Read this report that explores some of the key third-party management trends of 2016 and changes to watch out for in 2017 as outlined by Sonal Sinha, Associate VP of MetricStream.Download an Insight
Increased Visibility into Fourth Parties
As regulatory bodies and customers push organizations to achieve better third-party oversight, there is an imminent need to dig deeper into the third-party network. It is no longer sufficient to only manage third parties today, as the impact of fourth parties or even licensees or contract manufacturers can significantly impact the reputation and financial performance of the parent organization. Since organizations are ultimately responsible for all their vendors, they need to validate third parties, as well as their third-party’s vendors. Organizations have long struggled to define the processes needed to manage fourth parties in the absence of a direct contract with them, but there will be more focus on this area over the next year.
Preparation for Probable Changes in Outsourcing
With possible changes in outsourcing and offshoring, organizations are evaluating various ways to work with their existing vendors, identify alternate vendors, and understand the impact of these changes on their current hierarchy and relationships. As the vendor ecosystem embraces change, and re-aligns to meet new organizational and economic objectives, organizations must ensure that they are evaluating their vendors based on accountability and preparedness in order to avoid potential incidents.
Increased Focus on Business Continuity Makes Supply Chains More Resilient
Business Continuity Management (BCM) has gained importance in making supply chains resilient. In 2016, evaluations of third parties based on BCM and resilience parameters became more structured. Going forward, organizations will continue to work with their third parties on BCM plans, check for effectiveness, and even enable their third parties to manage their own vendors. Organizations will also continue to invest in systems that help them map global suppliers and vendors to business units, factories, and products. Doing so will help them visualize and analyze their global footprint, thereby reducing the impact of likely disruptions, responding to incidents faster, and ensuring quicker recovery.
Rapid Adoption of Fintech Vendors and Cloud Apps Will Impact Data Privacy and Security
While fintech and cloud apps offer a variety of benefits, they also introduce a few important risks which need to be acknowledged and managed. Companies will leverage innovative products and services from fintech and cloud app vendors, while also deploying suitable control systems to mitigate the associated risks like data breaches, website attacks, and cyber threats. Companies will also look to evaluate and implement comprehensive systems to on-board and monitor such vendors in order to ensure data safety and security.
Advanced Analytics Will Help Predict Supplier Risk
As the complexities of the supply chain increase, there will be a greater need to improve one’s ability to predict supplier-related risks. With new risk types emerging, organizations need to be better prepared. Advanced analytics and correlation of various data elements, including social media conversations, news, feeds from various third-party sources, climate / weather data, critical events, political and economic stability factors, and supplier KPIs (Key Performance Indicators) will all help organizations build a more resilient supply chain. Many organizations are looking to implement advanced analytics that can significantly improve tactical as well as strategic decision-making by providing insights on suppliers and related product risks from various sources and activities. In addition, as organizations change products, or introduce new product lines, there is an increasing need to understand the impact of these changes on the supply chain in order to support product compliance. Also essential is the ability to leverage third-party risk analytics and metrics to adapt to changing customer demands and market needs.
Vendor Risk Management, IT Risk Management, and Enterprise Risk Management Will Need to Be Better Integrated
Many enterprises acknowledge that vendor risks and IT risks directly impact enterprise risks. Thus, poor input from a vendor risk management program limits the identification of business risks and IT risks. Going forward, organizations will enhance their enterprise risk management and IT risk management programs by aligning business, IT, and vendor risk management objectives, processes, and metrics. They will work towards establishing a common framework that can be leveraged by enterprise risk management, IT risk management, and vendor risk management programs for better alignment, data aggregation, and standardization. In addition, integrated risk intelligence will help organizations improve their vendor contract definition, as well as build a mechanism to track failures and lapses.