Boston–Senior finance, IT, and line-of-business executives at U.S. companies report that third parties are increasingly becoming another extension of their business and brand, according to the new study Working Well Together: Managing Third-Party Risk in a More Integrated World by CFO Research Services, sponsored by Crowe Horwath LLP. The full report on this study is available for download at www.cfo.com/research.
The majority of respondents to the CFO Research survey (61%) say that they regularly work with third parties, and another 34% work with them as needed. Most respondents expect no decline at all in their companies’ use of third parties. In fact, more than one-third of respondents anticipate that their companies will be relying even more heavily on third-party partners over the next year, with 40% expecting to use domestic third parties more and 37% saying they expect their usage of third parties will increase internationally.
Virtually all respondents (97%) consider at least one aspect of their third-party risk management process in need of improvement. Fewer than half of respondents say that their companies have well-defined, formal processes for assessing many aspects of third-party risk. “Now more than ever, companies understand the importance of managing the risks to their businesses posed by a greater reliance on third parties,” said David Owens, Director of Research at CFO Research. “Executives recognize that the lack of formal or standardized processes can undercut their efforts at managing these risks.”
When queried about changes most needed at their companies, the largest number of respondents (38%) say that improving visibility into the full range of risk exposures with third-party relationships is one of their top three priorities. Following closely behind is the need to define responsibility for third-party risk more clearly, selected by 32% of respondents.
Respondents indicate that they have less visibility into their third parties’ own risk-related factors, such as a third party?s reliance on other companies, its ability to recover from failures, or its use of background checks for third-party personnel. More than half of respondents report that they have some degree of difficulty collecting risk-related information on a third party or monitoring third parties’ risk management practices.
And companies are feeling the effects of this lack of visibility. Three-quarters of executives in the survey report that their own companies have experienced some type of harm from a third party they used. As a result, companies surveyed say they want to improve at: gaining visibility into the full range of third-party risks, more clearly defining responsibilities for managing risk, and improving tools and technology to support these activities.
This study is based on 287 electronic survey responses from senior finance, IT, and line-of-business executives working in the U.S. All survey respondents work for companies with more than $100 million in annual revenue, in a wide range of industries.
Key findings from the study:
-For many companies, third parties are increasingly becoming an extension of their business and brand. The most common types of third-party relationships involve vendors, whether for technology (71%) or business services (70%). But 40% report using some third parties as “strategic partners” and 35% work with them as “marketing/sales/distribution-channel partners.”
-The drive to minimize costs is fueling reliance on external partners. About half of respondents (51%) chose reducing costs as one of the top two reasons for their company to use third parties. But a number of companies are also looking to third parties to provide core service capabilities, experience or expertise (36%), or to add capacity for expanding their business (24%).
-Now more than ever, companies recognize the importance of managing the risks to their business posed by a greater reliance on third parties. Among respondents, at least 80% say they consider such basic factors as quality, price, reliability and financial viability when assessing potential partners. Nearly three-quarters (72%) say they routinely consider security of information and information systems as a factor when selecting or renewing a third-party relationship.
-Most respondents have experience with third parties not meeting expected quality or performance levels, or failing to comply with contract terms. But some respondents indicate that their companies were harmed when a third party had financial problems or simply went out of business, while others cite data security issues.
-How companies manage third parties varies, even within a single industry. About half of respondents (46%) say their company uses centralized risk-management models (enterprise-wide risk management, corporate leadership, or procurement have primary responsibility) while a similar number (45%) say their company employs a decentralized model (risk management embedded within business units, business unit or functional leadership, or individual managers have primary responsibility). Regardless of which function has formal responsibility, however, many executives agree on the need to keep business units heavily involved with and accountable for third-party risk management.
About CFO Research Services
CFO Research Services is the sponsored research group of CFO Publishing LLC, which produces CFO magazine, CFO.com, and CFO Conferences. For more than 25 years, CFO Publishing has been a trusted source of insight into the issues that matter most to finance professionals.
CFO Publishing LLC, a portfolio company of Seguin Partners, is the leading business-to-business media brand focused on the information needs of senior finance executives. The business consists of CFO magazine, CFO.com, CFO Research Services, CFO Learning, and CFO Conferences. CFO Publishing’s award-winning editorial content and loyal, influential audience make it a valued resource for its readers as well as an effective marketing partner for a wide range of companies. CFO Publishing has long-standing relationships with more than 500,000 finance executives. For more information, please visit www.cfo.com.
About Crowe Horwath:
Crowe Horwath LLP (www.crowehorwath.com) is one of the largest public accounting and consulting firms in the United States. Under its core purpose of “Building Value with Values,” Crowe assists public and private company clients in reaching their goals through audit, tax, advisory, risk and performance services. With offices coast to coast and 2,500 personnel, Crowe is recognized by many organizations as one of the country’s best places to work. Crowe serves clients worldwide as an independent member of Crowe Horwath International, one of the largest networks in the world. The network consists of 150 independent accounting and management consulting firms with offices in more than 580 cities around the world.
CFO Publishing LLC