SlideShare a Scribd company logo

Deloitte_POV_Beyond Risk

Frederic Girardeau-Montaut
Frederic Girardeau-Montaut
1 of 3
Download to read offline
Looking Beyond Risk Driving Performance Improvement Through Better Third-Party Risk Management Organizations today rise and fall according to the strength of their relationships with third-party partners and suppliers. Even a slight failure with a small but critical supplier can derail your operations significantly. What happens if your packaging supplier can’t meet your turnaround schedule for a new product release? Which partners—large or small—have access to which sets of your data, and what would happen if they experience a data breach? Which partners are really most critical to your operations—and how would your organization suffer if your relationship with them fails? Where are the areas of underperformance in the supply chain? These are the types of questions that lie at the heart of improved third-party risk management (TPRM). And savvy businesses today realize that understanding and managing third-party risk means more than tabulating how much you spend with a partner.
Knowing the dangers: three types of disruptions Knowing what’s at stake—and how bad things can get—is a first step in improving your ability to manage risk. A failure in a third-party relationship can result in one of three types of disruptions. Chronic disruptions prevent business from getting done on time and within budget. On the surface, organizations often perceive these disruptions as “the cost of doing business.” They can take the form of out-of-stock situations, service-delivery failures, and release of poor-quality products—events resulting in lost sales and eroded sales margins. However, chronic disruptions may be leading indicators of what lies below the surface. They can signal the potential for disruptions that are even more severe, or they can reveal opportunities for improving supply-chain performance. Acute disruptions are more significant. They interfere with your strategic objectives, your ability to return value to shareholders, and the strength of your reputation. They can result in lost sales, increased debts, and a reduced ability to fund innovation. Though not catastrophic, they can profoundly affect your organization’s global performance. Catastrophic disruptions are high-severity events that typically have a low probability of occurring—making their risk potential easy for organization leaders to dismiss. But treating the risk lightly is a mistake. When third-party failures cause catastrophic disruptions, the threats extend to market share, brand, and the ability to meet liability obligations. Severe disruptions can threaten the overall survival of the organization. Realizing the needs: three essential perspectives Successful management of third-party risk can do more than reduce risk. It can drive performance improvements and cost savings. Managing third-party risk can help an organization create stronger relationships with suppliers— providing intelligence and lines of communication that can help avoid or minimize the impact of disruptions, as well as helping the organization discover new opportunities for revenue, product or process improvements, and savings. Better TPRM can be an avenue for creating value —and for protecting it. A comprehensive, integrated perspective is critical for managing third-party risk and creating value. TPRM involves more than procurement leaders and suppliers. Third-party risk extends to many corners of the organization—from IT and information-management activities to compliance functions. And there are myriad factors to consider, track, and analyze when it comes to potential third-party failures and the flow of goods and services—including geopolitical issues, environmental issues, and regulatory challenges. Each type of risk and each level of disruption is different, requiring a different set of tools. Preventing and managing chronic disruptions involves leveraging resources such as SAP technology as well as proprietary supply-chain analytics and valuation tools and techniques to detect trends and gauge costs. It’s an approach that ultimately can uncover otherwise unknown or asymptomatic issues that erode performance. Mitigating strategic disruptions involves assessing a distinct set of risk domains: reputation and strategic risk, contractual risk, financial/ transactional/credit risk, operational/geopolitical/ supply-chain risk, compliance and legal risk, information security, and business-continuity risk. And a TPRM program to mitigate catastrophic disruptions involves systematically identifying worst-case scenarios and comparing their financial impact to the organization’s risk appetite, to help drive risk-management decision making, business continuity planning, and insurance plans.
Beginning the transformation: three essential questions Transforming the way your organization thinks about TPRM should begin with three vital questions that can help bring challenges into focus and help begin a conversation on potential solutions. • What does my existing risk-management function look like today compared to how it should look for the future? This question centers on understanding what it will take to get your organization to the next level of TPRM as a driver of performance improvements. • What risk thresholds will my organization accept, and what thresholds won’t we accept? Risks should come with rewards, but it’s critical to understand how much risk is too much—and to place risk levels in the context of expected rewards. • How can leaders deploy a TPRM program while demonstrating its value to the organization? Aligning a TPRM program with strategic corporate goals is essential to building a business case, and the work involves an approach in which third parties are overseen based on the impact they have on your organization. Risk reporting that gives decision- makers unbiased intelligence helps show the value of the program, too. Ultimately, the value of a TPRM program will hinge on your technology choices and your efficient use of other resources for understanding and managing risk. Moving forward: three keys to collaborating on TPRM Building a strong TPRM program requires strong relationships. At Deloitte, our client collaboration process relies on a highly focused set of skills for managing risk effectively and productively The right experience. With decades of business and technical experience designing strategies and operations to address risk-based challenges, Deloitte brings a deep set of knowledge and skills to the third-party realm. The right insights. Deloitte specializes in digging deep within organizations to build understanding of processes and deliver meaningful, actionable insights. And since our work spans a wide range of industries and business models, we also have a wealth of TPRM insights and answers at the ready. The right tools. As a services partner in the SAP Global Alliance, Deloitte has a profound understanding of the power of SAP offerings and how organizations can use them to manage third-party risk today. Our experience with tools such as SAP InfoNet —a cloud-based analytic application that provides insight into supply chains by sharing real-time supplier information and helping to identify upstream risks—allows us to accelerate solutions for clients, even those that aren’t using SAP ERP. Ryan Flynn Principal Deloitte Consulting LLP rpflynn@deloitte.com Jeffrey Simon Director Deloitte Touche LLP jefsimon@deloitte.com Michael Platz Senior Manager Deloitte Touche LLP mplatz@deloitte.com Eric Wieczorek Manager Deloitte Touche LLP ewieczorek@deloitte.com To learn more about how Deloitte can help transform your TPRM approach, improve performance, and deliver benefits that your organization can see in the bottom line, please contact us. Key contacts: This publication contains general information only and Deloitte is not, by means of this publication, rendering accounting, business, financial, investment, legal, tax, or other professional advice or services. This publication is not a substitute for such professional advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified professional advisor. Deloitte shall not be responsible for any loss sustained by any person who relies on this publication. As used in this document, “Deloitte” means Deloitte Consulting LLP, a subsidiary of Deloitte LLP. Please see www.deloitte.com/us/about for a detailed description of the legal structure of Deloitte LLP and its subsidiaries. Certain services may not be available to attest clients under the rules and regulations of public accounting. Copyright © 2015 Deloitte Development LLC. All rights reserved.

