SAN FRANCISCO, July 11, 2019 /PRNewswire-PRWeb/ -- A global
benchmarking survey published today indicates that despite growing
third-party risk management maturity, many organizations are
struggling to keep pace with potential compliance, financial, and
reputation risks posed by suppliers, vendors, affiliates, and other
business relationships.
For the second year in a row, Aravo Solutions and the Center for
Financial Professionals (CeFPro) conducted this broad survey of
risk management professionals, the results of which were presented
to leading practitioners across the financial services industry at
two recent international events in New
York and London. The
report, Third Party Risk: Chasing Maturity in a Dynamic Landscape,
can be found at:
https://www.aravo.com/white_papers/third-party-risk-chasing-maturity-in-a-dynamic-landscape
Compared to the previous year, the survey indicated modest gains
in third-party risk management maturity. Fewer organizations
reported heavy reliance on spreadsheets and manual processes (50%
vs. 66% in 2018) and greater adoption of centralized, automated
solutions. Despite these advances, however, 75% of respondents had
experienced an incident associated with a third party in the past
12 months and a significant number feel ill-prepared to deal with
the pace of change, including cyber security threats and
identifying and managing fourth- and nth-party risk.
"The growing maturity and adoption of technology is helping
organizations decrease risk and uphold the ethical standards in
their third-party ecosystem," says Kimberley Allan, CMO at Aravo. "But the survey
suggests that as they begin to peel back the onion of third-party
risk and understand their ecosystems better, organizations are
uncovering additional dimensions and underlying threats associated
with third-party relationships. The third-party threats are very
real, as can be seen in the level of incidents organizations are
experiencing – and it's important that tone from the top,
resourcing, and investment support the advancement of third-party
risk management programs."
Andreas Simou, Director, Center
for Financial Professionals said, "Industry benchmarking data, such
as that captured in this survey, is essential to help a young
discipline better understand itself. We hope the findings of the
survey will help organizations further refine their roadmap to
maturity and support the many decisions teams will have to take
along that journey."
Key results from this year's survey include:
Third party failures a problem for most organizations
Of those respondents who had insight into incident reports, 75%
reported that their organization had had an incident associated
with a third party over the past 12 months. Of these, 13%
experienced an incident that caused significant business disruption
and/or significant reputational damage, and a further 29% had
experienced an incident that had the potential to cause significant
harm.
Risks threaten to out-pace maturity
Third-party risk management programs go through identifiable stages
that reflect the maturity of their framework, people, processes and
technology. The stages are in order from least to most advanced,
are: Ad-Hoc, Fragmented, Defined, Integrated and Agile. The study
found a modest uplift in self-reported maturity levels
year-over-year. However, whether the pace of program maturation can
keep pace with emerging threats and mitigate actual incidents is
still in question.
A young discipline – seeking to mature in a landscape of
change
The discipline is young – 80% of programs are six years old, or
younger. The length of time a third-party risk program has been in
place doesn't necessarily equate to program maturity, but it does
take time for a program to reach maturity. Generally, it took four
or more years for programs to achieve the more Integrated or Agile
states, in which they have a comprehensive governance structure and
the resources required to be successful.
Board oversight lacking in many programs
There is a lack of board oversight in many programs. Over a quarter
of respondents (27%) reported that third-party risk is not
considered a high priority by their board. When it comes to board
communication, most organizations (86%) report third-party risk to
the board quarterly or less frequently. Board engagement is
important – as this was a key driver for the level of maturity.
Organizations which had a high level of board oversight were much
more likely to have programs in the Agile and Integrated stages
(48%) than those with low oversight (13%).
Budgets static in spite of increased risk
Teams and budgets are growing slightly compared to last year, but
this growth may not be fast enough given the range of risks and
regulatory demands facing TPRM teams. Despite new regulatory
demands and challenges, more than half (53%) expect their budgets
to stay the same. Around a third of respondents did not feel that
they had the adequate resources for their programs to be
successful.
Cyber risk
Cyber risk is the most prominent board concern, reported nearly
twice as often as the second-highest concern: reputational risk. Of
respondents who identified a specific risk domain as the greatest
challenge for their third-party risk management program in the next
12 months, 64% cited cyber risk.
Opportunity for better alignment between the business and the
second line of defense
While the board is concerned with cybersecurity (35%), reputational
risk (18%) and operational risk (16%), respondents said TPRM teams
are driven by regulatory compliance (52%). Compliance risk is a
driver for just 12% of boards, suggesting there is an opportunity
to improve communication and align priorities.
Salary
The average salary across all job-levels this year, globally, was
$159,600, which is slightly higher
than last year's average of $155,106.
The average salary for each level of seniority were: Board
$450,000, C-Suite $275,000, SVP/VP/Director $207,929, Manager $107,525, Analyst $197,257.
To help organizations benchmark what stage of the third-party
risk management maturity they've achieved, Aravo offers a Maturity
Calculator, which generates a personalized report outlining next
steps for advancing maturity. This can be found at:
https://www.aravo.com/maturity-calculator
About the survey
The research for this second annual survey was conducted during
February and April 2019 and was
constructed by Aravo Solutions and distributed online by the Center
for Financial Professionals, an impartial and independent financial
research and event organizer. The survey had 234 responses from
third-party risk management professionals around the globe. Some
56% of responses were from US-based companies, with another 6%
based in Canada. The United Kingdom was the location for the
headquarters of 23%, while the rest of Europe was the home for 10% of organizations.
The remaining 5% of responses were from the Middle East, Africa, and Asia
Pacific. While a broad range of industries were represented,
the majority of responses for this survey were from the financial
services industry – about 75%. A total of 41% of respondents were
at the Senior Vice President (SVP), Vice President (VP), or
Director level within their organizations. Another 14% were either
from the C-suite or were sitting on the board of directors. Nearly
one-third of respondents were managers, while 10% were analysts
within the TPRM discipline.
About the Center for Financial Professionals (CeFPro)
The Center for Financial Professionals (CeFPro) is an international
research organization and the focal point for financial risk
professionals to advance through renowned thought-leadership,
unparalleled networking, industry solutions and lead generation.
CeFPro is driven by and dedicated to high quality and reliable
primary market research; helping us provide our audience with
invaluable peer-to-peer conferences such as our flagship Risk EMEA
and Risk Americas series. CeFPro also boasts knowledge sharing
platforms, such as: Risk Webinars, Research Reports, and Risk
Insights. Risk Insights are written by the industry for the
industry and now covers online articles, a quarterly Risk Insights
Magazine, and Risk Insights TV. Learn more at http://www.cefpro.com
and http://www.risk-insights.com
About Aravo
Aravo delivers the market's leading third-party risk and
performance management solutions.
For almost 20 years now, Aravo's combination of award-winning
technology and unrivaled domain expertise has helped the world's
most respected brands accelerate and optimize their third-party
management programs, delivering better business outcomes faster and
ensuring the agility to adapt as programs evolve.
With solutions built on technology designed for usability,
agility, and scale, even the most complex organizations can keep
pace with the high velocity of regulatory change. As a centralized
system of record for all data related to third-party risk, Aravo
helps organizations achieve a complete view of their third-party
ecosystem throughout the lifecycle of the relationship, from intake
through off-boarding and all stages in between and across all risk
domains.
Aravo is trusted by the world's leading brands, helping them
manage the risk and improve the performance of more than 4.5
million third parties, suppliers and vendors across the globe.
Find out more at: https://www.aravo.com.
SOURCE Aravo Solutions