Third party risk management: Cost centre to value centre

How has third party risk management in procurement evolved from a cost centre to a value centre?

The central aim of third-party risk management in procurement is to make sure the organisation maintains operational continuity, protect its reputation, and comply with relevant regulations while reducing the potential impact of third-party failures or disruptions.

Sayan Debroy heads the Supplier Risk Intelligence solution at The Smart Cube (a WNS company), and explains to Procurement Magazine how businesses can revise how they approach third party risk management and turn it into an opportunity.  

Finding a competitive advantage 

What is third-party risk management?

Third-party risk management refers to systems and processes to minimise risks associated with third-parties, particularly vendors and partners. The purpose is to ensure business continuity, avoid unforeseen cost escalations, enforce compliance and protect a brand’s reputation.

By implementing timely due diligence and continuous monitoring of third-party and supply-chain risks, businesses can proactively reduce threats which have the potential to disrupt operations and damage brand and reputation. An effective third-party risk management system provides an organisation with a competitive advantage as they can respond to risks by planning their risk mitigation instead of only reacting as the risk emerges.

In recent years, there’s been an evolution in how procurement leaders think about third-party risk management. But how have attitudes towards this changed?

From a historical perspective, third-party risk management has always been perceived as a cost centre. Teams viewed it as a simple box-ticking exercise – doing as little as possible to ensure due diligence, but never committing more time or resources to it than necessary. For businesses, the aim was to avert disaster, while building supply chains and supplier portfolios to meet operational goals.

Due to the intense disruption that has been plaguing the procurement industry in recent years, third-party and supply-chain risks have risen to the top of corporate agendas. But the evolution currently taking place is not just a response to the volatile nature of today’s supply chain environment. Nowadays, it is also imperative in terms of ensuring compliance with regulations, industry standards, and business codes of conduct.

The real transition began when organisations accepted that to consistently tick all of those boxes, they needed to implement policies that made third-party risk management a core feature of the procurement team’s responsibilities. However, this only added extra boxes to tick.

Risk to supply chains 

Do procurement teams now have a better understanding of the relationship between third-party risk management and resilience?

Businesses now have a thorough understanding of the irrevocable connection between third-party and supply-chain risks and business resilience. One of the main reasons for this is that firms have had an abundance of opportunities to see the damaging impact that over-optimising supply chains has on business continuity.

Approaches like just-in-time inventory management have steadily lost appeal as businesses started to realise how they have the potential to put supply chains at significant risk. For instance, with just a single local disruption, the entire supply chain – and business operations – can come to a stop.

What has been the impact on businesses’ approach to risk management across their supply chain?

Nowadays, it is widely accepted that organisations cannot engineer supply chains for efficiency alone. They need to create more diverse supplier portfolios, explore risks in greater depths, and model the effects of potential supply chain disruption events. All of these necessitate a holistic mix of supplier, category, and macro-level intelligence.

This has helped give rise to a new form of intelligence-driven procurement team. Although policies and controls assist behaviours and ensure risk-award management, it is well-timed and contextual intelligence that provides procurement teams with the ability to make decisions that create business value without negatively impacting resilience.

How can businesses effectively manage third-party risks?

For businesses with a large supplier base and complex supply chains, managing third-party risks is a major challenge. A recent survey conducted by The Smart Cube found 87% of surveyed organisations had low-to-medium awareness of third-party risk – with awareness varying greatly between teams, leading to inconsistency in how risk is approached. Consequently, around 95% are unable to detect risks well in advance of their occurrence, rendering them unable to proactively mitigate these risks.

As such, for all businesses, it is imperative to make sure their procurement and supply chain teams are adequately supported with the reliable and timely insights required to make balanced, risk-aware decisions that ensure resilience and create value.

Technology and the future of risk management 

How can technology support this?

Comprehensive solutions are available which provide wide and continuous risk monitoring, as well as producing holistic and dynamic risk assessment. Instead of simply examining supplier-level risks, category and geography level risks must also be assessed to ensure firms are prepared in the event of disruptions.

Additionally, organisations should prioritise solutions that provide on-demand risk intelligence and actionable recommendations from risk mitigation experts, empowering firms to manage risks in an effective and timely manner. The solution should offer custom insight dashboards and deep-dive assessment reports tailored to meet their individual business, compliance and sustainability aims.

What does the future hold for third-party risk management?

Businesses are beginning to recognise the importance of having the right approach to risk intelligence and insight delivery, and transforming how they consider supply chain threats.

The main purpose of risk intelligence is to assist procurement teams in selecting and partnering with suppliers who are capable of consistently meeting their needs at the right price. It provides visibility of what suppliers are doing and how prepared they are for the future.

Once risk intelligence is contextualised by experts to meet business goals, firms don’t just get a view of risk – it becomes a view of opportunities. For example, it enables the procurement function to engage with suppliers who provide unique offerings prior to shifts in the market. Partnering with these suppliers ensures procurement teams don’t just mitigate risk and enhance resilience – they build business value.

This shift will likely result in third-party risk management evolving as a value centre for many organisations. Empowered with timely and contextual information, teams will be able to develop measurable business value. Crucially, this value won’t damage the resiliency of businesses’ supply chains and lead to risk exposure. The same decisions that drive one will drive them all.


For more insights into Procurement & Supply Chain - check out the latest edition of Procurement Magazine and be sure to follow us on LinkedIn & Twitter

Other magazines that may be of interest - Supply Chain Magazine | Sustainability Magazine

Please also check out our upcoming event - Procurement & Supply Chain LIVE in London at the BDC on Sept 26/27th 2023


BizClik is a global provider of B2B digital media platforms that cover 'Executive Communities' for CEOs, CFOs, CMOs, Sustainability Leaders, Procurement & Supply Chain Leaders, Technology & AI Leaders, Cyber Leaders, FinTech & InsurTech Leaders as well as covering industries such as Manufacturing, Mining, Energy, EV, Construction, Healthcare + Food & Drink.

BizClik, based in London, Dubai & New York offers services such as Content Creation, Advertising & Sponsorship Solutions, Webinars & Events.


Featured Articles

The Global P&SC Awards: One Month Until Submissions Close

Just one more month until submissions close for The Global Procurement & Supply Chain Awards in 2024

Top 100 Women 2024: Andrea Albright, Walmart – No. 6

Procurement Magazine’s Top 100 Women in Procurement honours Walmart’s Andrea Albright at Number 6 for 2024

Evolving Business Needs & Technologies Reshaping Procurement

Companies worldwide are revisiting their approaches to procurement as business requirements and technologies rapidly change, according to ISG's report

Top 100 Women 2024: Alexandra Hammond, NHS England – No. 5

Procurement Strategy

Procurement & Supply Chain LIVE Dubai: One Month to Go!

Procurement Strategy

Top 100 Women 2024: Aurelia Tremblaye, ENGIE – No. 4

Digital Procurement