Why TPRM objectives fail – and what Global 2000 companies need to succeed
Even though large organizations have invested time, attention, and resources into third party risk management (TPRM) over the past decade, it’s clear that many programs are failing to deliver on their primary objective - keeping the organization safe.
Drawing on Aravo’s 16 years of experience of delivering successful implementations to large, complex multinational organizations – a new whitepaper pinpoints three common challenges that global businesses face as they consider their TPRM program requirements: Scale, Complexity, and Change.
Scale, Complexity, and Change can stalemate the best laid corporate strategy, and so it’s hardly surprising that these three business dynamics can dramatically impact the success of third party risk management programs at Global 2000 organizations.
The Global 2000 are, by definition, large global enterprises. This means that they have many different kinds of third parties with different risk profiles that they need to manage. Scale in these companies translates to:
- A high volume of third parties
- Many types of third parties – from the critical to the “long tail”
- Many users in multiple locations with different language and technical capabilities
- Multiple stakeholder requirements – often with competing priorities
- Global deployments across dozens of countries, jurisdictions, languages and cultures
- Historic silos
Business processes in large, global organizations are complex. These organizations have multiple systems, projects, and business processes that contain third party risks. These business processes need to be accommodated (and streamlined) within third party risk management programs. Complexity in these companies translates to:
- Technology integration challenges – there’s often multiple ERP and other internal systems that TPRM solutions will need to integrate with
- Reporting challenges – reporting at the group, function and enterprise level
- Data quality challenges –existing data in the enterprise can be of varying quality, structure and taxonomies
Global 2000 companies are subject to a high volume and velocity of change. They need a TPRM solution to be agile enough to adapt to these changes without the requirement for heavy-lifting by IT or expensive services projects each time change is required. Change in these companies takes the form of:
- Significant business transformation projects
- Relatively frequent reorganizations
- Mergers, acquisitions, and divestments
- Global expansion into new products and markets
- A high velocity and volume of regulatory change that impacts third party compliance
The white paper looks at each of these dynamics in turn, and provides insight on why tools, technology and processes can struggle to meet the strategic requirements that they pose. It exposes the gaps in the capabilities of legacy ERP, generic GRC, and bespoke solutions to be able to meet the demands associated with managing third party risk at scale, and provides an overview of the types of capabilities that enterprises should be looking for to address these requirements, and become more resilient in the process.