Among organizations that engage third parties to provide business services, 83% identified third-party risks after conducting due diligence and before recertification, according to Gartner.
Gartner's survey of more than 250 legal and compliance leaders reveals that the standard point-in-time approach to risk management is no longer effective in today's landscape of fast-paced, rapidly changing business relationships.
With an increasing number of third parties performing new-in-kind and noncore services for organizations, material risks cannot always be identified prior to the start of a business relationship. Modern risk management must account for ongoing changes in third-party relationships and mitigate risks in an iterative way — that is, on a continual basis, rather than at specified intervals.
“Legal and compliance leaders have relied on a point-in-time approach to third-party risk management, which emphasizes exhaustive upfront due diligence and recertification for risk mitigation,” said Chris Audet, research director for Gartner’s Legal & Compliance practice. “Our research shows an iterative approach to third-party risk management is the new imperative for meeting business demands for speed and stakeholder demands for risk mitigation.”
With a point-in-time risk management approach, compliance leaders attempt to identify potential third-party risks upfront with extensive due diligence before contracting and again at recertification. However, this approach is largely ineffective: Not only does it contribute to longer onboarding and waiting periods, it also fails to capture any risks that may arise due to ongoing changes throughout the relationship. Among survey respondents who identified risks post-due diligence, 31 percent of those risks had a material impact on the business.
“Ninety-two percent of legal and compliance leaders told us that those material risks could not have been identified through due diligence,” said Mr. Audet. “The only way to surface those risks was through actual engagement with the third party and through ongoing risk identification over the course of the third-party relationship.”
Discover the latest Business News, Sensex, and Nifty updates. Obtain Personal Finance insights, tax queries, and expert opinions on Moneycontrol or download the Moneycontrol App to stay updated!
Find the best of Al News in one place, specially curated for you every weekend.
Stay on top of the latest tech trends and biggest startup news.