Companies are cutting corners on Third-Party due diligence
It is no secret that inherent risk assessments are crucial to Third-Party risk management (TPRM) success, but are they being conducted?
During a recent IT GRC webinar delegates were surveyed on the breadth and depth of their current Third-Party risk assessment program, especially the identification of inherent risk within the ecosystem during supplier onboarding.
While any third-party risk management professional would be quick to say that they perform inherent risk assessments to determine the level of due diligence applied to a supplier, the survey revealed that two-thirds of companies are actually scoring less than half of their suppliers.
That means most companies are potentially exposing their organisation to unnecessary and potentially damaging risks at a time when it’s most appropriate to keep the risk out. Risk managers know that contracting a supplier is the beginning of a new relationship – there are several unknowns and managers can expose their enterprise to risks that can have enduring consequences – and yet the numbers say differently.
While some may argue that assessing some suppliers is better than a company forgoing inherent risk assessments altogether, once contracted, these suppliers have could access to sensitive information. If they are compromised, then your data could be as well. Are you willing to take that risk?
Why are the large majority bypassing a major step in the supplier onboarding process? This is likely due to how tedious, manual and time-intensive the process can be. Traditional spreadsheet-based vetting processes take up a lot of time and require a lot of bandwidth that most companies frankly do not have. They’re not choosing to forgo due diligence, they just don’t have the resources to get it done.
However, it is not all bad news. There is a way to take the pain out of Third-Party risk assessment for both you and your suppliers….
How can you improve your inherent risk assessment process?
DVV Solutions can help you to automate and streamline your program and ensure your company isn’t the next organisation making headlines for a third-party data breach. Our Third-Party risk management services and software can not only save valuable time and money, but also can safeguard companies from potential weaknesses in their suppliers that can lead to data extraction, financial and reputational damage, and more.
Our suite of consultative and managed services deliver significant improvements in
– developing and maturing current risk methodologies and frameworks,
– scaling resources to supplement and enhance existing risk assessment programs, and
– delivering time and cost efficiencies through established best-practice and workflow automation
to enable risk assurance teams to spend more time on what’s important: eliminating control gaps, raising security standards and reducing risk in the cyber supply chain.
Contact DVV Solutions
To find out more about DVV Solutions, or information about our Third Party risk managed services and solutions please;
Call us on +44 (0) 161 476 8700, or
Complete our Contact Form
This article was originally published by ProcessUnity and is shared with their kind permission.