The Extended Enterprise Demands Attention
Organizations are no longer a self-contained entity defined by brick and mortar walls and traditional employees. The modern organisation is comprised of a mixture of third party relationships that often nest themselves in complexity such as with deep supply chains. Two decades ago the term insider was synonymous with employee, now over half of the insiders in many organisations are not employees; they are contractors, consultants, temporary workers, agents, brokers, intermediaries, suppliers, vendors, outsourcers, service providers and more.
The extended enterprise of third party relationships brings on a range of risks that the organisation has to be concerned about. Managing third party risk has risen to be a significant regulatory, contractual, and board level governance mandate. Organisations need to be fully aware of the risks in third party relationships and manage this risk throughout the lifecycle of the relationship, from on-boarding to off-boarding of a third party.
Third party risks that are of primary concern to organisations include:
- Bribery, Corruption, & Fraud
- Conflict Minerals
- Corporate Social Responsibility
- Environmental, Health & Safety
- Information Security
- International Labour Standards (e.g., child labour, forced labour)
- Physical Security
- Slavery & Human Rights
These risks poise significant reputational, financial, and operational concerns. They also poise a growing burden of regulatory concern and oversight (e.g., UK Modern Slavery Act, UK Anti-Bribery Act).
As organisations confront the growing exposure in third party risks they soon realise that the scattered redundant ad hoc approaches of the past are not sustainable. Third party risk can no longer be managed by different departments doing similar things in different ways, often with a mountain of emails, documents, and spreadsheets that are out of date and cost a significant amount of employee time to keep on top of. Managing third party risk requires a structured and integrated process that is supported by an information and technology architecture that can address the range of third party risks consistently without things slipping through the cracks.
An effective third party risk management process enables . . .
The rest of this post can be found as a guest blog on the SureCloud Blog . . .READ MORE