As the risk universe becomes ever more complex, risk managers are increasingly turning to third parties to help them navigate the changing landscape. Over half of respondents in a new Deloitte study said their companies are increasing their dependence on third parties.
But help doesn’t come without a price.
Third-party risk includes the exposures included in their outsourced relationships, but the majority of businesses don’t have adequate knowledge and visibility in their extended enterprise. According to ‘Focusing on the climb ahead,’ Deloitte’s new survey of senior leaders in organisations across 15 countries, 57% of companies are overlooking the risks.
Almost no organisations are fully aware of their fourth- and fifth-party exposures. Only 2% of companies reported regularly identifying and monitoring their all of subcontractors, and still only 10% do so for ‘critical’ subcontractors.
As for the other 88%? They either leave it to the third party to handle, manage it on an ad hoc basis, don’t monitor it at all, or simply don’t know their own company’s policy on the matter.
Companies in all industry segments and geographies are failing to properly monitor and oversee their third-party subcontractors.
“Third parties are closer to the core of business than ever before,” says Chuck Saia, CEO of Deloitte Risk and Financial Advisory, Deloitte & Touche LLP. “Organisations that step up to the challenge of developing programs to better manage third-party risk can elevate their position in the market by unleashing with confidence the reach, expertise and relationships that third parties can bring.”
One way to do so, the report says, is for risk managers put effort into streamlining extended enterprise risk management (EERM) processes – something that only 20% of organisations have done.
“Boards recognize that many third-party relationships have traditionally been managed in siloes within business units in a manner that is neither strategic nor consistent,” says Dan Kinsella, principal, Deloitte Risk and Financial Advisory, Deloitte & Touche LLP. “The good news is that boards are becoming more engaged and applying oversight that is creating a more centralized, ‘federated’ approach to EERM that can reduce redundancies and leverage technologies to help enterprises drive gains, open new markets and decrease the uncertainty that can exist with third parties.”