KPMG survey: Businesses lack consistent approach to managing third-party risks

Businesses have grown reliant on third-party suppliers to deliver business-critical products and services to their customers. That reliance is so strong that third-party failures can result in severe reputational and financial damage. Still, developing and implementing a third-party risk management strategy continues to be challenging for businesses given the myriad of stakeholders involved -- from business leaders to procurement to risk oversight functions.

KPMG International recently conducted a survey to assess how businesses are approaching third-party risk management (TPRM) and the key challenges businesses are facing with these programs. The report revealed that while TPRM is a strategic priority for most, it remains a work in progress. In fact, 74% of respondents admit that they urgently need to make TPRM more consistent across the enterprise, and about half (52%) believe their TPRM program is over-engineered. 

Key U.S. findings from the Third Party Risk Management Outlook report include:

—   Data governance and privacy (42%) – along with cyber risk (41%) – was noted as the most important driver of third-party risk

—   Respondents cited concerns over a regulatory breach (38%) and skills shortage (35%) as the top two challenges to transforming TPRM activity

—   Nearly half of respondents say they haven’t carried out a thorough review of TPRM activities in the last two years

—   The majority of respondents (70%) indicated that funding is available or growing to evolve and strengthen their organization’s TPRM program

—   Technology (66%) is the most favored investment that respondents make when new funding is available

COVID-19 has accelerated the need to transform TPRM programs

Even before-COVID-19, many firms were struggling with TPRM programs. The pandemic has intensified these challenges. From major supply chain disruptions to office closures and new COVID-19-related cyber-attacks, now more than ever businesses need to reassess the risk profile of their third parties and re-evaluate their own resilience. And many companies are starting to take steps toward transformation.

For example, a prominent U.S.-based Fintech company – which originally engaged KPMG three years ago to design its TPRM program – reached back out for help to enhance it in light of COVID-19. While the program KPMG helped put in place was the first line of defense when the company was forced to run its business remotely, its chief procurement officer wanted to further optimize the service delivery model based on risk. The company also wanted to monitor early warning signs for supply chain disruption – which has been a top concern and issue for companies across industries during COVID-19. To support this, KPMG developed continuous monitoring reporting for financial viability, concentration, and fourth-party risks.

“Achieving third-party risk management transformation will require programs to overcome the roadblocks that have plagued these programs throughout their initial build and subsequent iterations, such as inadequate executive support, insufficient accountability, and resistance from third parties to cooperate with the TPRM process,” said Greg Matthews, Partner, KPMG in the U.S.

KPMG’s framework for an effective TPRM operating model is based around four pillars: governance, process, infrastructure, and data. To holistically transform a TPRM program across these four pillars, businesses need to drive a constant cycle of program uplift, process optimization and innovation – agree on the vision, build the model, optimize and evolve.

For more information or to speak with Greg Matthews, please contact Michele Brancati, a member of KPMG's Corporate Communications team.

About the survey

In early 2020, KPMG International conducted an online survey of 1,100 senior TPRM executives (101 respondents in the U.S.), all of whom worked for major businesses, across 14 countries and territories, and six industries worldwide. 

Download the report

Third Party Risk Management outlook 2020
Organizations are increasingly reliant on third-party suppliers to deliver business-critical products and services to their clients and customers.

About KPMG

KPMG is one of the world’s leading professional services firms, providing innovative business solutions and audit, tax, and advisory services to many of the world’s largest and most prestigious organizations.

KPMG is widely recognized for being a great place to work and build a career. Our people share a sense of purpose in the work we do, and a strong commitment to community service, inclusion and diversity, and eradicating childhood illiteracy.

KPMG LLP is the independent U.S. member firm of KPMG International Cooperative (“KPMG International”). KPMG International’s independent member firms have 219,000 professionals working in 147 countries and territories. Learn more at



Greg Matthews

Greg Matthews

Partner, FS Regulatory & Compliance Risk , KPMG U.S.

+1 212-954-7784

Related content