The naturalist John Muir stated, “When one tugs at a single thing in nature, he finds it attached to the rest of the world.” This not only applies to nature but also to the reality of the Extended Enterprise in today’s complex and interconnected world. What seems to be one third-party risk cascades and interconnects with a variety of other third-party risks and relationships.
Recently I was talking to a global automobile manufacturer on their third-party risk program. Their challenge was that they need a fully integrated view of third-party risk. Over half of their operations are no longer defined by brick and mortar walls and employees, but is an array of suppliers, vendors, outsourcers, service providers, contractors, consultants, and more. These third parties work on and are part of internal processes and transactions that employees traditionally filled. When it came to governing and managing risk in these relationships, they felt exposed as they did not have a holistic view of third-party risk. Different departments –– IT security, procurement, legal, compliance, and others – each had their individual view of risk, but no one had the complete or aggregate view of risk in any relationship.
Organizations today need a holistic 360° view into third-party risk to be able to see the aggregate view of risk in any one relationship as well as across relationships. The challenge is they often select the wrong technology architecture to support an integrated view of risk . . .
[THE REST OF THIS ARTICLE CAN BE FOUND ON THE ARAVO BLOG WHERE GRC 20/20’S MICHAEL RASMUSSEN IS A GUEST AUTHOR]