01 Jul Third Party Risk
More than ever, most companies’ fortunes are dependent on third parties. A myriad of suppliers make the wheels turn and often provide many of the inputs. Organisations typically have little influence over the way these suppliers behave, other than as a buyer who can make some noise. Moving your business elsewhere is in theory an option, but one that is usually costly to exercise and may even not be feasible. A lot depends on trust, experience, goodwill, legal obligations and possible recourse. How many boards have a clear view of third-party risk and how it is being managed in its many different forms?
Despite the omnipresence of third party risk, we rarely see these risks raised in our board review discussions, meeting observations and paper reviews. Maybe there is a general reference to suppliers as stakeholders but typically little more. So is there a sound basis for confidence in the way the risks are managed? Or is this misplaced? Here are a few thoughts on what a board should be doing, and what might be missed.