Recommended

An industrial approach to risk and control self-assessments
An industrial approach to risk and control self-assessmentsAn industrial approach to risk and control self-assessments
An industrial approach to risk and control self-assessmentsGrant Thornton LLP
 
GRC15620_Report_-_Third_party_risk_exposing_the_gaps
GRC15620_Report_-_Third_party_risk_exposing_the_gapsGRC15620_Report_-_Third_party_risk_exposing_the_gaps
GRC15620_Report_-_Third_party_risk_exposing_the_gapsKate Tomlinson
 
Third party risk management and it’s complexities
Third party risk management and it’s complexitiesThird party risk management and it’s complexities
Third party risk management and it’s complexitieskevinmass30
 
A compliance officer's guide to third party risk management
A compliance officer's guide to third party risk managementA compliance officer's guide to third party risk management
A compliance officer's guide to third party risk managementSALIH AHMED ISLAM
 
CYBERSECURITY, RISK & COMPLIANCE | AMPCUS INC.
CYBERSECURITY, RISK & COMPLIANCE | AMPCUS INC.CYBERSECURITY, RISK & COMPLIANCE | AMPCUS INC.
CYBERSECURITY, RISK & COMPLIANCE | AMPCUS INC.Unified11
 
Third-Party Risk Management (TPRM) | Risk Assessment Questionnaires
Third-Party Risk Management (TPRM) | Risk Assessment QuestionnairesThird-Party Risk Management (TPRM) | Risk Assessment Questionnaires
Third-Party Risk Management (TPRM) | Risk Assessment QuestionnairesCorporater
 
FSI_Third Party Risk Management_Deloitte PoV
FSI_Third Party Risk Management_Deloitte PoVFSI_Third Party Risk Management_Deloitte PoV
FSI_Third Party Risk Management_Deloitte PoVFrederic Girardeau-Montaut
 
Managing Reputational Risk
Managing Reputational RiskManaging Reputational Risk
Managing Reputational RiskEneni Oduwole
 

Recommended

An industrial approach to risk and control self-assessments
An industrial approach to risk and control self-assessmentsAn industrial approach to risk and control self-assessments
An industrial approach to risk and control self-assessmentsGrant Thornton LLP
 
GRC15620_Report_-_Third_party_risk_exposing_the_gaps
GRC15620_Report_-_Third_party_risk_exposing_the_gapsGRC15620_Report_-_Third_party_risk_exposing_the_gaps
GRC15620_Report_-_Third_party_risk_exposing_the_gapsKate Tomlinson
 
Third party risk management and it’s complexities
Third party risk management and it’s complexitiesThird party risk management and it’s complexities
Third party risk management and it’s complexitieskevinmass30
 
A compliance officer's guide to third party risk management
A compliance officer's guide to third party risk managementA compliance officer's guide to third party risk management
A compliance officer's guide to third party risk managementSALIH AHMED ISLAM
 
CYBERSECURITY, RISK & COMPLIANCE | AMPCUS INC.
CYBERSECURITY, RISK & COMPLIANCE | AMPCUS INC.CYBERSECURITY, RISK & COMPLIANCE | AMPCUS INC.
CYBERSECURITY, RISK & COMPLIANCE | AMPCUS INC.Unified11
 
Third-Party Risk Management (TPRM) | Risk Assessment Questionnaires
Third-Party Risk Management (TPRM) | Risk Assessment QuestionnairesThird-Party Risk Management (TPRM) | Risk Assessment Questionnaires
Third-Party Risk Management (TPRM) | Risk Assessment QuestionnairesCorporater
 
FSI_Third Party Risk Management_Deloitte PoV
FSI_Third Party Risk Management_Deloitte PoVFSI_Third Party Risk Management_Deloitte PoV
FSI_Third Party Risk Management_Deloitte PoVFrederic Girardeau-Montaut
 
