• News
  • Columns
  • Interviews
  • BW Communities
  • Events
  • BW TV
  • Subscribe to Print
  • Editorial Calendar 19-20
BW Businessworld

Indian Enterprises Ill Equipped To Deal The Third Party Risk

Over 70% of Indian organizations do not have adequate knowledge or appropriate visibility into third-party outsourced relationships

Photo Credit :


Domain specific risk management won't stop IT threats anymore

No company can function as an island and as our ecosystem broadens it typically deals with many entities like customers, partners, affiliates and others.  When organized together these entities form what we term as the "extended enterprise" which is closer to the core of business than ever before. Organizations that step up to the challenge of developing programs to better manage this risk can elevate their position in the market by unleashing with confidence the reach, expertise and relationships that third parties can bring.

Third-party risk management has to become a top-of-mind priority for organizations. In this respect, our recent (third) annual EERM (Extended Enterprise Risk Management) survey, based on 975 responses from a variety of organizations across 15 countries of  Asia Pacific, Americas, Europe, Middle East and Africa region, has highlighted some interesting findings. 70% of organizations in India recognize an increase in risk but remain ill-equipped to deal with it because of inadequate or absolutely no knowledge of sub-contractors engaged by their third parties. In fact, 14% of the respondents in the survey stated that third party-outsourced relationships are not identified, monitored or reviewed at all.

Companies today have to rely on relationships that are a multiple and third parties in nature, and typically outsourced. These are like outliers on the risk periphery - even for organizations that place a strong focus on risk. Our survey report highlights the below key areas where organizations could benefit from the further effort:

"    Controlling heightened risk: Dependence on third parties continues to grow, with over 70 per cent of Indian respondents stating that their dependence on extended enterprise has grown owing to business and macroeconomic conditions. Impact of external events (42 per cent) and the increasing threat of their party-related incidents and disruptions were the two most dominant factors contributing to the perception of heightened risk in the extended enterprise.

"    Enhanced board engagement: Board oversight and engagement with EERM programs continues to lag. At a global level, 78 per cent of organizations suggests that the Chief Executive Officer (CEO), CFO, Chief Procurement Officer (CPO), CRO, or a member of the Board is ultimately accountable for this topic. In India, this decision rests with the Chief procurement or the Risk Officer. Boards in India are making relatively slow progress on this matter whereby 57 per cent of the respondents suggested that their boards merely have a moderate level of understanding and engagement on this subject.

"    Technology platforms: In keeping with the trend of increased centralized oversight of EERM activities, technology decisions are now being taken more centrally and standard tiered technology architecture is emerging. Less than ten per cent of our global respondents in our survey are currently using bespoke systems for EERM, a sharp drop from just over 20 per cent last year.

"    Sub-contractor risk: Organizations lack appropriate visibility of sub-contractors engaged by their third-parties as well as the discipline and rigour to frequently monitor such fourth/fifth parties. 57 per cent of survey respondents feel they do not have adequate knowledge and appropriate visibility of sub-contractors engaged by their third-parties and a further 21 per cent are unsure of their oversight practices.

Disclaimer: The views expressed in the article above are those of the authors' and do not necessarily represent or reflect the views of this publishing house. Unless otherwise noted, the author is writing in his/her personal capacity. They are not intended and should not be thought to represent official ideas, attitudes, or policies of any agency or institution.

Tags assigned to this article:
risk management

Sachin Paranjape

The author is Partner, Deloitte India

More From The Author >>