When businesses invest in risk management procedures, they tend to focus on their internal risks. However, businesses should shift attention to third parties, as these organizations can have significant impacts that could be felt throughout the production process. In the 2013 Third Party Risk in a Global Environment survey by NAVEX Global, fewer than 7 out of 10 U.S. companies gave their full attention to third party vendors, suppliers and agents in terms of avoiding business risks related to corruption, fraud or compliance.
Randy Stephens, vice president of advisory services with NAVEX Global, said ethics officers are often too busy concentrating on daily compliance and policy programs that they do not pay attention to risk assessment procedures and management for third parties.
"Their bandwidth issues often necessitate a high-level review of some third party relationships rather than tackling the inherent complexities of tracking and monitoring all of their often thousands of third parties at an appropriate level truly impactful in protecting the business," Stephens said.
Twenty-nine percent of U.S. firms track all of their third party relationships. Those who do monitor their third party relationships say they only do so for parties they believe are the most important. This is alarming as the use of third parties does not seem to slow down for almost all businesses in the survey. A combined 92 percent of survey takers said they would either increase their third party use in the next 12 months or were not certain whether they plan to.
Shanti Atkins, president and chief strategy officer of NAVEX Global, said many organizations are not equipped to monitor third party actions with the right technology and resources to address risks they may present.
IT security and third party monitoring
Computer security experts also remind companies of the fact that they do not do enough to assess third party risk, especially when it comes to protecting their own networks and data, according to IT security site Dark Reading.
Brad Johnson, vice president of consultancy SystemExperts, said companies tend to lose sight of the importance of monitoring their relationships with third party vendors after signing off to use their services.
"Often, once the lawyers have finally signed off on an agreement, both parties tend to have a very hands-off approach with each other and forget the details of making sure things are staying on course," Johnson said.
This lack of attention to detail could put organizations at risk, which could include data breaches of sensitive corporate information.