Managing Reputational Risk
Managing Reputational RiskManaging Reputational Risk
Managing Reputational RiskEneni Oduwole
 
Understanding and Managing Reputation Risk
Understanding and Managing Reputation RiskUnderstanding and Managing Reputation Risk
Understanding and Managing Reputation RiskSteve Leigh
 
Reputational risk in banks nibm lecture 220213
Reputational risk in banks nibm lecture 220213Reputational risk in banks nibm lecture 220213
Reputational risk in banks nibm lecture 220213krammohan
 
Risk Mgmt - Define_And_Articulate
Risk Mgmt - Define_And_ArticulateRisk Mgmt - Define_And_Articulate
Risk Mgmt - Define_And_ArticulateAnthony Chiusano
 
Third Party Risk Management Introduction
Third Party Risk Management IntroductionThird Party Risk Management Introduction
Third Party Risk Management IntroductionNaveen Grover
 
The risk of risks: Reputation risk and resiliency Sept. 2014
The risk of risks: Reputation risk and resiliency Sept. 2014The risk of risks: Reputation risk and resiliency Sept. 2014
The risk of risks: Reputation risk and resiliency Sept. 2014Linda Locke Reputation Strategist
 
What we do
What we doWhat we do
What we doNarasimha Das
 
Extended Enterprise Risk Management (ERM) | R N Marwah & Co. LLP - Chartered ...
Extended Enterprise Risk Management (ERM) | R N Marwah & Co. LLP - Chartered ...Extended Enterprise Risk Management (ERM) | R N Marwah & Co. LLP - Chartered ...
Extended Enterprise Risk Management (ERM) | R N Marwah & Co. LLP - Chartered ...R N Marwah & Co. LLP - Chartered Accountants
 
Why Community-based Financial Institutions Should Practice Enterprise Risk Ma...
Why Community-based Financial Institutions Should Practice Enterprise Risk Ma...Why Community-based Financial Institutions Should Practice Enterprise Risk Ma...
Why Community-based Financial Institutions Should Practice Enterprise Risk Ma...WolfPAC - Integrated Risk Management
 
Reputation Management Essentials
Reputation Management EssentialsReputation Management Essentials
Reputation Management Essentialsntthanhhang
 
How Audit Committees Can Help with Third-Party Risks
How Audit Committees Can Help with Third-Party RisksHow Audit Committees Can Help with Third-Party Risks
How Audit Committees Can Help with Third-Party RisksMHM (Mayer Hoffman McCann P.C.)
 
Third-Party Risk Management: Implementing a Strategy
Third-Party Risk Management: Implementing a StrategyThird-Party Risk Management: Implementing a Strategy
Third-Party Risk Management: Implementing a StrategyNICSA
 
Third-Party Oversight & Governance
Third-Party Oversight & GovernanceThird-Party Oversight & Governance
Third-Party Oversight & GovernanceEDR
 
Reputation risk
Reputation riskReputation risk
Reputation riskMichel Rochette
 
Virtual Risk Officer / Virtual Risk Advisor
Virtual Risk Officer / Virtual Risk AdvisorVirtual Risk Officer / Virtual Risk Advisor
Virtual Risk Officer / Virtual Risk AdvisorGrayline
 
WSJ-Compliance Risks What You Don’t Contain Can Hurt You - Deloitte Risk (1)
WSJ-Compliance Risks What You Don’t Contain Can Hurt You - Deloitte Risk (1)WSJ-Compliance Risks What You Don’t Contain Can Hurt You - Deloitte Risk (1)
WSJ-Compliance Risks What You Don’t Contain Can Hurt You - Deloitte Risk (1)Keith Darcy
 
Best practice in reputation management in a causal framework by Dr Kevin Money
Best practice in reputation management in a causal framework by Dr Kevin MoneyBest practice in reputation management in a causal framework by Dr Kevin Money
Best practice in reputation management in a causal framework by Dr Kevin MoneyAddison Group
 
Montana-Paula-Krecicki
Montana-Paula-KrecickiMontana-Paula-Krecicki
Montana-Paula-KrecickiDaniel Paula
 
TI Managing Third Party Risk
TI Managing Third Party RiskTI Managing Third Party Risk
TI Managing Third Party RiskThe Business Council of Mongolia
 
Third Party Risk Management
Third Party Risk ManagementThird Party Risk Management
Third Party Risk ManagementEC-Council
 
Reporting to the Board on Corporate Compliance
Reporting to the Board on Corporate ComplianceReporting to the Board on Corporate Compliance
Reporting to the Board on Corporate ComplianceResolver Inc.
 
