Traditional brick and mortar business is a thing of the past: physical buildings and conventional employees no longer define organizations. The modern organization is an interconnected maze of relationships and interactions that span traditional business boundaries. Layers of relationships go beyond traditional employees to include suppliers, vendors, outsourcers, service providers, contractors, subcontractors, consultants, temporary workers, agents, brokers, intermediaries, and more. Complexity grows as these interconnected relationships, processes, and systems nest themselves in intricacy, such as deep supply chains.
In this context, organizations struggle to govern their third party relationships. Risk and compliance challenges do not stop at traditional organizational boundaries. An organization can face reputation and economic disaster by establishing or maintaining the wrong business relationships, or by allowing good business relationships to sour because of weak governance of the relationship. Third party problems are the organization’s problems that directly impact the brand and reputation while increasing exposure to risk and compliance matters. When questions of business practice, ethics, safety, quality, human rights, corruption, security, and the environment arise, the organization is held accountable, and it must ensure that third party partners behave appropriately.
The fastest growing segment of the GRC market is the demand for third party management solutions focused on the governance, risk management and compliance of third party relationships (e.g., supplier, vendor, contractors, broker, dealer, agent, outsourcer, service provider, . . . ).
The challenges is navigating the 130+ third party management solutions and understanding and differentiating capabilities. Some solutions focus on departmental third party issues such as information security, others focus on industry verticals, many focus purely on the due diligence process, many offer modules as part of broader platforms, and a few offer an end-to-end third party management capability.
Whether for a department third party management need or to manage the range of third parties across the enterprise, third party management solutions are in demand. Recent RFP and inquiry trends that GRC 20/20 is involved with show a growing demand for integrated cross-department third party management solutions. Where there used to be just a few solutions to choose from there are now over 130 with vary capabilities and approaches. They offer varying breadth and depth of capabilities, and certainly no one offers a one size fits all solution. It has become a complex segment of the GRC market to navigate, understand, and find the solution(s) that is the perfect fit for your organization.
In this Research Briefing GRC 20/20 provides a framework for organizations evaluating or considering third party management solutions, as well as how to build a business case for third party management.