+ | - | reset

Third parties are critical to business today. But they can also bring big risks.


Given the sheer number of third parties on which companies rely and with whom they collaborate it’s important to evaluate and manage the related risks. Corporate boards can play an important role by ensuring management has established effective third-party risk management programs.

What Role Should the Board Play?

While the full board should understand management’s process for addressing this risk, it’s common to delegate regular oversight to a committee.

  • Boards with risk committees commonly task that group with oversight

  • Many other boards allocate risk oversight responsibilities in general to the audit committee

This might highlight the significant third parties that are integral to the company’s delivery of their business strategy. While the company will be responsible for establishing third-party diligence processes and monitoring risk, the board should understand what that entails. To do this effectively, the board needs to understand:

  • The risk landscape and get comfortable with the program and the processes
  • The challenges involved in managing third-party relationships
  • What an effective third-party risk management program might include

Boards can ask if internal audit should perform an annual review of the key controls associated with a third-party risk management program. Boards should also think about whether the company requested and/or received any additional assurance by external parties over controls and processes in place at the third parties.

The nature and depth of reporting from management to the board will look different from company to company. The goal is for boards to understand the third-party risk landscape for their companies and to get comfortable with the related programs and processes.

How Boards Can Stay Ahead of the Curve

Using third parties is a natural part of business. Third parties provide companies with many benefits, but they also bring risks. The sheer number of third-party relationships companies often have makes it difficult to oversee the risks involved. That’s why having an efficient and effective third-party risk management program—including oversight from the board—is critical.

The article was first published here.

Photo by janilson furtado on Unsplash.

Rate this article

5 / 5. 1

Is this article good for you?
tamanna rumee EVQ27AXRkVA unsplash scaled
1.0
9  Minutes

2023 EY Global Third-Party Risk Management Survey

07 December 2023

READ MORE
Share
jamie street 94HLr QXo8 unsplash scaled
5.0
14  Minutes

The Role of ESG and Purpose

17 November 2023

READ MORE
Share
janilson furtado AhAGyHoYqB0 unsplash scaled
5.0
2  Minutes

How Your Board Can Oversee Third-Party Risk

29 May 2023

READ MORE
Share
lahiru iddamalgoda Cx2eiOj K9o unsplash scaled
5.0
5  Minutes

How Do We Secure Net Zero in a Time of Turbulence? Here’s What Business Lead...

16 March 2023

READ MORE
Share
windmill 5591464 1920
1.0
7  Minutes

Four Ways Technology Can Contribute to Business Sustainability Plans

24 August 2022

READ MORE
Share
markus winkler 8 X2 qeTdlQ unsplash scaled
5.0
12  Minutes

The Board Imperative: Is Now the Time to Reframe Risk as Opportunity?

29 March 2022

READ MORE
Share

Survey

ICDM
Homepage