Deloitte: third party governance and risk management matures


As dependence on third parties becomes increasingly critical, organisations are being compelled to rapidly “catch-up” in enhancing the maturity of their Third Party Governance and Risk Management (TPGRM) processes. This, according to Deloitte’s 2016 global survey on the subject.

Pictured right: Dean Chivers, Risk Advisory Africa Leader

The survey, which comprised the responses of over 170 senior members of management from a variety of organisations across all industries, also found that the drivers for third party engagement are progressively shifting from a focus on cost to a focus on value, reflecting organisational recognition of the strategic opportunity that third parties can create for them. Moreover, the results showed that TPGRM is starting to rapidly mature in many organisations, not just to enable enterprise-wide visibility of the risks that third parties present, but more importantly, to be able to exploit the full spectrum of opportunity that the extended enterprise can create for them.

The report's key takeaways included:

  • Third party risk incidents are on the increase with customer service disruption and regulatory breach being considered the top risks.
  • Increased monitoring and assurance activity over third parties is believed to significantly reduce third party risk.
  • Organisational commitment to third party risk management is not supported by confidence in the related technology and processes.
  • Third party risk is starting to feature consistently on Board agendas with CEO/ Board-level responsibility in the more progressive organisations or those operating in highly regulated environments.
  • Visits to third party locations are considered the most effective method to gain assurance over third party management.
  • Most organisations are mandating consistent third party governance standards amidst increasing decentralisation of operating units.
  • Existing technology platforms for managing third parties are considered inadequate.
  • Organisations are in the process of deciding between centralised in-house models and external service-provider based models for third party monitoring.

The survey respondents represented eight major industry segments, including financial services, energy & resources, manufacturing, public sector, technology, media & telecoms, consumer business, healthcare & life sciences, and business, infrastructure and professional services, with the majority of these organisations had annual revenues in excess of $1 billion (approximately R14 billion). Download the full survey report PDF.

Pictured left: Daniella Kafouris, Associate Director

Related articles