Enterprise Risk Management: Minimizing Exposure, Fostering Innovation and Acc...
Enterprise Risk Management: Minimizing Exposure, Fostering Innovation and Acc...Enterprise Risk Management: Minimizing Exposure, Fostering Innovation and Acc...
Enterprise Risk Management: Minimizing Exposure, Fostering Innovation and Acc...Cognizant
 
Definitive guide to third-party risk management - how to successfully mitigat...
Definitive guide to third-party risk management - how to successfully mitigat...Definitive guide to third-party risk management - how to successfully mitigat...
Definitive guide to third-party risk management - how to successfully mitigat...Kyiv National Economic University
 

More Related Content

What's hot

Understanding and Managing Reputation Risk
Understanding and Managing Reputation RiskUnderstanding and Managing Reputation Risk
Understanding and Managing Reputation RiskSteve Leigh
 
Reputational risk in banks nibm lecture 220213
Reputational risk in banks nibm lecture 220213Reputational risk in banks nibm lecture 220213
Reputational risk in banks nibm lecture 220213krammohan
 
Risk Mgmt - Define_And_Articulate
Risk Mgmt - Define_And_ArticulateRisk Mgmt - Define_And_Articulate
Risk Mgmt - Define_And_ArticulateAnthony Chiusano
 
Third Party Risk Management Introduction
Third Party Risk Management IntroductionThird Party Risk Management Introduction
Third Party Risk Management IntroductionNaveen Grover
 
The risk of risks: Reputation risk and resiliency Sept. 2014
The risk of risks: Reputation risk and resiliency Sept. 2014The risk of risks: Reputation risk and resiliency Sept. 2014
The risk of risks: Reputation risk and resiliency Sept. 2014Linda Locke Reputation Strategist
 
Why Community-based Financial Institutions Should Practice Enterprise Risk Ma...
Why Community-based Financial Institutions Should Practice Enterprise Risk Ma...Why Community-based Financial Institutions Should Practice Enterprise Risk Ma...
Why Community-based Financial Institutions Should Practice Enterprise Risk Ma...WolfPAC - Integrated Risk Management
 
Reputation Management Essentials
Reputation Management EssentialsReputation Management Essentials
Reputation Management Essentialsntthanhhang
 
Third-Party Risk Management: Implementing a Strategy
Third-Party Risk Management: Implementing a StrategyThird-Party Risk Management: Implementing a Strategy
Third-Party Risk Management: Implementing a StrategyNICSA
 
Third-Party Oversight & Governance
Third-Party Oversight & GovernanceThird-Party Oversight & Governance
Third-Party Oversight & GovernanceEDR
 
Virtual Risk Officer / Virtual Risk Advisor
Virtual Risk Officer / Virtual Risk AdvisorVirtual Risk Officer / Virtual Risk Advisor
Virtual Risk Officer / Virtual Risk AdvisorGrayline
 
WSJ-Compliance Risks What You Don’t Contain Can Hurt You - Deloitte Risk (1)
WSJ-Compliance Risks What You Don’t Contain Can Hurt You - Deloitte Risk (1)WSJ-Compliance Risks What You Don’t Contain Can Hurt You - Deloitte Risk (1)
WSJ-Compliance Risks What You Don’t Contain Can Hurt You - Deloitte Risk (1)Keith Darcy
 
Best practice in reputation management in a causal framework by Dr Kevin Money
Best practice in reputation management in a causal framework by Dr Kevin MoneyBest practice in reputation management in a causal framework by Dr Kevin Money
Best practice in reputation management in a causal framework by Dr Kevin MoneyAddison Group
 
Montana-Paula-Krecicki
Montana-Paula-KrecickiMontana-Paula-Krecicki
Montana-Paula-KrecickiDaniel Paula
 
Third Party Risk Management
Third Party Risk ManagementThird Party Risk Management
Third Party Risk ManagementEC-Council
 
Reporting to the Board on Corporate Compliance
Reporting to the Board on Corporate ComplianceReporting to the Board on Corporate Compliance
Reporting to the Board on Corporate ComplianceResolver Inc.
 

What's hot (20)

Understanding and Managing Reputation Risk
Understanding and Managing Reputation RiskUnderstanding and Managing Reputation Risk
Understanding and Managing Reputation Risk
 
Reputational risk in banks nibm lecture 220213
Reputational risk in banks nibm lecture 220213Reputational risk in banks nibm lecture 220213
Reputational risk in banks nibm lecture 220213
 
Risk Mgmt - Define_And_Articulate
Risk Mgmt - Define_And_ArticulateRisk Mgmt - Define_And_Articulate
Risk Mgmt - Define_And_Articulate
 
Third Party Risk Management Introduction
Third Party Risk Management IntroductionThird Party Risk Management Introduction
Third Party Risk Management Introduction
 
The risk of risks: Reputation risk and resiliency Sept. 2014
The risk of risks: Reputation risk and resiliency Sept. 2014The risk of risks: Reputation risk and resiliency Sept. 2014
The risk of risks: Reputation risk and resiliency Sept. 2014
 
What we do
What we doWhat we do
What we do
 
Extended Enterprise Risk Management (ERM) | R N Marwah & Co. LLP - Chartered ...
Extended Enterprise Risk Management (ERM) | R N Marwah & Co. LLP - Chartered ...Extended Enterprise Risk Management (ERM) | R N Marwah & Co. LLP - Chartered ...
Extended Enterprise Risk Management (ERM) | R N Marwah & Co. LLP - Chartered ...
 
Why Community-based Financial Institutions Should Practice Enterprise Risk Ma...
Why Community-based Financial Institutions Should Practice Enterprise Risk Ma...Why Community-based Financial Institutions Should Practice Enterprise Risk Ma...
Why Community-based Financial Institutions Should Practice Enterprise Risk Ma...
 
