First Reference company logo

Inside Internal Controls

News and discussion on implementing risk management

machine cogs image

We’re at a tipping point for third-party risk management

In third-party risk management, technology is the solution that needs to be embraced. It’s the quickest way for organizations to advance their programs and appease government agencies.

third-party risk managementResearch from NAVEX Global shows that more than two-thirds of organizations say creating a culture of ethics, integrity and respect is their top objective. But when it comes to assessing third parties – which is increasingly important, given expanding supply chains around the world – more than a third are still using paper or stitched-together programs.

Without question, the findings from the its 2018 Third-Party Risk Management Benchmark Report could be viewed with a pessimistic lens. I wouldn’t blame anyone for saying that the findings outlined above are a sign that organizations say the right things (or that they have the right motivations) but really don’t deliver on compliance. At least, not when it comes to assessing third parties.

In other words, a reasonable person might think the conflict is a sign that many organizations are all talk. But I think we’re looking at findings that signal the cusp of a wave of investment in compliance technology (barring a major economic slowdown).

Third-party risk affects everyone & regulators know it

This year’s survey report is based on results from 1,200 respondents who influence or manage their organization’s ethics and compliance programs; of which more than 500 answered additional questions specific to third-party risk. Of course, almost all companies must work with outside partners and they need to commit to making sure they’re behaving lawfully and ethically. It’s too late if you’re apologizing (to the public or to regulators) amid allegations that one of your suppliers uses child labor, for instance.

It’s important to have a risk-based approach to third-party management. Such an approach can help prevent misconduct and avoid government investigations and enforcement actions. Regulators can and will levy large financial penalties for third-party compliance failures, but good-faith efforts to manage third parties can lessen penalties.

Paper & stitched software systems

Thirty-five percent of organizations in the survey said they used internally built systems comprised of paper or stitched software. Meanwhile, 31 percent of compliance programs were deemed either reactive or basic. This year, instead of asking organizations to provide self-assessments, NAVEX Global based the maturity rankings on questions about program elements (risk-management practices, technologies used to manage third-party risks and methodology to assess the third-party risk management program’s effectiveness). That means the data more accurately reflects the market.

What this should all tell us is that technology is the solution that needs to be embraced. It’s the quickest way for organizations to advance their programs and appease government agencies. No regulator will be satisfied if an investigation reveals a $500 million company is using paper systems to assess third parties. It’s simply not a way to show that you’re committed to the concept of an ethical culture.

This takes us back to the finding about those overall program objectives. If indeed creating a culture of ethics, integrity and respect is their top objective, we could start seeing the results very soon when it comes to a new wave of investing in third-party systems.

But don’t think of it as a put-up-or-shut-up moment. Think of it as the coming together of the goals and practices that organizations apparently know they need to embrace.

By Michael Volkov

Follow me

Ethics &Compliance Matters ™, Navex Global ®

Ethics & Compliance Matters™ is the official blog of NAVEX Global®. All articles posted on the Inside Internal Controls blog originally appeared on NAVEX Global’s Ethics and Compliance Matters Blog. The blog leverage the news, insights and best practices you find here to stay ahead of GRC trends, and take your compliance program to the next level. Read more
Follow me
Send to Kindle

, , ,

Leave a Reply

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

This site uses Akismet to reduce spam. Learn how your comment data is processed.