A new study by Gartner has suggested that the standard point-in-time approach to risk management is no longer effective – which may be due to the fast-paced, rapidly changing business relationships nowadays, Computer Weekly reports.
The study, which surveyed more than 250 legal and compliance leaders, indicated that 83% of organizations that engage with third parties to provide business services found third-party risks after conducting due diligence.
Factors that contributed to the shift in the nature of third-party risks may have been third parties providing new-in-kind tech services for the majority of the organizations surveyed, providing services outside the company’s core business model, working with an increasing number of their own third parties, and having more access to an organization’s data.
Increasing variability in the maturity of organizations’ third-party networks could also be a factor.
According to Gartner, an iterative approach to risk management helps legal and compliance leaders improve both business and risk outcomes in terms of engagement speed and identifying third-party risks before their impact materializes.
Chris Audet, research director for Gartner’s legal and compliance practice, said that modern risk management should account for ongoing changes in third-party relationships and mitigate risks in an “iterative way” or on a continual basis rather than at specified intervals.
“An iterative approach will enable legal and compliance leaders to manage their changing and expanding third-party networks, while also satisfying business demands for quicker onboarding,” Audet told Computer Weekly.
“To effectively mitigate third-party risks, compliance leaders must streamline their current due diligence processes to focus on critical risks to eliminate burdensome duplicative process and focus attention on the risks that have the biggest impact on the organization.”