A Closer Look at the IACCM Third-Party Risk Management Report
The challenges and solutions of effective TPRM.
Organizations today and in the future will have to gain more visibility into their supplier information. Data is coming from everywhere – spend, supplier contracts, and other third-party information – and it can overwhelm procurement departments. Part of building a third party risk management strategy (TPRM) includes gaining visibility into where the risk is coming from, and building a strategy to help mitigate it.
This is easier said than done, however, and we will outline some of the challenges that procurement departments are facing when it comes to building a third party risk management strategy.
Third-party data, and risk, come from many different sources.
The contracts you have with suppliers pose risk. Are you getting the best return on your investment? How do you know you are getting the best price? Is the supplier you are using staying compliant? All of these questions need to be answered in order to mitigate the risk with third party vendors. The International Association for Contract and Commercial Management (IACCM) says in their latest third party risk management report:
Much of the focus and attention on TPRM has been the result of both increased regulatory expectations and highly visible corporate failures. This has resulted in organizations proactively monitoring and assessing their third party ecosystem, including the key vendors that third parties use in their service chain…”
In that same third-party risk report, IACCM reveals three problems that organizations face:
The first is Organizational and Operational Alignment. It’s recommended to build a three-tiered approach to help mitigate TPRM. Having a First Line of Defense (FLOD), Second Line of Defense (SLOD), and Internal Audit (IA) are crucial.
The problem is that the deployment of those defenses are oftentimes uneven and the results are mixed. Having a technology tool that can act as your first, second, and third lines of defense is critical. You need a tool where everything can be housed efficiently, and takes the headache away from your IT, legal, and procurement teams.
The second problem is having a lack of value statement. When put in the hands of different department heads, the value statements won’t be aligned and the data that you gather from your vendors won’t be reliable. Having something that will be able to capture vendor data and present information accurately and clearly is imperative for any organization.
Finally, it’s all about having executive buy-in, and the struggle to convince executives is the third hurdle. Showing how an investment will help the company’s bottom line is important.
Data management is becoming so important in today’s fast moving world. It is imperative for organizations to have a tool that allows the data, like vendor information and contracts, to be housed properly, maintained effectively, and reported accurately. It is the only way to gain true visibility into your third party information.