Below is Michael Rasmussen’s article found in the Summer 2021 issue of Enterprise Risk, published by the Institute of Risk Management (The IRM).

Before last year, risk managers knew they were living in an interconnected world. The pandemic showed them what disruption to that web of connections really meant. It is time to learn the lessons.

Martin Luther King Jr stated: “Whatever affects one directly, affects all indirectly. I can never be what I ought to be until you are what you ought to be. This is the interrelated structure of reality.” This statement is true in our individual relationships, and it is true in an organisation’s relationships in the extended enterprise.

That is because the structure and reality of business today has changed. It is not the same as it was a few decades back. Bricks-and-mortar walls do not define today’s business, nor is it defined by traditional employees. The modern organisation is supported by an interrelated structure of business relationships. It is an interconnected and interdependent web of suppliers, vendors, outsourcers, service providers, contractors, consultants, temporary workers, brokers, agents, dealers, intermediaries, partners and others. Business today relies and thrives on third-party relationships; this is the extended enterprise.


The business’s ability to reliably achieve corporate objectives directly depends on the governance of third-party relationships and whether the organisation can reliably achieve objectives in each relationship. The organisation’s ability to manage uncertainty, risk and resiliency requires that risk be managed in third-party relationships. The integrity and ability of the organisation to comply with regulations, commitments and values are measured by the integrity of its relationships as well.

The saying “Show me who your friends are, and I will tell you who you are” translates to business: show me who your third-party relationships are, and I will tell you who you are as an organisation. The modern business depends on, and is defined by, the governance, risk management and compliance of third-party relationships (third-party GRC) to ensure the organisation can reliably achieve objectives, manage uncertainty and act with integrity.

Third-party GRC is in a state of growing maturity and evolution. The year 2020 has brought many third-party management lessons through the trials and tribulations worldwide, and as a result, 2021 is aiming for greater resiliency and integrity in risk management, resiliency and integrity in the extended enterprise.

What we learnt in 2020

We cannot understand the 2021 trends in third-party GRC without understanding what transpired in 2020. The last year has taught organisations many lessons in third-party management which provides the foundation for the 2021 trends . . .


Leave a Reply

Your email address will not be published. Required fields are marked *