Today the business environment is more complex and our expected deliveries and success is highly dependent upon external parties and external factors, direct as well as indirect. In that perspective, we are also depending on third-party business partners and there are several good incentives to incorporate the third-party risks in the risk management process. Third parties pose risks to all companies, however the ability to implement GRC policies and controls environments is the answer for regulatory compliance.
Corporations are more vulnerable today and in the media you can continually find examples of enterprises and organisations that failed. Severe brand damages and severe financial consequences are not rare. The market and ambient judgment tend to focus down stream in a value chain, on well-known brands or where substantial values exist.
It is recommended to have a strategy about what the means and ways are to train and monitor third parties. At the same time, in practice, at a global and local level find the right level of faith, control and reasonable assurance in order to stay compliant. The executives have a key role to set the agenda, as well as the management teams, to ensure that each local business unit supply the best oversight and response that covers risk assessments, policy management, and provide GRC disclosure
The conclusion is that these issues need to be on the enterprises and organisations Governance, Risk management and Compliance agendas from top executive level, further down to the local management’s daily work. This needs to be done with practical guidance, sufficient support and the right tools implemented.
Henrik Frössling
RiskMaturity