Global leaders view geopolitical challenges (61%), inflationary trends (46%) and concerns about their ability to meet increased environmental, social, and governance (ESG) expectations (40%) as the top risks impacting their third-party relationships, according to Deloitte 2023 Global Third-Party Risk Management Survey, conducted in 40 countries, including Romania. The study also highlights the actions to address current third-party risk management challenges, with organizations prioritizing the refreshment of the overall methodology, policies and standards used (63%), followed by the need to strengthen the role of executive leadership in managing and governing third-party relationships (48%) and improving skills and talent (47%). Besides the elevation of these three priorities, technology and data are also at the top, as 45% of respondents said that continued investment in these areas is still needed.

In terms of improving focus on sustainability matters, more than half (56%) of respondents believe their organizational culture has become much more supportive in understanding and managing ESG risks and opportunities in their third-party ecosystem, with greater adoption of quantitative scoring and assessments amid data quality concerns. However, companies will likely need to advance data tracking in their third-party relationships, as one-third of respondents (31%) say internally or externally generated data on ESG topics is low or very low quality. 

The study also shows that, in order to enhance trust in supply chain partners and other third parties, organizations focus investments on specific risk domains. Digital risks have been perceived to be most critical in ensuring capability and reliability of third parties, as nearly two-thirds of respondents (62%) ranked cyber and information security as the top third-party risk domain.

“The organizations‘ needs and maturity can dictate the mix of measures that they need to take in order to tackle the most pressing risks of their supply chain. For instance, from a security point of view, the journey to a resilient supply chain requires a structured approach that begins with an evaluation of the digital maturity of business partners. The natural next step is to establish a transformation roadmap which will allow the implementation of cybersecurity controls over the entire third-party life cycle,” said Andrei Ionescu, Risk Advisory Partner-in-Charge, Deloitte Romania.

Technology adoption can also maximize the value of third-party relationships, offering organizations the possibility to conduct a more effective segmentation and monitoring of their collaborators. The study highlights that only half of respondents formally segment their third-party population based on risk. Further, the survey reveals a gap where further progress needs to be made, as six out of ten organizations (62%) use digital monitoring techniques, but only for a quarter (25%) of their providers. Still, just over half (51%) believe the overall volume of third-party audit activity will increase as new technologies expand.

“Among other things, companies should leverage emerging technologies when looking to reduce risk, enhance trust and maximize relationship with their third-party partners. Nevertheless, technology itself can present risks in areas such as cyber and others, one of these being the use of technologies by competitors in order to disrupt business models,” said Clarisa Bulai, Risk Advisory Director, Deloitte Romania.

Deloitte 2023 Global Third-Party Risk Management Survey gathers insights from over 1,300 leaders around the world.

Deloitte provides industry-leading audit and assurance, tax and legal, consulting, financial advisory, and risk advisory services to nearly 90% of the Fortune Global 500® and thousands of private companies. The firm’s professionals deliver measurable and lasting results that help reinforce public trust in capital markets, enable clients to transform and thrive, and lead the way toward a stronger economy, a more equitable society and a sustainable world. Building on its 175-plus year history, Deloitte spans more than 150 countries and territories. Its objective is to make an impact that matters through its 457,000 people worldwide.

Deloitte Romania is one of the leading professional services organizations in the country providing, in cooperation with Reff & Associates | Deloitte Legal, services in audit, tax, legal, consulting, financial advisory, risk advisory, business processes as well as technology services and other related services, through over 3,400 professionals.

Please see www.deloitte.com/ro/about to learn more about the global network of member firms.

© 2023. For information, contact Deloitte Romania