A third party is any entity that a company does business with. This may include suppliers, vendors, contract manufacturers, business partners and affiliates, brokers, distributors, resellers, and agents. Third parties account for approximately 60% of total revenue on average so managing them manually is not sustainable.
Companies do not have to conduct critical activities to be considered a third party. The role or size of the third party is not as important as the nature of the relationship, the criticality of its activities, the level of access it has to sensitive data or property, or the company's accountability for inappropriate actions of its third parties.
To inform your TPRM strategy, it is important to know exactly who your third parties are and what you may need to prepare for. By asking the right questions, you create a competitive advantage for your organization because if a competitor loses their supply but you still have supply, people will want your products or services.
In the following presentation, David Loseby discusses key considerations and best practices in third-party risk management. The former CPO of Rolls Royce has over 30 years of experience driving value through procurement, organizational transformation, and change management.