How to approach Third Party Risk Management
Firstly, there is a greater focus on the deeper fourth and fifth tier relationships, where businesses do not have visibility of issues or a direct commercial relationship. These can be especially significant because several suppliers may share the same power infrastructure, the same cloud computing providers, or the same port of entry. If there is an issue with one fifth tier supplier, it can significantly impact your whole chain, not just one company. This concentration risk lies at the heart of many of the current headlines about supply chain issues.
Secondly, many companies are rethinking how best to manage TPRM issues. One model is to take a centralized approach, often directed by the risk or procurement function so that best practice and policy can be applied consistently across the business. The weaknesses of this approach have been highlighted in the last 18 months, especially recently, as those involved can easily be overwhelmed by the scale and frequency of issues.
The alternative is to consider a more decentralized approach where those who work with suppliers daily take more ownership of TPRM. This approach provides more capacity for managing issues, and close working relationships mean that problems can be identified and addressed sooner. It also means that companies can better understand the nature and scale of the large-scale blockages companies are experiencing currently. This can help them monitor issues more proactively and help them navigate through problems more effectively.