A survey of 100 risk committee members analyzed third-party risk. According to Gartner, enterprise risk management (ERM) teams are struggling to effectively mitigate third-party risk in an increasingly interconnected business environment.
Eighty-four percent of survey respondents said that third-party risk “misses” resulted in operations disruptions. A third-party risk “miss” was defined as a third-party risk incident resulting in at least one of the following outcomes once or more in the 12 months leading up to the survey:
- Operations disrupted
- Adverse financial impact
- Increased regulatory scrutiny
- Adverse reputational impact
- Regulatory action taken
Based on survey results, the following recommendations were made:
ERM must first isolate and combine only those inputs that matter most at the enterprise level, enabling them to focus on aggregating the most important inputs and addressing the most critical enterprise third-party risks.
ERM must work to enable alignment across a diverse set of risk owners to obtain a holistic view and create opportunities for them to work towards consensus.
ERM’s must narrow down the scope of what is being monitored, limiting focus to the most critical emerging issues and proactively tracking them with a set of easily monitored forward-looking indicators that enables ERM to reliably spot critical enterprise risk trends.