By US Daily Review Staff.
In today’s interconnected world and global economy, many companies rely on third parties – vendors, suppliers, distributors and partners – to help accomplish organizational goals. However, with that reliance comes a certain amount of risk. Seventy-five percent of respondents to a recent survey of executives reported that their organizations experienced harm from the action or inaction of a third party.
CFO Research Services conducted the online survey during the fall of 2011 on behalf of Crowe Horwath LLP, one of the largest public accounting and consulting firms in the U.S. More than 250 senior finance, information technology, line-of-business and senior executives from a wide variety of industries were surveyed. The types of harm from third parties that survey respondents reported include financial loss when the third party went out of business, lost customers due to poor quality of service, data security breaches, supply chain issues due to resiliency procedures and contractual violations that resulted in regulatory or other exposures.
“These days, no corporation is an island,” said Rick Warren, a principal in Crowe’s Risk Consulting practice. “The degree to which businesses rely on other organizations continues to increase, spurred by the need to continuously seek out new customers, improve quality and reduce costs. However, greater dependence on third parties increases a company’s exposure to external risks over which it may have little direct control. This requires companies to seek different forms of assurance from these third-party organizations to assist in managing risks.”
Virtually all respondents, 97 percent, indicated that at least one aspect of their organization’s third-party risk management process requires improvement. More than half of the respondents reported that the ineffectiveness of their third-party risk management programs impeded their business activities.
Other survey findings include:
- When asked to pick the top two reasons to use third parties in the next two years, more than half – 51 percent – selected reducing costs. Thirty-six percent cited providing service capabilities, experience or expertise that their company currently lacks, and 24 percent are looking to increase their business’s capacity.
- Only 21 percent of senior executives reported that their companies are very effective at identifying and managing third-party risks.
- Seventy-two percent of respondents say that they routinely consider security of information and information systems when selecting or renewing a third-party relationship. However, respondents also indicate that they have less visibility into the third party’s own risk-related factors, such as the party’s reliance on other companies, its ability to recover from failures and the background of its personnel.
- More than half of respondents also reported having some degree of difficulty in collecting risk-related information about a third party or monitoring third parties’ risk management practices.
The survey also highlights the most common areas in which senior executives believe their company could improve, including improving visibility into the full range of risk exposures, defining responsibility for third-party risk more clearly and standardizing third-party risk management processes across the company.
To sign up for a webinar discussing this topic on June 13, please visit: www.crowehorwath.com/company. For more survey results and information on third-party risk management, please visit www.crowehorwath.com/tprmreport.