Managing
Fourth-Party Risk
Managing risks associated with third-party vendors has become more challenging in today’s business environment because the risk landscape has expanded to include fourth and nth parties. Fourth parties are a company or entity that has a direct contract with your vendor, but not with your organization. Nth parties extend beyond third and fourth parties. It can be difficult to effectively manage the risks of extended vendors. Therefore, we were interested in learning about how organizations are addressing this issue.
As per best practices, 59% of organizations are currently examining and assessing their vendors’ third-party risk management practices.
How does your organization review fourth-party vendors/subcontractors?
*Respondents were asked to select all that applied.
Download Full Report
Organizational structure
Program investment
Vendor landscape
Vendor risk assessments
Vendor due diligence questionnaires and documentation requirements
Third-party risk management metrics
Regulatory focus and exam/audit results
Third-party risk management pressures
Emerging vendor risks
(such as cybersecurity, artificial intelligence, ESG, supplier diversity)
Third-party risk management challenges
Third-party risk management ROI
And much more!
The State of Third-Party Risk Management 2024 whitepaper provides an in-depth overview of the third-party risk management industry’s current focus, challenges, trends, and recommendations.
This invaluable resource is full of industry statistics, providing information you need to be aware of to make informed decisions on topics such as:
Download Now!
Best Practices in
Third-Party Risk Management
How is your organization currently or planning to assess/monitor vendor usage of artificial intelligence (AI)?
It’s no wonder that AI hit the number two spot of top third-party risk concerns in this year’s survey. Throughout the past year, the news was dominated by AI and its potential risks – particularly its impact on society and jobs. There were debates about the ethical implications of using AI, such as its potential to perpetuate biases or cause harm to individuals.
The rise of deepfake technology also raised concerns about the potential for AI to spread misinformation and manipulate public opinion. Many were also worried about the possibility of job loss due to automation. Third-party risk management practitioners face a number of added concerns when it comes to the risks associated with AI provided by third parties.
Use of AI by vendors.
Emerging
Third-Party Risks
Does your organization believe there is a return on investment (ROl)/value from investing in third-party risk management activities?
There are many factors that go into an organization’s decision to invest in third-party risk management. Organizations who receive benefits and a return on investment (ROI) tend to be more committed to third-party risk management as a practice. According to our survey, an overwhelming 96% of respondents said their organization believes there is ROI for third-party risk management activities.
Of the cumulative 96%, 40% said there may be differing opinions at their organization. In many organizations, the actual ROI of third-party risk management has yet to be clearly measured or expressed in terms of hard dollars. Additionally, when third-party risk management is seen as purely a regulatory requirement or “necessary evil,” there may be little analysis of its true value.
Return on Investment
Third-Party Risk Management
Value and Benefits
Peace of mind, savings through contract management, and being compliant with regulatory requirements.
Bank, Greater than $10B
Governance, better control of third-party spend, and reduces the risk of third-party incidents.
Insurance, 1,001-5,000 employees
Raising awareness to the business on the possible risk associated with any vendor engagement.
Non-Financial Institution Lending, 501-1,000 employees
Governance, better control of third-party spend, and reduces the risk of third-party incidents.
Insurance, 1,001-5,000 employees
Peace of mind that our third parties are being reviewed/monitored for risks and we understand how those risk can impact our organization.
Credit Union, $1B to $10B
We asked this year’s respondents to share in their own words what they believe are the primary benefits of third-party risk management.
