3 Key Elements to Effective Third-Party Risk Management

Brian Shaw
Brian Shaw
Third-Party Risk Management and Compliance, Coupa Software

Brian Shaw oversees Coupa’s Third-Party Risk Management and Compliance practice, ensuring customer success, focusing on results and striving for excellence through value as a service. He was formerly Director, Financial Services Sales for Opus Global (Hiperos and Alacra), which Coupa acquired in 2018.

Read time: 6 mins
3 Key Elements to Effective Third-Party Risk Management

Third-party risk management has been a complex challenge for companies of all sizes within many industries for years. The COVID-19 pandemic has created even more pressure and increased urgency on managing third party and supply chain disruptions, and forced a paradigm shift from “just in time” procurement and inventory management optimization strategies to “just in case” approaches.

In my recent post, EERM Survey: Businesses Unprepared To Manage Third-party Risk During COVID-19, I shared key findings from Deloitte’s 2020 Extended Enterprise Risk Management Third Party Risk Management Global Survey. The survey results indicate that while organizations were faced with challenges to vendor risk management before COVID-19, the pandemic has escalated awareness and understanding of how critical the impacts of strategic third-party failures can be, and just how quickly damage from unexpected events can occur.

Access Now: Integrated Risk Management: A Playbook For Procurement

To help you mitigate risk during the COVID-19 pandemic and beyond, here are three keys to improving your supplier risk management capabilities and implementing strategic sourcing best practices:

1.  Focus on data – the first key to effective third-party risk management
Do you know when one of your suppliers has sole supply, low inventory levels, or a kink in their distribution network? Do you know which ones had data breaches and have access to your, or your clients’, data? It’s critical for supply chain resiliency to have such visibility into the risks in your supply chain and third-party relationships to have the ability to respond effectively to fast-changing events.

Today, any company without comprehensive data on their suppliers and what they do for the firm is at risk. More responsive organizations understand what data is already available internally to identify areas of potential risk. Additionally, they use external data sources and information from the third party to fill in the gaps in internal information, including relevant data like supplier delivery locations, financial health, and customer reviews.

2.  Obtain real-time information and monitoring of third-party risk
Now, more than ever, risk and compliance demand the agility to respond quickly to unforeseen circumstances. This requires the ability for business leaders to access real-time dashboards and receive automated alerts related to the full spectrum of third-party risks. The best practices of industry leaders is to take a more proactive, less reactive approach. 

Multiple stakeholders in an organization need to react quickly and effectively to identify, manage, and document which third parties are in scope for which new risk and compliance concerns, and how the organization is addressing them. Risk is constantly changing. Ongoing updates to risk and compliance management processes are required to keep pace with ever-evolving legal, audit, and regulatory risk concerns – including zero day threats and surprises like global pandemics.

Watch Now: Driving Effective Third-Party Risk Management and Compliance with Coupa

3.  Ensure your Business Spend Management tools are user friendly
When you have access to both internal and external data about your suppliers, including real-time information, you still need a modern Business Spend Management (BSM) technology platform with integrated applications to capture that data’s value. When evaluating your options, the first thing to consider is a platform’s capabilities and resiliency. A close second – and just as critical – is to evaluate any new platform and applications on their usability for your business users. Are the tools easy to use? Are they intuitive? Are they powerful? Do they operate in a silo or integrate into all of the systems your business uses to interact with suppliers?

Without a vendor management software platform and integrated applications that offer simple, powerful – Amazon-like, easy-to-use – interfaces (similar to what you’d expect in a consumer online shopping application), it’s all for naught. User adoption for new supplier management processes is essential to success for these initiatives, so easiest-to-adopt applications are a must. If the new tools are difficult, time consuming, or burdensome, participation will be low, people will revert to past processes and rogue behavior, and your visibility into data will decrease while exposure to the firm and risk will increase.

Download Now: Insights For Effective Third-Party Risk Management

Manage third-party risk with Coupa’s BSM platform
The global pandemic has demonstrated the criticality of having full visibility and control into the risks and weaknesses associated with a company's portfolio of suppliers. This calls for integrated, full-featured spend management technology, like Coupa’s industry-leading Business Spend Management (BSM) Platform. Organizations that are more proactive in their response and take advantage of new integrated technology platforms can develop the capabilities that will set them apart from the competition. Such capabilities can ensure better outcomes for the workforce, optimize mid-crisis financial outcomes, and make organizations more resilient and prepared to tackle future crises.

With Coupa Supplier Management and Coupa Risk Management, you can continually monitor supplier risk and optimize your supply base with AI-powered risk scores drawn from third-party data and supplier interactions from across the Coupa community, including prescriptive actions to drive real-time supply chain risk management.

With the right data, visibility, and control mechanisms in place – an integrated holistic third-party risk management framework connected to business spend – a company gains access to real-time knowledge of what is happening on the ground and enables rapid corrective actions. For a deep dive on the subject, see Coupa's eBook: Insights For Effective Third-Party Risk Management.


Brian Shaw oversees Coupa’s Third-Party Risk Management and Compliance practice, ensuring customer success, focusing on results and striving for excellence through value as a service. He was formerly Director, Financial Services Sales for Opus Global (Hiperos and Alacra), which Coupa acquired in 2018.