Reputation Management Essentials
Reputation Management EssentialsReputation Management Essentials
Reputation Management Essentials
 
How Audit Committees Can Help with Third-Party Risks
How Audit Committees Can Help with Third-Party RisksHow Audit Committees Can Help with Third-Party Risks
How Audit Committees Can Help with Third-Party Risks
 
Third-Party Risk Management: Implementing a Strategy
Third-Party Risk Management: Implementing a StrategyThird-Party Risk Management: Implementing a Strategy
Third-Party Risk Management: Implementing a Strategy
 
Third-Party Oversight & Governance
Third-Party Oversight & GovernanceThird-Party Oversight & Governance
Third-Party Oversight & Governance
 
Reputation risk
Reputation riskReputation risk
Reputation risk
 
Virtual Risk Officer / Virtual Risk Advisor
Virtual Risk Officer / Virtual Risk AdvisorVirtual Risk Officer / Virtual Risk Advisor
Virtual Risk Officer / Virtual Risk Advisor
 
WSJ-Compliance Risks What You Don’t Contain Can Hurt You - Deloitte Risk (1)
WSJ-Compliance Risks What You Don’t Contain Can Hurt You - Deloitte Risk (1)WSJ-Compliance Risks What You Don’t Contain Can Hurt You - Deloitte Risk (1)
WSJ-Compliance Risks What You Don’t Contain Can Hurt You - Deloitte Risk (1)
 
Best practice in reputation management in a causal framework by Dr Kevin Money
Best practice in reputation management in a causal framework by Dr Kevin MoneyBest practice in reputation management in a causal framework by Dr Kevin Money
Best practice in reputation management in a causal framework by Dr Kevin Money
 
Montana-Paula-Krecicki
Montana-Paula-KrecickiMontana-Paula-Krecicki
Montana-Paula-Krecicki
 
TI Managing Third Party Risk
TI Managing Third Party RiskTI Managing Third Party Risk
TI Managing Third Party Risk
 
Third Party Risk Management
Third Party Risk ManagementThird Party Risk Management
Third Party Risk Management
 
Reporting to the Board on Corporate Compliance
Reporting to the Board on Corporate ComplianceReporting to the Board on Corporate Compliance
Reporting to the Board on Corporate Compliance
 

Similar to Deloitte_POV_Beyond Risk

Enterprise Risk Management: Minimizing Exposure, Fostering Innovation and Acc...
Enterprise Risk Management: Minimizing Exposure, Fostering Innovation and Acc...Enterprise Risk Management: Minimizing Exposure, Fostering Innovation and Acc...
Enterprise Risk Management: Minimizing Exposure, Fostering Innovation and Acc...Cognizant
 
Definitive guide to third-party risk management - how to successfully mitigat...
Definitive guide to third-party risk management - how to successfully mitigat...Definitive guide to third-party risk management - how to successfully mitigat...
Definitive guide to third-party risk management - how to successfully mitigat...Kyiv National Economic University
 
White-Paper-Four-Keys-to-Creating-a-Vendor-Risk-Management-Program.pdf
White-Paper-Four-Keys-to-Creating-a-Vendor-Risk-Management-Program.pdfWhite-Paper-Four-Keys-to-Creating-a-Vendor-Risk-Management-Program.pdf
White-Paper-Four-Keys-to-Creating-a-Vendor-Risk-Management-Program.pdfOuheb Group
 
5 steps for better risk assessment
5 steps for better risk assessment5 steps for better risk assessment
5 steps for better risk assessmentDrMohammedFarid
 
Risk & Advisory Services: Quarterly Risk Advisor Nov. 2015
Risk & Advisory Services: Quarterly Risk Advisor Nov. 2015Risk & Advisory Services: Quarterly Risk Advisor Nov. 2015
Risk & Advisory Services: Quarterly Risk Advisor Nov. 2015CBIZ, Inc.
 
Research for the reputation of the company in Vietnam: Risk Management
Research for the reputation of the company in Vietnam: Risk ManagementResearch for the reputation of the company in Vietnam: Risk Management
Research for the reputation of the company in Vietnam: Risk ManagementPrénom Nom de famille
 
ComplianceOnline PPT Format 2015 Developing an Effective Fraud Risk Managemen...
ComplianceOnline PPT Format 2015 Developing an Effective Fraud Risk Managemen...ComplianceOnline PPT Format 2015 Developing an Effective Fraud Risk Managemen...
ComplianceOnline PPT Format 2015 Developing an Effective Fraud Risk Managemen...Craig Taggart MBA
 
My report_donald.docx
My report_donald.docxMy report_donald.docx
My report_donald.docxGenevieveGo3
 
Best 6 IT Vendor Management Practices.pdf
Best 6 IT Vendor Management Practices.pdfBest 6 IT Vendor Management Practices.pdf
Best 6 IT Vendor Management Practices.pdfExpert App Devs
 
Contingent Workforce Solution
Contingent Workforce SolutionContingent Workforce Solution
Contingent Workforce SolutionMichael Wiley
 
Fraud, bribery and corruption: Protecting reputation and value
Fraud, bribery and corruption: Protecting reputation and valueFraud, bribery and corruption: Protecting reputation and value
Fraud, bribery and corruption: Protecting reputation and valueDavid Graham
 
