Managing Third Parties: Improving Business Resilience
The COVID-19 pandemic has impacted almost every business – no matter the size, location, or industry – around the globe in never before seen ways.
According to a survey conducted by the Institute for Supply Management, in early May, more than 97% of the companies involved believed their organization has been or will be impacted by COVID-19 disruption. Survey results also note that 76% of respondents report reduced revenue targets of 23 percent on average, with 61% reporting a 35 percent reduction.
The health crisis has clearly uncovered supply chain vulnerabilities and drastically shifted the way the businesses operate. As a result, businesses are working to adapt, solidify their supply chains, and improve their business resilience and continuity.
The below are steps your business can take to identify and resolve any business resilience issues before they happen.
- Conduct business impact assessments (BIAs) on vendors before onboarding. Execute and distribute BIAs to understand the effect a compromised vendor would have on your organization.
- Distribute short questionnaires in the wake of an unexpected occurrence (g., health crisis, natural disaster, geopolitical conflict). Many businesses do this to better understand how their vendor is responding to the occurrence, the impacts they are experiencing or anticipate experiencing, and their plans to sustain ‘business as usual’ operations.
- Ensure business resilience stipulations are included in the vendor contract: Each critical vendor contract should include a list of business resilience requirements that can be referenced if needed in a time of crisis.
- Determine concentration risks: Does a single business partner represent a significant share of your third-party risk? Alternatively, consider if this partner will impact your business across risk domains, including IT and operational risk. The evaluated risk may be within your department’s risk tolerance but could pose a larger risk to the business from an enterprise-level.
- Reporting on business resilience: Store and organize third party data in a searchable format. Often details such as expiration dates and service requirements are left in static pdf formats, requiring manual review. Extract key terms from contracts, making them yes/no, and pull a report based on these answers to understand a vendor’s business resilience.
The reality is that not all vendors prioritize or have the bandwidth for adequate business resilience planning. You’ll need to come to terms with the fact that the vendor your leaning towards may not be suitable to work with from a resilience standpoint. If that’s the case, make sure you have an exhaustive list of vendors that can also evaluate.
As you think about business resilience and vendor risk provider, consider Vendorpedia. The Vendorpedia™ Third-Party Risk Exchange offers intelligence and automation to solve these challenges and provide value throughout the vendor relationship, from faster onboarding, real-time monitoring, and unprecedented vendor resilience visibility.
Want to try it out? We’re offering an extended free trial that includes access to 10 free and completed vendor risk assessments.