Comments on KPMG survey about third party risk management
Nov 11th, 2020
We just read KPMG’s Third Party Risk Management outlook 2020 and today we will pitch in comments on KPMG survey on third party risk management .

Risk integration
We discuss what its conclusions mean in terms of practical risk assessment and Enterprise Risk Management (ERM). At Riskope we started integrating third parties risks in ERMs and risk assessments twenty years ago. We note that in the grand scheme of things third party may also mean neighbors. Of course, defining the limits of the system to be assessed is as important as its description.
Indeed, ERMs need to be convergent, i.e. bring in 360-view of the system hazards including suppliers, subcontractors and other third parties. This brings us to always propose a multi-dimensional view of consequences which includes reputation and crisis potential. We also stress the need to review contractual Force Majeure clauses due to the very dynamic world we live in.
So, we were delighted to read in the KPMG report that a vast majority of the interviewed stated that business’ reputation directly links to performance. This mean that ERM must integrate the reputational dimension. Additionally, it shows that our efforts go in a direction the markets are starting to recognize. Allow us to state again, reputation is a dimension of the consequences additive function, not a standalone item.
Consistency consistency consistency!
The KPMG report calls for consistency across the enterprise. This means again that the the ERM must be convergent in order to bypass the existing information silos. Indeed, once again it, is also in our experience that companies oftentimes mitigate their risks and prioritize them using siloed approaches. Those lead to money squandering. Examples of this can be cyber security or supply chain . Tools exist and we have been using them for long time (see Chapter 8).
If companies address the previous points, then the claim that “half of businesses (50%) do not have sufficient capabilities in-house to manage all the risks they face” melts away. That claim drops as it is a result, and not a cause, of a poorly structured ERM approach and implementation.
Comments on KPMG survey about third party risk management
Indeed firms can achieve both efficiency and effectiveness in their tactical and strategic planning. The key is to use risk informed decision making or, as KPMG calls it, taking a risk-based approach. And in terms of practical risk assessment we can do this by prioritizing risks from the highest intolerable risks.
Tagged with: Enterprise Risk Management, ERM, Force Majeure, KPMG, reputational damages, Risk Assessment, third party risk management
Category: Consequences, Hazard, Probabilities, Risk analysis, Risk management, Uncategorized
Leave a Reply