Third-party risks overwhelm traditional ERM setups

2023-02-27 04:00

"Moreover, a majority of organizations are also using third parties for new-in-kind-services and have become more reliant on them to conduct their operations. While increased use of third parties can improve business operations in many ways, it also introduces risks that are causing notable impacts on organizations."

There are three aspects that ERM must do differently to improve effectiveness in managing third-party risk in a large organization, an approach Gartner calls enterprise third-party risk management.

ERM must first isolate and combine only those inputs that matter most at the enterprise level, enabling them to focus on aggregating the most important inputs and addressing the most critical enterprise third-party risks.

In practice, this means facilitating direct thought-partnership between risk co-owners with ERM adding expertise and aligning actions, as opposed to ERM acting as a central co-ordinator of all risk information and mitigation.

"With third-party risk exposure elevated and a multitude of incoming threats on the horizon, risk committees are expecting ERM to play a greater role in managing third-party risk," said Matlock.

"Yet traditional ERM posture is struggling to provide a concise, actionable view of third-party risk at the enterprise level. That's why ERM must focus on enterprise third-party risk management, which involves defining enterprise-level priorities, enabling cross-functional alignment, and monitoring forward-looking indicators."

News URL

https://www.helpnetsecurity.com/2023/02/27/third-party-risks-erm/