Third-Party Governance & Risk Management - The Traditional Approach & Challenges

This is Part 1 of this article. Please don’t forget to read Part 2 that concludes this article.


Organizations increasingly depend on third-party service providers of varying size including start-ups to meet the digital age challenges of technological innovation and heightened competition. In a quest to succeed, organizations involved in digital transformation initiatives, are partnering with more innovative start-ups thereby increasing third-party risk.
There is a progressive shift from traditional ‘cost’ focus to a ‘shared risk’ and ‘value’ driven partnerships which is also a growing reflection of organizational recognition that third-parties can in-fact create strategic win-win opportunities.
These new age partnerships require a different approach to managing third-party risks. Organizations that are able to continuously monitor and take on calculated risks with their engagement with third-parties are the ones that will be able to Stay Ahead.
This article reflects on how technology can help support a new Integrated third-party governance and risk management approach.

Traditional Third-Party Risk Management Approach – the challenges

Traditionally, organizations had relied on exhaustive upfront due-diligence for risk mitigation. This approach attempts to identify potential third-party risks upfront before contracting, resulting in longer on-boarding time. Typically, this involves sharing due-diligence questionnaires and collating responses from third-parties. This only provides a point in time assessment – a highly ineffective approach prone to failures.
Survey conducted by Gartner, suggests that this approach is largely ineffective as it fails to capture any risk that may arise during the course of the relationship. Among organizations that engage third parties to provide business services, 83% identified third-party risks after conducting due diligence and before re-certification, according to Gartner.
So, where does the problem lie?
The race to attain digital supremacy within their industry segment has forced many organizations to look at new-age start-ups and innovators whose business environments are changing almost every day. This requires closely engaging with the third-parties and adopting an ongoing risk identification, control and monitoring mechanism. At many organizations, an ongoing iterative risk assessment means more investment and resource requirements. Additionally, this also strains your relationship with third-parties as they equally need to spend time responding to due-diligence questionnaires.
How can organizations make this process efficient, effective and most importantly palatable to their third-parties?
Learn the Art and Science of Engagement to mitigate third-party risks at ENGAIZ . Talk to us today.
Coming Next : Read the concluding part of this article.


Publicly available information from the below two sources are referred to in this article and the link to the source is included.
1. Stay Ahead of Growing Third-Party Risks – Why legal and compliance leaders must shift to an iterative approach. Gartner
2. Third party governance and risk management. The threats are real. Deloitte