Increased reliance on third party services puts risk management in jeopardy
With many third-party providers performing a variety of business services for organizations, material risks can’t always be identified prior to the start of a business relationship, according to a report from Gartner Inc.
Modern risk management must account for ongoing changes in third-party relationships, and mitigate risks in an iterative way and on a continual basis, rather than at specified intervals.
“Legal and compliance leaders have relied on a point-in-time approach to third-party risk management, which emphasizes exhaustive upfront due diligence and recertification for risk mitigation,” said Chris Audet, research director for Gartner’s Legal & Compliance practice.
“Our research shows an iterative approach to third-party risk management is the new imperative for meeting business demands for speed and stakeholder demands for risk mitigation,” Audet said.
Gartner surveyed more than 250 legal and compliance leaders for its research, and 80 percent of them said third parties are providing new-in-kind technology services.
Two-thirds of the respondents find third parties are providing services outside of the company's core business model, and third parties now have greater access to organizational data. The study also found that there is increasing variability in the maturity of organizations' third-party networks, and third parties are working with an increasing number of their own third parties.