• About
  • Subscribe
  • Contact
Sunday, May 11, 2025
    Login
  • Management Leadership
    • Growth Strategies
    • Finance
    • Operations
    • Sales and Marketing
    • Careers
  • Technology
    • Infrastructure and Platforms
    • Business Applications and Databases
    • Big Data, Analytics and Intelligence
    • Security
  • Industry Verticals
    • Finance and Insurance
    • Manufacturing
    • Logistics and Transportation
    • Retail and Wholesale
    • Hospitality and Tourism
    • Government and Public Services
    • Utilities
    • Media and Telecommunications
  • Resources
    • Whitepapers
    • PodChats
    • Videos
  • Events
No Result
View All Result
  • Management Leadership
    • Growth Strategies
    • Finance
    • Operations
    • Sales and Marketing
    • Careers
  • Technology
    • Infrastructure and Platforms
    • Business Applications and Databases
    • Big Data, Analytics and Intelligence
    • Security
  • Industry Verticals
    • Finance and Insurance
    • Manufacturing
    • Logistics and Transportation
    • Retail and Wholesale
    • Hospitality and Tourism
    • Government and Public Services
    • Utilities
    • Media and Telecommunications
  • Resources
    • Whitepapers
    • PodChats
    • Videos
  • Events
No Result
View All Result
No Result
View All Result
Home Management Leadership Finance Governance, Risk and Compliance

Third-party risk management “misses” are hurting organisations

FutureCIO Editors by FutureCIO Editors
March 1, 2023
Photo by Pixabay from Pexels: https://www.pexels.com/photo/three-people-sitting-beside-table-416405/

Photo by Pixabay from Pexels: https://www.pexels.com/photo/three-people-sitting-beside-table-416405/

Gartner warns that enterprise risk management (ERM) teams are struggling to effectively mitigate third-party risk in an increasingly interconnected business environment.

Gartner defines a third-party risk “miss” as a third-party risk incident resulting in at least one of the outcomes in Figure 1 once or more in the 12 months leading up to the survey.

In a Gartner survey of 100 executive risk committee members in September 2022, 84% of respondents said that third-party risk “misses” resulted in operations disruptions (see Figure 1).

“Most organisations have seen an increase in the number of third parties under contract in recent years,” said Chris Matlock, vice president of research in the Gartner Legal Risk & Compliance Practice. “Moreover, a majority of organisations are also using third parties for new-in-kind-services and have become more reliant on them to conduct their operations. While increased use of third parties can improve business operations in many ways, it also introduces risks that are causing notable impacts on organisations.”

Figure 1: Evidence of third-party risk “misses”

Source: Gartner (February 2023)

Matlock said ERM involvement in third-party risk management activities has increased across the board since 2016. He cautioned that just doing more isn’t enough because the characteristics of third-party risk undermine the effectiveness of a typical ERM setup.

ERM is struggling to elevate the right issues because it is generally failing to limit its focus to a manageable set of issues. ERM leaders are not clearly defining which issues must be acted on first, and they are not typically preparing their audiences well to take tangible steps on the issues they surface.

Enterprise third-party risk management

There are three aspects that ERM must do differently to improve effectiveness in managing third-party risk in a large organisation, an approach Gartner calls enterprise third-party risk management. Essentially, this is an approach to help ERM teams manage the information overload that is being created by the exponential increase in risk volume and variability brought about by the rapid growth of third parties use.

Third-party risks tend to be high volume, heterogeneous in nature, and vary greatly in importance across the business. It is hard, therefore, to identify and prioritize what matters most. ERM must first isolate and combine only those inputs that matter most at the enterprise level, enabling them to focus on aggregating the most important inputs and addressing the most critical enterprise third-party risks.

ERM must work to enable alignment across a diverse set of risk owners to obtain a holistic view and create opportunities for them to work towards consensus. In practice, this means facilitating direct thought partnership between risk co-owners with ERM adding expertise and aligning actions, as opposed to ERM acting as a central coordinator of all risk information and mitigation.

