more about our TPRM solutions.

Defend yourself against vendor and enterprise risk

Learn about our best-in-class VRM/ERM solutions.