Most companies aren't confident that they have the right technology and procedures to manage the risk of data losses or service delays due to third parties such as suppliers and outsourcing providers, a Deloitte survey says
About nine in 10 companies have had a "disruptive incident" involving third parties in the last three years, such as the loss of data or failure to deliver a service on time.
Ninety-four per cent of chief finance officers, internal audit officers and other senior managers surveyed at 170 companies and public-sector organisations, said that they had "low to moderate levels" of confidence in the tools and technology currently used to manage risk when dealing with suppliers, outsourcing suppliers and also parts of their own company such as "de-centralised" operating units.
Despite these worries, three in four (74%) companies surveyed said that third parties will play a highly important, or even critical role in the year ahead, up from 60% a year or more earlier.
The increasing use of new technologies such as the cloud computing will that facilitate collaboration with third-parties and enable businesses to enhance their "virtual boundaries", the Deloitte report said. That will create opportunities to improve performance. It may also create new third-party risks to manage.
"With reliance on third parties set to grow, now is the time to address the ‘execution gap’ between risk and readiness," said Kristian Park, partner and global head of third party governance and risk management at Deloitte. “The impact of third party incidents ranges from reputational damage, regulatory and data breaches, through to actual lost revenue and future business. Increasing frequency of third party incidents, some high profile, has driven a shift in motivation of organisations to improve their risk management.
"Third parties are increasingly seen as a route to gaining competitive advantage. They are often viewed as trusted advisors who bring in specialised skills or knowledge. It is therefore also important to recognise the opportunity that third parties create for organisations.”
Third party fines
Last year, Deloitte calculated that fines issued directly from third party failure have ranged from £1.3m to £35m and reaching up to £650m for companies operating internationally and subject to global regulation. As the market value of a company is impacted by such fines, shareholders could incur losses of up to 10 times the fine with an average share price drop of about 2.55%, Deloitte said.
The report also found that:
- Organisations have now gone far beyond the traditional focus on leveraging third parties in their direct supply chain (suppliers and vendors), with an increasing proportion of third parties in sales, distribution and support services, in addition to alliance and joint venture partners.
- The nature of the tasks being executed through third parties is becoming more critical than ever before, thus increasing the severity of consequences on disruption or failure. In the words of one respondent, “third parties are increasingly carrying out activities traditionally carried out by direct employees, in particular interacting with customers
- Respondents believe that the pursuit of lower costs will continue to drive businesses to “continue to identify and work with high quality but lower cost vendors and other third parties in emerging markets