The challenges are deep and pervasive. Suppliers are strapped for cash. There’s a shortage of labor, materials, shipping components, and containers. Freight capacity is expensive and difficult to source.
In an environment like this, where businesses everywhere compete aggressively for limited capacity and resources, investments and reliance on third parties grow. Naturally, this breeds considerable business risk if not managed intentionally and strategically.
The business impact of third-party vulnerabilities
Third parties provide scale, flexibility, expertise and critical capacity. They also create vulnerabilities:
- A supplier’s sudden inability to deliver can impact an organization’s reputation and bottom line. In fact, Deloitte reports that 32% of the chief procurement officers (CPOs) surveyed are losing revenue to supply shortages. Another 11% reported brand damage from supplier issues.
- Third parties’ financial instability can lead to compliance and contractual issues, product safety risks, and supply shortfalls. Deloitte’s survey found 56% of CPOs say key suppliers have gone bankrupt or are severely hampered and 36% say suppliers are failing to meet new requirements.
- Third-party data breaches put your own information, compliance, and reputation at risk. The financial impact of breaches also cuts deep, costing an average of $3.86 million.
Third-party issues like these cause stress during the best of times. The pain is even deeper coming out of a global recession. As manufacturers scale, it’s critical to implement a strong third-party risk management (TPRM) program that can manage the risks associated with both new and existing suppliers.
Supercharge your TPRM strategy
There are several ways manufacturers can create a holistic strategy that protects against third-party risks.
1. Choose the right third parties.
You’re only as strong as your weakest link. Do your due diligence upfront to get an intimate understanding of who your partners are before you sign the contract. Only engage with partners that meet your standards and requirements, hold your company values, and operate in a way that’s consistent with how you do business.
Know the services those third parties provide and the information they can access. Assess their financial, operational, security, and compliance status. Understand their vulnerabilities so you’re not taken by surprise if an issue does manifest. The strongest TPRM strategies aren’t “set it and forget it.” They have processes in place to regularly check partners for status changes, new risks, outstanding compliance issues, potential for violations and more.
2. Invest in modern tools that automate manual processes.
Successful TPRM requires technology to eliminate tactile and manual processes. The biggest operational headache for many organizations is often centralizing data. Software can rein in heaps of compliance requirements, insurance policies, contracts, and other documentation typically spread out across the organization. Automating this process increases efficiency and enables risk and compliance leaders to get a more accurate and complete view of each third party’s business impact.
Tools built with predictive intelligence and AI add even more value by automatically scoring vendors’ financial viability and cyber risk. This makes it easier to identify and monitor the health of high-risk partners. TPRM technology also offers customizable views of risk. The right software will let you slice and dice the information in way that is most useful for your TPRM needs.
3. Set clear third-party risk ownership.
Only half of companies have a centralized TPRM program. That means the other half of organizations are still managing third-party risk in silos. Supply chain, legal, compliance, marketing, IT and HR regularly contract with third parties in their own lines of work, yet managing the associated risks to the organization probably is not top of mind. That’s why the most mature TPRM programs manage third-party risks strategically across the enterprise – with one person at the helm.
A chief risk officer (CRO) has the vantage point to see risk holistically across an organization. CROs are in a prime position to think broadly about third-party risk and set a clear framework for managing these threats across all business lines. The number of CROs in the United States today is relatively low but rising, as more companies see the value in enterprise risk leadership. Invest in a CRO now to keep up with new challenges in an evolving risk landscape, especially as the range of third-party risks
The Coronavirus disease (COVID-19) tested third-party risk programs across the world, and many broke under the pressure. As manufacturers build back, effectively managing third-party relationships and risks across the extended enterprise is critical for operational continuity and ongoing recovery.