By Adam Turteltaub
In a surprising web conference, Brian Lee, Managing Vice President at Gartner, shares some eye-raising insight into what’s going on when it comes to third-party risk management. Recent research there reveals what he reports to be a disproportionate emphasis on initial due diligence versus ongoing auditing and monitoring. Their research found that organizations typically spend three-fourths of their time on the initial due diligence, and just one quarter on ongoing monitoring.
That’s out of balance for several reasons, he argues. For one, it’s one of the factors that has led to an increase in initial due diligence times to 90 days, up 20 days from four years ago. In addition, they discovered that 83% of compliance executives found third party risks after the initial due diligence, 31% of those risks had a material impact, and 92% of executives reported that those risks would not have been found during the initial review phase.
By contrast, their research found that ongoing monitoring made companies 1.5 times more likely to surface risk, twice as likely to be able to remediate it and four times more likely to satisfy their business partners with their speed.
Listen in to learn more about optimizing the balance between initial and ongoing auditing and monitoring.