A staggering eight in 10 executive risk committee members say their organizations have experienced operations disruptions due to a third-party risk incident, according to a new Gartner survey of enterprise risk management teams.
Gartner’s survey of 100 executive risk committee members found that 84% said third-party risk “misses” disrupted operations in the year leading up to the survey, while 33% faced regulatory action as a result of a third-party risk management whiff.
“Most organizations have seen an increase in the number of third parties under contract in recent years,” said Chris Matlock, vice president of research in Gartner’s legal risk and compliance practice. “Moreover, a majority of organizations are also using third parties for new-in-kind-services and have become more reliant on them to conduct their operations. While increased use of third parties can improve business operations in many ways, it also introduces risks that are causing notable impacts on organizations.”
ERM teams must be more effective in three aspects in particular, according to Gartner’s analysts:
- Isolate and combine only those inputs that matter most at the enterprise level, enabling enterprise risk management teams to focus on aggregating the most important inputs and addressing the most critical enterprise third-party risks.
- Facilitate direct thought-partnership between risk co-owners with ERM adding expertise and aligning actions, as opposed to ERM acting as a central coordinator of all risk information and mitigation.
- With regard to third parties, narrow the scope of what is being monitored, limiting focus to the most critical emerging issues and proactively tracking them with a set of easily monitored forward-looking indicators that enables ERM to reliably spot critical enterprise risk trends.
Gartner’s survey was conducted in September 2022.