OUTSOURCING

As the complexity of third-party risk grows , so too does the role of AI and automation . The days of relying on spreadsheets and homegrown databases are long gone .

Ed ’ s thoughts on this topic are unequivocal : “ AI and automation are critical as third-party risk becomes increasingly complex . Significant work is required for initial risk assessments , pre-contract due diligence , postcontract monitoring , SLA reviews and offboarding .”

For Ed , this is no longer a manual task ; it ’ s a data problem . Effective TPRM requires a unified system of record , one that centralises information such as profiles , assessments , policies and findings into a single platform .

For instance , he explains that onboarding 200 third parties with 100-question assessments generates 40,000 data points annually , a number which doubles each year as monitoring data accumulates . A central data core can integrate external cybersecurity ratings , ERP systems , contract lifecycle management tools and risk platforms . This consolidated data streamlines the process and simplifies TPRM . Assessment exchanges also play a key role , enabling third parties to complete one standardised questionnaire that can be shared with multiple customers , supporting the “ assess once , share many ” model . These modern tools are transforming TPRM , ensuring that risk management processes remain scalable , efficient and effective .

proportion of organisations prioritising TPRM

It doesn ’ t stop at AI ; cloud arrangements are an increasingly important focus in TPRM . With a significant proportion of TPRM budgets dedicated to cyber risk – much of which is tied to cloud vulnerabilities – organisations must evaluate cloud materiality , risks and resilience with greater precision . Exit strategies and contingency planning

132 January 2025