Vendor risk management and, in particular, third party risk management has become one of the toughest issues companies face—especially after a string of high-profile compliance failures in recent years. The majority of compliance professionals have a solid understanding of the potential liability associated with third parties. They struggle, however, with how to deal with that risk.
To better understand this growing problem, we’ve recently released our first Third Party Risk Management Benchmark Report.The research, conducted in a partnership with an independent firm, seeks to address questions surrounding third party risk, including:
- Who owns third party risk management and due diligence activities?
- How are organizations using vendors to assist with third party due diligence?
- How does continuous, automated due diligence affect ROI and exposure to risk?
We surveyed 321 individuals responsible for ethics and compliance programs in their organizations. Below are just a few of the key findings from the report.
1) Top E&C Concerns
It is not a huge surprise that bribery, fraud and conflicts of interest top the list of third party concerns. Many such cases carry large fines and penalties along with civil and criminal sanctions, including debarment—some against individuals and insiders in the organization.
However, though many organizations know which third party failures they should fear, other report findings show that they have not yet built sufficient programs—with appropriate FTEs, budgets, risk-based third party management approaches and more—to protect themselves from those risks.