To address weaknesses in global supply chains exposed by the pandemic, a growing number of organizations are exploring technology solutions to improve their approaches to third-party management.
Significant disruption caused by COVID-19 has become a catalyst for many organizations to reconsider several aspects of how they manage third parties that provide goods and services critical to operations. With large multinational organizations often relying on hundreds or thousands of third parties—including fourth, fifth, or sixth parties—the risks of such extended enterprises went on full display when operations and shipments were curtailed amid efforts to protect people from the virus.
While many organizations have processes in place for vetting and onboarding new vendors, not as many take additional steps to monitor third parties on an ongoing basis. Even fewer extend their third-party management programs to include their vendors’ vendors, who make up tiers of suppliers in more extended enterprise ecosystems. This gives organizations little visibility into the broader scope of their supply chain risks, including operational and financial risks that presented the greatest areas of concern at the outset of the pandemic, according to a recent Deloitte Dbriefs webcast.
Webcast participants indicate they are considering technology solutions to improve their third-party risk management (TPRM) programs. Nearly one-fourth of more than 2,200 poll participants say they are prioritizing technology to improve connectivity between systems and data sources to gain greater visibility of and control over supply chain risks.
Nearly 20% of respondents to the webcast poll say they are considering technology to improve reporting, visualization, and scanning capabilities to inform critical decisions. Participants also indicate they are focusing on technology to improve data integrity and to implement real-time monitoring capability to accelerate information gathering.
Deloitte’s 2020 Global Extended Enterprise Management Survey, which was conducted before COVID-19 escalated to a pandemic, suggests many organizations were already dissatisfied with their technology solutions. Fewer than one-third of 1,145 responding organizations indicate they are satisfied with their technology solutions to enable TPRM, or extended enterprise risk management (EERM). Nearly one-half say they are partially dissatisfied, and one-fourth say they are dissatisfied. Among those who are dissatisfied with their technology solution, 61% say their primary concern is that their EERM systems do not integrate seamlessly with one another.
Technology Solutions Abound
Organizations considering a technology-driven approach to improve TPRM can explore an array of options. Some solutions are focused on providing data that helps assess risk, while others target specific risk domains. Still other solutions focus on automating an end-to-end TPRM process across risk domains with links to external data sources. To manage risks across multiple dimensions, organizations can consider solutions that improve risk management in several critical ways, including:
Risk sensing, segmentation. Organizations can leverage proactive risk sensing and risk segmentation technology across a population of suppliers to help identify which ones represent the greatest risk. This enables organizations to monitor the stability of third-party ecosystems, assess the strategic position of third parties, and prioritize them.
Workflow, automated scoring. Organizations can use demand-triggered workflow scoring to identify high-risk supplies and develop mitigation actions, then track actions to completion. This helps organizations understand geographic context with respect to the risk profile and develop contingency plans.
Structured, unstructured data monitoring. Such tracking enables organizations to leverage third-party data and monitor the financial health of third parties as another way to identify and prepare for unanticipated disruptions. Organizations can regularly analyze incoming data to build agility and resilience.
Using insights gained through data aggregation and filtering, organizations can inform decision-making, integrate modules, and customize workflows. This enables organizations to improve TPRM across not just operational or financial risk, but other risk areas as well, such as regulatory, environmental, and social.
Where organizations adopt a comprehensive, technology-driven approach to manage third parties, they may achieve several improvements. Automation of risk assessments can allow organizations to review and act upon exception-based reporting that can enable a nimble, even proactive response. Technology can be configured to recommend remediation measures, such as renegotiating contractual terms with third parties or conducting additional due diligence, including audits.
Given the range of tools that can be deployed to improve third-party management, organizations might elect to begin with a strategy for how to achieve improvement and leverage technology to do so. The process could begin with a limited scope or a limited number of risk domains to build a foundation. Then it can continue with testing to adapt and continue to drive TPRM further up a maturity curve.
Accelerated by COVID-19, organizations are expected to continue investing in transforming their approach to TPRM to pursue improvements in effectiveness and efficiency. To the extent they can create a single source of truth built on a centralized repository of intelligence that deploys cutting-edge technology, they can arm boards and senior leaders with actionable intelligence to manage increasingly complex extended enterprises on a real-time basis.
—by Dan Kinsella, managing partner and U.S. and Americas leader, Extended Enterprise Risk Management, Deloitte Risk & Financial Advisory, Deloitte & Touche LLP; Holly Tucker, partner, Deloitte Financial Advisory Services LLP; Ryan Flynn, principal, Deloitte Consulting LLP; and Nathan Quinn, senior manager, Deloitte Risk & Financial Advisory, Deloitte & Touche LLP