Third party risk management

Evaluate and align

As third party risk leaders mature their programs, are they truly effective and sustainable while meeting all stakeholder needs?

Third party services are not created equally and they generate different risks. Knowing where to focus your skills and resources will better focus your spend on the most impactful areas. An effective program mitigates risk for clients and provides valuable information to better manage risk and performance across those relationships for the business.

How can we help you?

Our advisory teams tackle challenges alongside you, designing fresh solutions with a balance of scale, skill and service you’ll only find here.

Business continuity risk

When a third party cannot continuously maintain its services due to business disruption, the results can include the disruption of critical... Show more processes, potential impact on client services, and/or loss of revenue.

Concentration risk

This risk occurs when a client becomes reliant on a single third party to provide multiple critical services or provide multiple products.

Contract compliance risk

Poor quality in product or service delivery may occur when third party personnel, products, services, or systems are not consistent with the... Show more client’s agreed service levels, price points, applicable laws, regulations, policies, and procedures and/or ethical standards. Reputational damage also may occur.

Data privacy risk

This risk occurs when a third party has insufficient experience or controls to protect the client’s and its customer's information from unauthorized... Show more access, disclosure, modification or destruction. This can result in a breach or loss of confidential client or company data, reputational damage, and/or potential loss of customers.

Financial viability risk

When a critical third party is not financially secure to provide client services at acceptable levels, it may lead to a disruption of critical processes... Show more, potential impact to client services, and/or loss of revenue.

Geopolitical risk

Third party products or services may be affected by political changes or instability in a country. This may cause service or product disruption to the third... Show more party, ultimately leading to disruption of critical processes and/or loss of customers and revenue.

Legal/regulatory

These risks can manifest themselves when a third party does not have an adequate risk program to ensure it remains compliant with laws and regulations, or... Show more when a third party does not possess the expertise or adequate controls to meet regulatory guidelines. This can result in enforcement actions being taken (business restriction/fines) and lawsuits.

Physical security risk

A third party that lacks the proper security to prevent unauthorized access to its facilities, equipment or resources presents a heightened risk of a... Show more breach or loss of confidential client or company data and/or reputational damage.

Cybersecurity risk

When a third party does not maintain a strong cybersecurity control environment, the result may be operational, compliance and reputational impacts.

Subcontractor (nth party) risk

An nth party contracted by the third party to service the client poses an additional risk for meeting its contractual requirements. This can cause disruption... Show more of critical processes and a breach or loss of confidential client or company data.

Request a meeting -->

Our solutions and tools

Program design & strategy

Governance and organizational design; risk assessment, scoring, third party identification and segmentation; program operating models, policy, and process design.