Taking the road to advanced approaches and heightened standards in risk manag...
Taking the road to advanced approaches and heightened standards in risk manag...Taking the road to advanced approaches and heightened standards in risk manag...
Taking the road to advanced approaches and heightened standards in risk manag...Grant Thornton LLP
 
GP_for_Third_Party_Anti-Corruption_product_sheet
GP_for_Third_Party_Anti-Corruption_product_sheetGP_for_Third_Party_Anti-Corruption_product_sheet
GP_for_Third_Party_Anti-Corruption_product_sheetMarco Villacorta Olano
 
Vendor risk management 2013
Vendor risk management 2013Vendor risk management 2013
Vendor risk management 2013Nidhi Gupta
 
Vendor risk management 2013
Vendor risk management 2013Vendor risk management 2013
Vendor risk management 2013Nidhi Gupta
 

Similar to Deloitte_POV_Beyond Risk (20)

Enterprise Risk Management: Minimizing Exposure, Fostering Innovation and Acc...
Enterprise Risk Management: Minimizing Exposure, Fostering Innovation and Acc...Enterprise Risk Management: Minimizing Exposure, Fostering Innovation and Acc...
Enterprise Risk Management: Minimizing Exposure, Fostering Innovation and Acc...
 
Definitive guide to third-party risk management - how to successfully mitigat...
Definitive guide to third-party risk management - how to successfully mitigat...Definitive guide to third-party risk management - how to successfully mitigat...
Definitive guide to third-party risk management - how to successfully mitigat...
 
White-Paper-Four-Keys-to-Creating-a-Vendor-Risk-Management-Program.pdf
White-Paper-Four-Keys-to-Creating-a-Vendor-Risk-Management-Program.pdfWhite-Paper-Four-Keys-to-Creating-a-Vendor-Risk-Management-Program.pdf
White-Paper-Four-Keys-to-Creating-a-Vendor-Risk-Management-Program.pdf
 
5 steps for better risk assessment
5 steps for better risk assessment5 steps for better risk assessment
5 steps for better risk assessment
 
Risk & Advisory Services: Quarterly Risk Advisor Nov. 2015
Risk & Advisory Services: Quarterly Risk Advisor Nov. 2015Risk & Advisory Services: Quarterly Risk Advisor Nov. 2015
Risk & Advisory Services: Quarterly Risk Advisor Nov. 2015
 
Research for the reputation of the company in Vietnam: Risk Management
Research for the reputation of the company in Vietnam: Risk ManagementResearch for the reputation of the company in Vietnam: Risk Management
Research for the reputation of the company in Vietnam: Risk Management
 
ComplianceOnline PPT Format 2015 Developing an Effective Fraud Risk Managemen...
ComplianceOnline PPT Format 2015 Developing an Effective Fraud Risk Managemen...ComplianceOnline PPT Format 2015 Developing an Effective Fraud Risk Managemen...
ComplianceOnline PPT Format 2015 Developing an Effective Fraud Risk Managemen...
 
Compliance risk management planning 2017-02-mattoon
Compliance risk management planning 2017-02-mattoonCompliance risk management planning 2017-02-mattoon
Compliance risk management planning 2017-02-mattoon
 
7 Major Challenges of Channel Management
7 Major Challenges of Channel Management7 Major Challenges of Channel Management
7 Major Challenges of Channel Management
 
My report_donald.docx
My report_donald.docxMy report_donald.docx
My report_donald.docx
 
Best 6 IT Vendor Management Practices.pdf
Best 6 IT Vendor Management Practices.pdfBest 6 IT Vendor Management Practices.pdf
Best 6 IT Vendor Management Practices.pdf
 
My slides
My slidesMy slides
My slides
 
Contingent Workforce Solution
Contingent Workforce SolutionContingent Workforce Solution
Contingent Workforce Solution
 
Fraud, bribery and corruption: Protecting reputation and value
Fraud, bribery and corruption: Protecting reputation and valueFraud, bribery and corruption: Protecting reputation and value
Fraud, bribery and corruption: Protecting reputation and value
 
Taking the road to advanced approaches and heightened standards in risk manag...
Taking the road to advanced approaches and heightened standards in risk manag...Taking the road to advanced approaches and heightened standards in risk manag...
Taking the road to advanced approaches and heightened standards in risk manag...
 
