62% of businesses do not strongly believe their risk monitoring program is meeting contractual and regulatory requirements, but technology could hold the answer

Almost 80% of businesses view technology as very or extremely important in risk management programs.

However, there appears to be a disconnect between perception and action as 57% report that they do not currently use AI in their risk assessment.

chain pull

This is according to Supply Wisdom’s “Risk Management in a Technology-Driven World” survey, which was conducted to gauge attitudes toward risk management at companies of varying sizes and locations.

The survey looks at how companies are tackling risk assessment within their vendor and supplier populations, the types of risks they are prioritising, and their use of technology and artificial intelligence (AI) to monitor risk.

Other key findings include:

  • The top risk types monitored for are Financial Risk (65%), Operations Risk (64%), Compliance Risk (51%) and Cyber Risk (51%).
  • Less than 15% of procurement and supplier management professionals report using continuous monitoring tools to assess suppliers, highlighting an underutilisation of technology in risk assessment.
  • 62% of businesses do not strongly believe their risk monitoring program is meeting contractual and regulatory requirements.
  • North American companies use fewer third party & Nth party vendors than European companies. 47% of European companies reported vendors in as many as 49 countries, compared to 22% of NA companies who said the same.

What does it mean for businesses and their risk managers

With rising geopolitical, economic, and environmental uncertainties, outsourcing certain functions can save organisations time and money, and potentially unlock new revenues.

However, with these benefits also come potential risks within their supply chains and vendor relationships.

This is why vendor, supplier, and contractor assessments are key to a successful third-party risk management strategy.

Tom Thimot, CEO of Supply Wisdom said: “Concerningly, our survey found that most participants do not have a clear understanding of the make-up of their supplier, vendor, and contractor populations—or the risk levels that may exist within those groups.”

Jenna Wells, chief customer & product officer at Supply Wisdom added: “Executive teams, acutely aware of the cost savings and potential new revenues afforded by outsourcing certain functions, may move too quickly to onboard new vendors to accelerate the benefits of outsourcing, opening their business to potential risks.”

Potential dangers inherent in third-party vendor relationships

Companies routinely engage with numerous third parties, such as vendors, suppliers, contractors, and service providers – for good reasons.

These relationships enhance operational efficiency and therefore can save companies valuable time and money.

But they also expose organisations to various risks such as data breaches, compliance and regulatory issues, financial instability, reputational damage, and more.

One of the major challenges that often gets overlooked, is that these risks are continuously changing. It’s not enough to just look at the risk present at the start of a vendor relationship.

Weather-related disruptions, cybersecurity hacks, or political instability, to name a few, are difficult to prepare for, are constantly changing, and can arise suddenly.

How to tackle the threats

To proactively manage the challenges of contractual requirements, regulatory complexities, and the inevitable business disruptions, companies must have a full view of their supplier population.

Adequately managing risks means knowing not just who these suppliers are, but also their criticality to the organisation and their specific location.

Wells said: “The value of the strategic insight provided by continuous monitoring cannot be understated, so leveraging automation to enhance detective controls across the broad landscape of risk types must be considered.”

Having relevant, up to date data that disruption patterns can be derived from is important, because that’s what will help organisations understand the risks they might be vulnerable and implement strategies to mitigate any impacts.

Traditional risk management often involves manual processes, which in turn leads to financial and reputational losses due to inefficiencies, limited scalability, and inaccuracies.

John Bree, chief evangelist & advisory board co-chair at Supply Wisdom said: “Risk teams across the industry [are] being either overworked, or even laid off as we saw with Lloyd’s Bank earlier this year, posing a serious issue for companies.

“This increases the possibility of rushing to onboard potentially “bad vendors” as well as missing critical negative signals with existing vendors. And in today’s complex market environment, this is a risk that organisations can’t afford.

“Technologies like AI and ML can analyse comprehensive databases and provide risk teams with instant access to risk awareness, risk predictions, negative event forecasting, and more. This… empowers risk functions by providing them with the support and data insights they need to protect the overall business.”