Proving the value of 3rd Party Risk Management software and solutions
Predicting, realising and proving the value of IT Security and Risk Assurance investments is often a real challenge for an organisation and its management team. The drivers for such expenditure can be a reaction to a breach or risk event, the need for specific regulatory compliance or a planned purchase to support a strategic business objective. Whatever the compelling event is there will inevitably be pressure to generate and understand the true business benefits and commercial value from such significant investments in people, resource and outsourced services.
As a managed service provider it is just as critical for DVV Solutions to have proven successful implementations and tangible referenceable Return On Investment (ROI) and time-to-value calculations our Customers can expect to achieve from the 3rd Party Risk Management (TPRM) solutions and services we provide.
To that end, in 2015 Forrester Consulting was commissioned to conduct a Total Economic Impact™ (TEI) study examining the ROI enterprises may realise by deploying the 3rd Party Risk Management Software-as-a-Service (SaaS) and automation solutions of DVV Solutions’ technology partner Prevalent Inc.
Generating instant and long-term
commercial value
The study provided some interesting statistics on the returns and impacts generated by the investment of a full suite of both the Prevalent risk management automation software and managed service delivery of risk assessments.
The operational efficiencies from greater workflow automation and resource allocation have created clear financial gains as well as improvements in the management of risk and overall security posture of this global manufacturer.
The following excerpts provide an introduction to the study and an overview of its key findings. For the complete story please download the Forrester TEI Study.
Background to the TEI study
The purpose of the study is to provide readers with a framework to evaluate the potential financial impact of the 3rd Party Risk Management software and automation on their organisations, to leverage risk assessment tools to reduce, mitigate, and de-lever the risks associated with 3rd and 4th party suppliers. To better understand the benefits, costs, and risks associated with a Prevalent implementation, Forrester interviewed an existing customer with multiple years of experience using this solution.
Prior to implementing Prevalent’s solution, the customer interviewed had utilised spreadsheets and document files to manage the 3rd party risk assessment process. However, these prior attempts were cumbersome and yielded limited success, leaving the customer with an inefficient, labour-intensive method of accepting and tracking hundreds of IT supplier relationships. These limitations led to an unsatisfactory number of completed assessments and presented a multitude of risks with implications for the company’s reputation, regulatory compliance, and data security.
Key benefits of 3rd Party Risk Management automation
With Prevalent’s 3rd Party Risk Management software and automation solutions, the customer was able to streamline and automate processes to perform higher-quality assessments at scale, enabling them to better meet business objectives and reduce overall supplier risk. The interviewed organisation experienced the following risk-adjusted benefits:
A reduction in effort to produce and complete assessments through 3rd party risk management automation by an average of 8 hours per initial assessment. Supplier Risk Manager, with its templates, survey logic, and risk scoring, shortened the entire process by a minimum of 8 hours per assessment. Employee productivity improved, as did the speed and quality of the assessments.
A reduction in Full Time Equivalent (FTE) effort to review, report, and audit assessments saved the organisation a total Present Value (PV) of $49,994 in productivity over the course of the evaluated timeframe. The centralisation of information made reporting and follow-up audits easier. At a conservative estimate, the interviewed organisation saved a minimum of 6 hours in review and audit per assessment.
Fewer FTEs to monitor suppliers for ongoing risk. Supplier Threat Monitor which continuously monitors suppliers’ key risk factors generated PV cost savings over three years of $279,463.
Faster assessment performance enabled faster business value realisation from 3rd party relationships. Assessments were completed in seven days, compared with a previous average of 60 days. After accounting for the fact that an estimated 80% of these new assessments could have had approved alternative relationships with redundant offerings, the business value enabled by the faster initiation of relationships had a PV of $1,468,552 over a three-year horizon.
Business continuity was improved by better detection and remediation of supplier risk. By realising potential areas of risk sooner and taking steps to either find an alternate supplier or work with the supplier directly to address the situation, the organisation in effect averted potential business continuity issues. The value of being able to avert such problems was calculated at $249,049 over the 3 years.
According to the Chief Information Security Office (CISO) of the interviewed organisation, “Prevalent has been one of the best decisions we have made. It really gives us assurance and insight as to what’s happening in the background with our data in the cloud.”
Read the full Forrester TEI Study
For the complete story please download The Total Economic Impact™ Of Prevalent’s 3rd Party Risk Management Solutions.
Welcome to DVV Solutions
Established in 1999, we have become one of the UK’s leading providers in the design, implementation and management of TPRM solutions. As Prevalent’s only UK-based partner we are uniquely positioned to provide a comprehensive suite of 3rd party risk management software and automation solutions to support any organisation’s TPRM requirements.
We work with you to:
- Scrutinise your 3rd Party relationships – service by service, supplier by supplier
- Identify and evaluate real risks and emerging threats
- Develop and manage your risk exposure, cyber strategy and data protection strategies
- Establish and mature your 3rd Party Risk Management capabilities
- Ensure regulatory compliance with standards including GDPR and PCI, and
- Provide clear and concise guidance that illustrates the impact and value of your IT security investments
We’d be pleased to hear from you and help find the most cost-effective way to develop, maintain or expand your 3rd Party risk management efforts.
Call Us: +44 (0) 161 476 8700
Contact Us: Complete our Contact Form, or
Learn more about What We Do