GP_for_Third_Party_Anti-Corruption_product_sheet
GP_for_Third_Party_Anti-Corruption_product_sheetGP_for_Third_Party_Anti-Corruption_product_sheet
GP_for_Third_Party_Anti-Corruption_product_sheet
 
Vendor risk management 2013
Vendor risk management 2013Vendor risk management 2013
Vendor risk management 2013
 
Vendor risk management 2013
Vendor risk management 2013Vendor risk management 2013
Vendor risk management 2013
 
Vendor risk management 2013
Vendor risk management 2013Vendor risk management 2013
Vendor risk management 2013
 
Vendor risk management 2013
Vendor risk management 2013Vendor risk management 2013
Vendor risk management 2013
 

More from Frederic Girardeau-Montaut

Beyond EDI - Unlocking new value with SAP Ariba_July2016
Beyond EDI - Unlocking new value with SAP Ariba_July2016Beyond EDI - Unlocking new value with SAP Ariba_July2016
Beyond EDI - Unlocking new value with SAP Ariba_July2016Frederic Girardeau-Montaut
 
Ariba_Sourcing_sales_sheet_final_WEB_02Nov2015
Ariba_Sourcing_sales_sheet_final_WEB_02Nov2015Ariba_Sourcing_sales_sheet_final_WEB_02Nov2015
Ariba_Sourcing_sales_sheet_final_WEB_02Nov2015Frederic Girardeau-Montaut
 
Ariba® Spend Visibility - pinpoint where the money is going_Sept2015
Ariba® Spend Visibility - pinpoint where the money is going_Sept2015Ariba® Spend Visibility - pinpoint where the money is going_Sept2015
Ariba® Spend Visibility - pinpoint where the money is going_Sept2015Frederic Girardeau-Montaut
 
Ariba® Invoice and Dynamic Discounting - Pay early, save more_Sept2015
Ariba® Invoice and Dynamic Discounting - Pay early, save more_Sept2015Ariba® Invoice and Dynamic Discounting - Pay early, save more_Sept2015
Ariba® Invoice and Dynamic Discounting - Pay early, save more_Sept2015Frederic Girardeau-Montaut
 
SAPsAribaNetwork-Cloud-enabledBusinessCollaboration-1434069739-1434381998
SAPsAribaNetwork-Cloud-enabledBusinessCollaboration-1434069739-1434381998SAPsAribaNetwork-Cloud-enabledBusinessCollaboration-1434069739-1434381998
SAPsAribaNetwork-Cloud-enabledBusinessCollaboration-1434069739-1434381998Frederic Girardeau-Montaut
 

More from Frederic Girardeau-Montaut (7)

Beyond EDI - Unlocking new value with SAP Ariba_July2016
Beyond EDI - Unlocking new value with SAP Ariba_July2016Beyond EDI - Unlocking new value with SAP Ariba_July2016
Beyond EDI - Unlocking new value with SAP Ariba_July2016
 
Ariba_Sourcing_sales_sheet_final_WEB_02Nov2015
Ariba_Sourcing_sales_sheet_final_WEB_02Nov2015Ariba_Sourcing_sales_sheet_final_WEB_02Nov2015
Ariba_Sourcing_sales_sheet_final_WEB_02Nov2015
 
Deloitte_Risk Sensing
Deloitte_Risk SensingDeloitte_Risk Sensing
Deloitte_Risk Sensing
 
Ariba® Spend Visibility - pinpoint where the money is going_Sept2015
Ariba® Spend Visibility - pinpoint where the money is going_Sept2015Ariba® Spend Visibility - pinpoint where the money is going_Sept2015
Ariba® Spend Visibility - pinpoint where the money is going_Sept2015
 
Ariba® Invoice and Dynamic Discounting - Pay early, save more_Sept2015
Ariba® Invoice and Dynamic Discounting - Pay early, save more_Sept2015Ariba® Invoice and Dynamic Discounting - Pay early, save more_Sept2015
Ariba® Invoice and Dynamic Discounting - Pay early, save more_Sept2015
 
SAPsAribaNetwork-Cloud-enabledBusinessCollaboration-1434069739-1434381998
SAPsAribaNetwork-Cloud-enabledBusinessCollaboration-1434069739-1434381998SAPsAribaNetwork-Cloud-enabledBusinessCollaboration-1434069739-1434381998
SAPsAribaNetwork-Cloud-enabledBusinessCollaboration-1434069739-1434381998
 
Ariba and SAP_The Hybrid Cloud Approach_2015
Ariba and SAP_The Hybrid Cloud Approach_2015Ariba and SAP_The Hybrid Cloud Approach_2015
Ariba and SAP_The Hybrid Cloud Approach_2015
 

