How to Respond to the Evolving Nature of Enterprise Risk

Share:

Businesses are more reliant than ever on third-party relationships to achieve their goals. In fact, the third-party supplier ecosystem for most enterprises regardless of industry is only getting more complex. Companies need third-party vendors, but – in doing so – they expose themselves to a great deal of risk.

The rapid adoption of digitization and software-as-a-service technologies allows companies to move quickly, adapt to the market, and – on the most basic level – compete. But the nature of these technologies is that they require the exchange of data between the business and the third-party providers. The pressure from consumers and businesses for better protection of their personal and confidential information is growing. Every data breach in the news – and every new regulation (i.e., GDPR, CCPA, NYDFS, OCC, PCI, HIPPA) with a potentially hefty fine – raises the urgency.

For some time, enterprises have simply monitored their supplier landscape and conducted periodic, point-in-time risk assessments, which has been more or less effective for simpler ecosystems. Today, this is no longer enough. Fragmentation of third-party risk management programs is insufficient in giving companies a holistic view of their provider relationships and threats to supply-chain integrity.

In many enterprises, multiple risk-domain support groups are running independent, parallel provider-risk management efforts. Companies often lack a centralized repository for contextual relationship information – including everything from contract terms and conditions to contract deliverables, contract metadata, subcontractor information and service delivery location information – contributing to inefficiencies and ineffectiveness. On top of that, there is typically inconsistent use of technology to provide continuous information to stakeholders regarding third-party-related threats and a lack of adequate third-party risk management resources to manage the growing demands associated with expanded organizational and regulatory requirements.

Enterprises today must proactively monitor their entire landscape, including both operational performance and financial viability of their suppliers and a range of other internal and external risks, including data security, regulatory issues, adverse environmental, health and geopolitical events, and social responsibility, diversity and inclusion considerations.

Monitoring suppliers in real-time can bring important insights and spur preemptive action. For example, an enterprise that is testing a software-as-a-service (SaaS) application to incorporate into a consumer-facing service should monitor the financial viability of the SaaS provider. If the provider has over-extended its financial position, it would bring significant risk to the longevity of the SaaS application. In another example, public enterprises in Australia and Europe must monitor their supply chain to comply with new regulations regarding modern slavery. “Was not aware” is no longer a viable response and the companies are being held financially culpable for any infractions. This means they must monitor adverse news on all their suppliers to reduce the risk of financial penalties and maintain their own social responsibility.

CIOs and CSOs can lose sleep over the many red flags that are missed in the deluge of data that is generated every day. They need a more effective way to automate and manage their ever-growing portfolio of software and services contracts and understand potential risks to their supply chain, which have been amplified by the COVID-19 pandemic. They need the right information sent to the right team with a clear record of accountability and follow-through. But many companies are struggling to augment “point in time” supplier risk management methods with external monitoring services that provide continuous market intelligence. Only this can help them mitigate risk and prove to regulators and other stakeholders they have evaluated and acted on information in a timely way.

ISG GovernX® is the industry’s only vendor compliance and risk management platform that integrates contract information, strategic relationship management and real-time risk monitoring and alerts to pro-actively mitigate business risk – as they happen. Users can now add a variety of external data feeds to the platform for an unparalleled view of all potential risks, both within their specific supplier ecosystem and from the broader marketplace. Intelligent workflows identify and categorize each risk, alert the appropriate functions, and trigger automated responses, including targeted risk assessments to the suppliers involved.

Combined with our internal supplier performance monitoring, ISG GovernX clients now have a complete inside-out and outside-in view of each supplier’s operational performance, how it is meeting its contractual obligations, and how risks in the supplier’s business and in the broader marketplace can impact overall service and supply chain integrity.

Share:

About the author

Lois Coatney

Lois Coatney

What she does at ISG

Lois Coatney has been the ideal guiding advocate for her Fortune 500 clients, whom she has consistently helped get the most value out of their service providers and supply bases. That’s because, for more than two decades, Lois was the service provider. Today, as ISG’s President of Americas Sales, she is central to driving the firm’s revenue and growth.

Past achievements for clients

Throughout her career, Lois has consulted clients on their operating models and organizational designs so that they can work most effectively internally. She’s pivoted that experience to her approach to her current role, which goes much further than looking at the numbers and bottom line. She examines what ISG’s strengths are and considers how the firm can put its best foot forward to sell its services. Pairing that with a deep understanding of clients’ needs and of ISG’s function in the market, Lois makes decisions on how the firm can enhance those same offerings. She also views her work as a worthwhile means to strengthen ISG’s client relationships, which she contributes to by mentoring ISG account executives.

Lois’s expertise in contracting, experience in supplier management and willingness to travel across the globe to create something new and modern have enabled her to:

  • Lead and roll out ISG GovernX®, a tool that directly helps clients and their businesses manage third-party risk, solve governance and service integration challenges, and drive optimal performance of their sources.
  • Help a large governmental client migrate their $2.2 Billion annual IT spend to a consumption-based procurement model.
Lois’s current title may include “Americas,” but her prowess in service provider performance and relationship management, IT portfolio design and management and product ownership over the past 30 years has made its way all over the world to support nearly every industry ISG serves.