IT Insights: Managing Third Party Technology Risk

From full outsourcing of complex functions, like data processing or component manufacturing, to small contracts with local service providers and suppliers, companies of all shapes and sizes are interacting with third parties on a regular basis. In fact, more than 65 percent of organizations “rely heavily” on third parties, yet most allocate less than 20 percent of their internal resources for assessing third-party risk, according to a recent study by the Institute of Internal Auditors (IIA).

The savings and operational efficiencies of using third parties are often readily apparent. But relying on them also means expanding your potential risks. Understanding and addressing these risks as part of a broader risk management approach is essential in order to minimize exposure to financial losses, regulatory noncompliance and reputational damage.

Weaver’s IT Insights document Managing Third Party Technology Risk addresses the four areas of a business that can be negatively affected by a third-party risk:

• Financial
• Operations
• Reputation and Integrity
• Technology and Information

From the retail industry to technology to oil and gas; from small contractors with network access to global marketing providers in charge of your corporate messaging; the reality is clear: you can shift tasks and functions to a third party, but you can never outsource your risk.

For a discussion specific to your organization, please contact Brian Thomas, Weaver partner in IT advisory services.