Deloitte_POV_Beyond Risk

  • 1. Looking Beyond Risk Driving Performance Improvement Through Better Third-Party Risk Management Organizations today rise and fall according to the strength of their relationships with third-party partners and suppliers. Even a slight failure with a small but critical supplier can derail your operations significantly. What happens if your packaging supplier can’t meet your turnaround schedule for a new product release? Which partners—large or small—have access to which sets of your data, and what would happen if they experience a data breach? Which partners are really most critical to your operations—and how would your organization suffer if your relationship with them fails? Where are the areas of underperformance in the supply chain? These are the types of questions that lie at the heart of improved third-party risk management (TPRM). And savvy businesses today realize that understanding and managing third-party risk means more than tabulating how much you spend with a partner.
  • 2. Knowing the dangers: three types of disruptions Knowing what’s at stake—and how bad things can get—is a first step in improving your ability to manage risk. A failure in a third-party relationship can result in one of three types of disruptions. Chronic disruptions prevent business from getting done on time and within budget. On the surface, organizations often perceive these disruptions as “the cost of doing business.” They can take the form of out-of-stock situations, service-delivery failures, and release of poor-quality products—events resulting in lost sales and eroded sales margins. However, chronic disruptions may be leading indicators of what lies below the surface. They can signal the potential for disruptions that are even more severe, or they can reveal opportunities for improving supply-chain performance. Acute disruptions are more significant. They interfere with your strategic objectives, your ability to return value to shareholders, and the strength of your reputation. They can result in lost sales, increased debts, and a reduced ability to fund innovation. Though not catastrophic, they can profoundly affect your organization’s global performance. Catastrophic disruptions are high-severity events that typically have a low probability of occurring—making their risk potential easy for organization leaders to dismiss. But treating the risk lightly is a mistake. When third-party failures cause catastrophic disruptions, the threats extend to market share, brand, and the ability to meet liability obligations. Severe disruptions can threaten the overall survival of the organization. Realizing the needs: three essential perspectives Successful management of third-party risk can do more than reduce risk. It can drive performance improvements and cost savings. Managing third-party risk can help an organization create stronger relationships with suppliers— providing intelligence and lines of communication that can help avoid or minimize the impact of disruptions, as well as helping the organization discover new opportunities for revenue, product or process improvements, and savings. Better TPRM can be an avenue for creating value —and for protecting it. A comprehensive, integrated perspective is critical for managing third-party risk and creating value. TPRM involves more than procurement leaders and suppliers. Third-party risk extends to many corners of the organization—from IT and information-management activities to compliance functions. And there are myriad factors to consider, track, and analyze when it comes to potential third-party failures and the flow of goods and services—including geopolitical issues, environmental issues, and regulatory challenges. Each type of risk and each level of disruption is different, requiring a different set of tools. Preventing and managing chronic disruptions involves leveraging resources such as SAP technology as well as proprietary supply-chain analytics and valuation tools and techniques to detect trends and gauge costs. It’s an approach that ultimately can uncover otherwise unknown or asymptomatic issues that erode performance. Mitigating strategic disruptions involves assessing a distinct set of risk domains: reputation and strategic risk, contractual risk, financial/ transactional/credit risk, operational/geopolitical/ supply-chain risk, compliance and legal risk, information security, and business-continuity risk. And a TPRM program to mitigate catastrophic disruptions involves systematically identifying worst-case scenarios and comparing their financial impact to the organization’s risk appetite, to help drive risk-management decision making, business continuity planning, and insurance plans.
  • 3. Beginning the transformation: three essential questions Transforming the way your organization thinks about TPRM should begin with three vital questions that can help bring challenges into focus and help begin a conversation on potential solutions. • What does my existing risk-management function look like today compared to how it should look for the future? This question centers on understanding what it will take to get your organization to the next level of TPRM as a driver of performance improvements. • What risk thresholds will my organization accept, and what thresholds won’t we accept? Risks should come with rewards, but it’s critical to understand how much risk is too much—and to place risk levels in the context of expected rewards. • How can leaders deploy a TPRM program while demonstrating its value to the organization? Aligning a TPRM program with strategic corporate goals is essential to building a business case, and the work involves an approach in which third parties are overseen based on the impact they have on your organization. Risk reporting that gives decision- makers unbiased intelligence helps show the value of the program, too. Ultimately, the value of a TPRM program will hinge on your technology choices and your efficient use of other resources for understanding and managing risk. Moving forward: three keys to collaborating on TPRM Building a strong TPRM program requires strong relationships. At Deloitte, our client collaboration process relies on a highly focused set of skills for managing risk effectively and productively The right experience. With decades of business and technical experience designing strategies and operations to address risk-based challenges, Deloitte brings a deep set of knowledge and skills to the third-party realm. The right insights. Deloitte specializes in digging deep within organizations to build understanding of processes and deliver meaningful, actionable insights. And since our work spans a wide range of industries and business models, we also have a wealth of TPRM insights and answers at the ready. The right tools. As a services partner in the SAP Global Alliance, Deloitte has a profound understanding of the power of SAP offerings and how organizations can use them to manage third-party risk today. Our experience with tools such as SAP InfoNet —a cloud-based analytic application that provides insight into supply chains by sharing real-time supplier information and helping to identify upstream risks—allows us to accelerate solutions for clients, even those that aren’t using SAP ERP. Ryan Flynn Principal Deloitte Consulting LLP rpflynn@deloitte.com Jeffrey Simon Director Deloitte Touche LLP jefsimon@deloitte.com Michael Platz Senior Manager Deloitte Touche LLP mplatz@deloitte.com Eric Wieczorek Manager Deloitte Touche LLP ewieczorek@deloitte.com To learn more about how Deloitte can help transform your TPRM approach, improve performance, and deliver benefits that your organization can see in the bottom line, please contact us. Key contacts: This publication contains general information only and Deloitte is not, by means of this publication, rendering accounting, business, financial, investment, legal, tax, or other professional advice or services. This publication is not a substitute for such professional advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified professional advisor. Deloitte shall not be responsible for any loss sustained by any person who relies on this publication. As used in this document, “Deloitte” means Deloitte Consulting LLP, a subsidiary of Deloitte LLP. Please see www.deloitte.com/us/about for a detailed description of the legal structure of Deloitte LLP and its subsidiaries. Certain services may not be available to attest clients under the rules and regulations of public accounting. Copyright © 2015 Deloitte Development LLC. All rights reserved.