A third-party risk management (TPRM) programme is one of a company’s most important policies. Indeed, in some scenarios, an effective TPRM programme can be the difference between smooth operations and damaging disruption.

On the one hand, using third parties – be it suppliers, agents, intermediaries, advisers or consultants, among others – can help a company to reduce time to market, cut service delivery costs and access skills not available in-house. On the other, too great a reliance on third parties increases exposure to cyber, financial, operational, regulatory and reputational risks.

According to the CA Technologies report ‘Five Best Practices to Manage and Control Third-Party Risk’, data security risk caused by third parties is particularly pervasive, with 65 percent of breaches traced back to a third party. However, the report also notes that only 16 percent of companies evaluate third parties’ cyber security more than once a year.

“The biggest risk working with third parties is a lack of knowledge of the transactions they perform, no matter what type of partner they are,” says Sam Abadir, vice president of industry solutions at Lockpath. “Inside your own company you have much more control and insight to people, processes and technologies. When you employ a third party you often lose the ability to see risks. No matter the type of third party a company engages with, it is employed to create value. But often there is no intimate knowledge of how well it is performing.”

Oct-Dec 2019 Issue

Fraser Tennant