ERM’s role as a trendspotter is also undermined by the expanding third-party landscape because the potential issues are too numerous and available data is often point-in-time and lagged. Again, the solution is to narrow down the scope of what is being monitored, limiting the focus to the most critical emerging issues and proactively tracking them with a set of easily monitored forward-looking indicators that enables ERM to reliably spot critical enterprise risk trends.

“With third-party risk exposure elevated and a multitude of incoming threats on the horizon, risk committees are expecting ERM to play a greater role in managing third-party risk,” said Matlock.

Chris Matlock

“Yet traditional ERM posture is struggling to provide a concise, actionable view of third-party risk at the enterprise level. That’s why ERM must focus on enterprise third-party risk management, which involves defining enterprise-level priorities, enabling cross-functional alignment, and monitoring forward-looking indicators.”

Chris Matlock
Related:  CSHK deploys Nutanix DaaS to enable work from anywhere
Tags: enterprise risk managementGartnerthird-party risk management
FutureCIO Editors

FutureCIO Editors

No Result
View All Result

Recent Posts

  • APAC CIOs rethink cybersecurity investments amid expanding threat landscape
  • Study finds almost half of businesses bank on AI-enabled cybersecurity for EDR and XDR
  • AI drives cloud market growth in Q1
  • ARTHALAND chooses OutSystems to advance real estate sustainability
  • Experts warn against AI-powered deepfake impersonation scams

Live Poll

Categories

  • Big Data, Analytics & Intelligence
  • Business Applications & Databases
  • Business-IT Alignment
  • Careers
  • Case Studies
  • CISO
  • CISO strategies
  • Cloud, Virtualization, Operating Environments and Middleware
  • Computer, Storage, Networks, Connectivity
  • Corporate Social Responsibility
  • Customer Experience / Engagement
  • Cyber risk management
  • Cyberattacks and data breaches
  • Cybersecurity careers
  • Cybersecurity operations
  • Education
  • Education
  • Finance
  • Finance & Insurance
  • FutureCISO
  • General
  • Governance, Risk and Compliance
  • Government and Public Services
  • Growth Strategies
  • Hospitality & Tourism
  • HR, education and Training
  • Industry Verticals
  • Infrastructure & Platforms
  • Insider threats
  • Latest Stories
  • Logistics & Transportation
  • Management Leadership
  • Manufacturing
  • Media and Telecommunications
  • News Stories
  • Operations
  • Opinion
  • Opinions
  • People
  • Process
  • Remote work
  • Retail & Wholesale
  • Sales & Marketing
  • Security
  • Tactics and Strategies
  • Technology
  • Utilities
  • Videos
  • Vulnerabilities and threats
  • White Papers

Strategic Insights for Chief Information Officers

FutureCIO is about enabling the CIO, his team, the leadership and the enterprise through shared expertise, know-how and experience - through a community of shared interests and goals. It is also about discovering unknown best practices that will help realize new business models.

Quick Links

  • Videos
  • Resources
  • Subscribe
  • Contact

Cxociety Media Brands

  • FutureIoT
  • FutureCFO
  • FutureCIO

Categories

  • Privacy Policy
  • Terms of Use
  • Cookie Policy

Copyright © 2022 Cxociety Pte Ltd | Designed by Pixl

Login to your account below

or

Not a member yet? Register here

Forgotten Password?

Fill the forms bellow to register

All fields are required. Log In

Retrieve your password

Please enter your username or email address to reset your password.

Log In
No Result
View All Result
  • Management Leadership
    • Growth Strategies
    • Finance
    • Operations
    • Sales and Marketing
    • Careers
  • Technology
    • Infrastructure and Platforms
    • Business Applications and Databases
    • Big Data, Analytics and Intelligence
    • Security
  • Industry Verticals
    • Finance and Insurance
    • Manufacturing
    • Logistics and Transportation
    • Retail and Wholesale
    • Hospitality and Tourism
    • Government and Public Services
    • Utilities
    • Media and Telecommunications
  • Resources
    • Whitepapers
    • PodChats
    • Videos
  • Events
Login

Copyright © 2022 Cxociety Pte Ltd | Designed by Pixl

Subscribe